ssl peer certificate or ssh remote key was not ok - C

Question

I have the following code to connect to a site:

int main()
{
    CURL *curl;
    CURLcode res;

    curl = curl_easy_init();

    if(curl)
    {
        curl_easy_setopt(curl, CURLOPT_URL, "https://192.168.200.115:8080/appliances");
        curl_easy_setopt(curl, CURLOPT_USERNAME, "myusername");
        curl_easy_setopt(curl, CURLOPT_PASSWORD, "mypassword");
        curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); 

        // Perform the request, res will get the return code
        res = curl_easy_perform(curl);

        // Check for errors
        if(res != CURLE_OK)
        {
            fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res));
        }

        //always cleanup
        curl_easy_cleanup(curl);
    }

    return 0;
}

WHen ran I got the error: peer certificate cannot be authenticated with given ca certificates

After googling I found that I had to add the line:

curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, false);

BUt now I get the error: ssl peer certificate or ssh remote key was not ok

I have tried adding in:

curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2);

But still the same error.

How can I solve this??

EDIT I added verbose logging:

curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);

And now I see the following in the output: ssl certificate subject name 'name or server' does not match target host

Answer 1

The X.509 SSL server certificate sent by the server is invalid. If you really want to disable X.509 certificate verification (please, don't do that), you should set CURLOPT_SSL_VERIFYHOST to 0 (default to 2) in order to ask libcurl not to fail if the name contained in the certificate does not match the host you are trying to connect to. If you do that, you will probably have to let CURLOPT_SSL_VERIFYPEER at 0, meaning no X.509 PKI validation.