• Jack (10/10) May 15 2014 A follow up from :
• Mengu (18/28) May 16 2014 hi Jack
• Jack (3/20) May 16 2014 Never really knew that the C interface of curl had the option.
• Jon Giddy (9/22) May 16 2014 While setting SSL_VERIFYPEER = 0 can be useful for quickly

"Jack" <Jackoz530 gmail.com> writes:

A follow up from : 
http://forum.dlang.org/thread/nsdomtdbqqlylrmgojim forum.dlang.org

I discovered that it was not a C::B issue as I already compiled 
it with Xamarin Studio and it was still spewing out the error:

std.net.curl.CurlException std\net\curl.d(3592): problem with the 
SSL CA cert (path? access rights?) on handle 22D3D68

And since I am only using the program by myself for personal 
things, I was thinking of disabling SSL Verification to stop it 
from complaining about the cert.

So how do I do it?

"Mengu" <mengukagan gmail.com> writes:

On Friday, 16 May 2014 at 04:58:47 UTC, Jack wrote:
 A follow up from : 
 http://forum.dlang.org/thread/nsdomtdbqqlylrmgojim forum.dlang.org

 I discovered that it was not a C::B issue as I already compiled 
 it with Xamarin Studio and it was still spewing out the error:

 std.net.curl.CurlException std\net\curl.d(3592): problem with 
 the SSL CA cert (path? access rights?) on handle 22D3D68

 And since I am only using the program by myself for personal 
 things, I was thinking of disabling SSL Verification to stop it 
 from complaining about the cert.

 So how do I do it?

hi Jack

curl has an option called SSL_VERIFYPEER which is supported by 
etc.c.curl: CurlOption.

you can simply do the following:

import std.stdio;
import etc.c.curl : CurlOption;
import std.net.curl;

void main()
{
   auto conn = HTTP();
   conn.handle.set(CurlOption.ssl_verifypeer, 0);
   writeln(get("https://dlang.org/", conn));
}


if you set the option to 1 you will receive this error: 
std.net.curl.CurlException std/net/curl.d(3592): Peer certificate 
cannot be authenticated with given CA certificates on handle 
7F908C01DC00

"Jack" <Jackoz530 gmail.com> writes:

On Friday, 16 May 2014 at 07:37:33 UTC, Mengu wrote:
 hi Jack

 curl has an option called SSL_VERIFYPEER which is supported by 
 etc.c.curl: CurlOption.

 you can simply do the following:

 import std.stdio;
 import etc.c.curl : CurlOption;
 import std.net.curl;

 void main()
 {
   auto conn = HTTP();
   conn.handle.set(CurlOption.ssl_verifypeer, 0);
   writeln(get("https://dlang.org/", conn));
 }


 if you set the option to 1 you will receive this error: 
 std.net.curl.CurlException std/net/curl.d(3592): Peer 
 certificate cannot be authenticated with given CA certificates 
 on handle 7F908C01DC00

Never really knew that the C interface of curl had the option. 
Thanks for the info ..

"Jon Giddy" <jongiddy gmail.com> writes:

On Friday, 16 May 2014 at 07:37:33 UTC, Mengu wrote:
 On Friday, 16 May 2014 at 04:58:47 UTC, Jack wrote:
 std.net.curl.CurlException std\net\curl.d(3592): problem with 
 the SSL CA cert (path? access rights?) on handle 22D3D68

 And since I am only using the program by myself for personal 
 things, I was thinking of disabling SSL Verification to stop 
 it from complaining about the cert.

 So how do I do it?

 hi Jack

 curl has an option called SSL_VERIFYPEER which is supported by 
 etc.c.curl: CurlOption.


While setting SSL_VERIFYPEER = 0 can be useful for quickly 
confirming whether CA certificates are causing the problem, and 
you seem to be aware of the implications, it is worth 
emphasising, particularly for anyone finding this thread through 
a search, that setting SSL_VERIFYPEER = 0 reduces the security of 
SSL almost to the same point as not using SSL at all!

See Section 10 of "The Most Dangerous Code in the World": 
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf