> From: Ray Satiro > On 12/23/2025 6:53 PM, dogma via curl-library wrote: > > Does CURLINFO_CERTINFO always provide the chain of certificates if it > > happens to be exposed by the backend, or is it more haphazard than that? > > > > If a transfer fails, I print the chain if it?s provided, but for example > > I just had one that failed because the certificate has expired. No > > chain. This is with OpenSSL. > > > I think historically it wasn't provided unless the transfer was > successful, the backend supported it and CURLOPT_CERTINFO [1] was > enabled for the transfer. However I just tested curl master branch [2] > with OpenSSL and retrieving CERTINFO worked for a failed transfer. I > tested against a URL (https://cdn.gigya.com) that serves a certificate > with no matching hostname ("no alternative certificate subject name > matches") so the transfer fails. I tested against some other URLs with > different types of cert problems as well as expired certificates and I > still got certinfo.
Yes, I do get certinfo for that "no alternative certificate subject name matches" site as well. -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
