On Wed, Dec 11, 2013 at 8:14 AM, Sergey Mironov <[email protected]> wrote: > It is possible to workaround it by changing CURLOPT_SSL_VERIFYPEER to > 0. This probably means that I don't have some important certificates > installed (I'm not an SSL expert, so I may be wrong). Can anybody > advise me what to check first?
The verify peer check is from a reccomendation in the Persona 'Security Considerations' document: <https://developer.mozilla.org/en/Persona/Security_Considerations> "You must ensure that your HTTPS request verifies the certificate sent from the server against a trusted root certificate. If you don't, then an attacker could pose as verifier.login.persona.org and issue false verifications." If you are on Linux you can update the certificate store that cURL uses by following this: <http://www.mylinuxguide.com/ssl-root-certificate-update-in-linux-for-curl/> Chris. -- http://www.bluishcoder.co.nz _______________________________________________ Ur mailing list [email protected] http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
