yhirose / cpp-httplib

When setting the client authentication mode to SSL_VERIFY_NONE, the host verification is not ignored.
Provides a way to ignore host verify.

Use enable_server_certificate_verification(false) method on SSLClient

Use enable_server_certificate_verification(false) method on SSLClient

Java spring boot and python http client generally support two options, enabling ssl authentication and whether to ignore host_name authentication, which is more flexible.
cpp-httplib now has SSL authentication enabled and must verify the hostname, which is too inflexible.

@yhirose @PixlRainbow

Ah, so you want to still run SSL_get_verify_result

cpp-httplib/httplib.h

Lines 8759 to 8760 in 548dfff

    
           if (server_certificate_verification_) { 
        
             verify_result_ = SSL_get_verify_result(ssl2);

But have an option to skip just verify_host

cpp-httplib/httplib.h

Lines 8774 to 8778 in 548dfff

    
           if (!verify_host(server_cert)) { 
        
             X509_free(server_cert); 
        
             error = Error::SSLServerVerification; 
        
             return false; 
        
           }

The curl equivalent being CURLOPT_SSL_VERIFYHOST = 0

Ah, so you want to still run SSL_get_verify_result

cpp-httplib/httplib.h

Lines 8759 to 8760 in 548dfff

if (server_certificate_verification_) {

verify_result_ = SSL_get_verify_result(ssl2);

But have an option to skip just verify_host

cpp-httplib/httplib.h

Lines 8774 to 8778 in 548dfff

if (!verify_host(server_cert)) {

X509_free(server_cert);

error = Error::SSLServerVerification;

return false;

}

The curl equivalent being CURLOPT_SSL_VERIFYHOST = 0

Yes, httplib does not provide this capability now

Thanks for the clear explanation.

	if (server_certificate_verification_) {
	verify_result_ = SSL_get_verify_result(ssl2);

	if (!verify_host(server_cert)) {
	X509_free(server_cert);
	error = Error::SSLServerVerification;
	return false;
	}