digitalmars.D.learn - Disabling SSL Verification on std.net.curl
A follow up from : http://forum.dlang.org/thread/nsdomtdbqqlylrmgojim forum.dlang.org I discovered that it was not a C::B issue as I already compiled it with Xamarin Studio and it was still spewing out the error: std.net.curl.CurlException std\net\curl.d(3592): problem with the SSL CA cert (path? access rights?) on handle 22D3D68 And since I am only using the program by myself for personal things, I was thinking of disabling SSL Verification to stop it from complaining about the cert. So how do I do it?
May 15 2014
On Friday, 16 May 2014 at 04:58:47 UTC, Jack wrote:A follow up from : http://forum.dlang.org/thread/nsdomtdbqqlylrmgojim forum.dlang.org I discovered that it was not a C::B issue as I already compiled it with Xamarin Studio and it was still spewing out the error: std.net.curl.CurlException std\net\curl.d(3592): problem with the SSL CA cert (path? access rights?) on handle 22D3D68 And since I am only using the program by myself for personal things, I was thinking of disabling SSL Verification to stop it from complaining about the cert. So how do I do it?hi Jack curl has an option called SSL_VERIFYPEER which is supported by etc.c.curl: CurlOption. you can simply do the following: import std.stdio; import etc.c.curl : CurlOption; import std.net.curl; void main() { auto conn = HTTP(); conn.handle.set(CurlOption.ssl_verifypeer, 0); writeln(get("https://dlang.org/", conn)); } if you set the option to 1 you will receive this error: std.net.curl.CurlException std/net/curl.d(3592): Peer certificate cannot be authenticated with given CA certificates on handle 7F908C01DC00
May 16 2014
On Friday, 16 May 2014 at 07:37:33 UTC, Mengu wrote:hi Jack curl has an option called SSL_VERIFYPEER which is supported by etc.c.curl: CurlOption. you can simply do the following: import std.stdio; import etc.c.curl : CurlOption; import std.net.curl; void main() { auto conn = HTTP(); conn.handle.set(CurlOption.ssl_verifypeer, 0); writeln(get("https://dlang.org/", conn)); } if you set the option to 1 you will receive this error: std.net.curl.CurlException std/net/curl.d(3592): Peer certificate cannot be authenticated with given CA certificates on handle 7F908C01DC00Never really knew that the C interface of curl had the option. Thanks for the info ..
May 16 2014
On Friday, 16 May 2014 at 07:37:33 UTC, Mengu wrote:On Friday, 16 May 2014 at 04:58:47 UTC, Jack wrote:While setting SSL_VERIFYPEER = 0 can be useful for quickly confirming whether CA certificates are causing the problem, and you seem to be aware of the implications, it is worth emphasising, particularly for anyone finding this thread through a search, that setting SSL_VERIFYPEER = 0 reduces the security of SSL almost to the same point as not using SSL at all! See Section 10 of "The Most Dangerous Code in the World": http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdfstd.net.curl.CurlException std\net\curl.d(3592): problem with the SSL CA cert (path? access rights?) on handle 22D3D68 And since I am only using the program by myself for personal things, I was thinking of disabling SSL Verification to stop it from complaining about the cert. So how do I do it?hi Jack curl has an option called SSL_VERIFYPEER which is supported by etc.c.curl: CurlOption.
May 16 2014