cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Patch: Support CURLINFO_CERTINFO with GnuTLS

From: Christian Grothoff <grothoff_at_in.tum.de>
Date: Fri, 20 Sep 2013 16:33:59 +0200

Here is another patch which adds the CURLINFO_GNUTLS_SESSION option to
curl_easy_getinfo. It exposes the GnuTLS session to clients, which is
useful if clients need to inspect certificate chains or other properties
of the TLS connection. Naturally, the option only works if cURL was
compiled with GnuTLS support (hence the GNUTLS in the name). This
patch should be completely independent from my previous patch to
support CURLINFO_CERTINFO with GnuTLS, and I think it is generally
more useful as it allows applications to access certificates via the
nice GnuTLS X509 APIs instead of having to parse the strings.

This time I did also update the man page to document the new option;
I used 7.33.0 as the version number for the introduction in hope that
this makes it in time for the merge window (we need this for the
GNU Name System).

Happy hacking!

Christian

On 09/18/2013 10:14 PM, Christian Grothoff wrote:
> Here's a little patch to get CURLINFO_CERTINFO to do something
> meaningful if libcurl was compiled to use GnuTLS instead of OpenSSL.
>
> As described in the log, I'd prefer to get PEM as the returned text to
> the client, but the OpenSSL API doesn't allow that either. Would you
> be happy with a patch to add an option CURLINFO_CERTINFO_PEM that would
> return the server certificate in PEM format for machine-processing?
>
> Happy hacking!
>
> Christian

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

  • text/x-patch attachment: stored
Received on 2013-09-20