Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Getting pubkey fingerprint in libcurl
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Ray Satiro via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 2 Mar 2021 01:02:24 -0500
On 2/26/2021 4:10 PM, Morten Minde Neergaard via curl-library wrote:
> I'm making an app that's using public key pinning, and it would be very
> helpful to have programmatic access to the pubkey fingerprint. The app
> currently has a huge and horrible mountain of platform- and
> backend-specific code that extracts the public key fingerprint from the
> TLS backend before calculating the exact same fingerprint as curl does
> in Curl_pin_peer_pubkey.
>
> It would be a lot more elegant if there were an option to get the pubkey
> fingerprint directly, using the same pattern as CURLOPT_CERTINFO /
> CURLINFO_CERTINFO. Suggesting this addition to the curl APIs:
>
> CURLOPT(CURLOPT_PUBKEY_FINGERPRINT, CURLOPTTYPE_LONG, 309),
>
> CURLINFO_PUBKEY_FINGERPRINT = CURLINFO_STRING + 60,
>
> After refactoring all the TLS backends to extract the code that
> calculates the pubkey fingerprint, this implementation should be fairly
> trivial.
>
> Comments? Patches accepted?
Is this not provided by certinfo already? If not I think it would be
easier to add it there in a separate line, pubkey:asdf
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
Received on 2021-03-02
Date: Tue, 2 Mar 2021 01:02:24 -0500
On 2/26/2021 4:10 PM, Morten Minde Neergaard via curl-library wrote:
> I'm making an app that's using public key pinning, and it would be very
> helpful to have programmatic access to the pubkey fingerprint. The app
> currently has a huge and horrible mountain of platform- and
> backend-specific code that extracts the public key fingerprint from the
> TLS backend before calculating the exact same fingerprint as curl does
> in Curl_pin_peer_pubkey.
>
> It would be a lot more elegant if there were an option to get the pubkey
> fingerprint directly, using the same pattern as CURLOPT_CERTINFO /
> CURLINFO_CERTINFO. Suggesting this addition to the curl APIs:
>
> CURLOPT(CURLOPT_PUBKEY_FINGERPRINT, CURLOPTTYPE_LONG, 309),
>
> CURLINFO_PUBKEY_FINGERPRINT = CURLINFO_STRING + 60,
>
> After refactoring all the TLS backends to extract the code that
> calculates the pubkey fingerprint, this implementation should be fairly
> trivial.
>
> Comments? Patches accepted?
Is this not provided by certinfo already? If not I think it would be
easier to add it there in a separate line, pubkey:asdf
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
Received on 2021-03-02