From 549e464a82580fb4cfb6ab928d679e897633ae91 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Fri, 20 Sep 2013 16:27:10 +0200 Subject: [PATCH 2/2] Adding CURLINFO_GNUTLS_SESSION option for direct access to GnuTLS session. This adds support for CURLINFO_GNUTLS_SESSION in curl_easy_getinfo, which is useful for clients that want to inspect certificate chains and other TLS session information. --- docs/libcurl/curl_easy_getinfo.3 | 9 +++++++++ include/curl/curl.h | 6 +++--- lib/getinfo.c | 23 +++++++++++++++++++++++ 3 files changed, 35 insertions(+), 3 deletions(-) diff --git a/docs/libcurl/curl_easy_getinfo.3 b/docs/libcurl/curl_easy_getinfo.3 index 62d8ae4..c5a509c 100644 --- a/docs/libcurl/curl_easy_getinfo.3 +++ b/docs/libcurl/curl_easy_getinfo.3 @@ -221,6 +221,15 @@ provided in a series of data in the format "name:content" where the content is for the specific named data. See also the certinfo.c example. NOTE: this option is only available in libcurl built with OpenSSL support. (Added in 7.19.1) + +.IP CURLINFO_GNUTLS_SESSION +Pass a pointer to a 'gnutls_session' and you'll get it set to point to the +respective GnuTLS session used by this request. This can then be used to +extract certificate information in a format convenient for further +processing, such as manual validation. NOTE: this +option is only available in libcurl built with GnuTLS support. (Added in +7.33.0) + .IP CURLINFO_CONDITION_UNMET Pass a pointer to a long to receive the number 1 if the condition provided in the previous request didn't match (see \fICURLOPT_TIMECONDITION\fP). Alas, if diff --git a/include/curl/curl.h b/include/curl/curl.h index 4e09cf7..a63ee67 100644 --- a/include/curl/curl.h +++ b/include/curl/curl.h @@ -1388,8 +1388,7 @@ typedef enum { CINIT(ADDRESS_SCOPE, LONG, 171), /* Collect certificate chain info and allow it to get retrievable with - CURLINFO_CERTINFO after the transfer is complete. (Unfortunately) only - working with OpenSSL-powered builds. */ + CURLINFO_CERTINFO after the transfer is complete. */ CINIT(CERTINFO, LONG, 172), /* "name" and "pwd" to use when fetching. */ @@ -2031,9 +2030,10 @@ typedef enum { CURLINFO_PRIMARY_PORT = CURLINFO_LONG + 40, CURLINFO_LOCAL_IP = CURLINFO_STRING + 41, CURLINFO_LOCAL_PORT = CURLINFO_LONG + 42, + CURLINFO_GNUTLS_SESSION = CURLINFO_SLIST + 43, /* Fill in new entries below here! */ - CURLINFO_LASTONE = 42 + CURLINFO_LASTONE = 43 } CURLINFO; /* CURLINFO_RESPONSE_CODE is the new name for the option previously known as diff --git a/lib/getinfo.c b/lib/getinfo.c index 3d09dc6..36197c2 100644 --- a/lib/getinfo.c +++ b/lib/getinfo.c @@ -277,7 +277,30 @@ static CURLcode getinfo_slist(struct SessionHandle *data, CURLINFO info, ptr.to_certinfo = &data->info.certs; *param_slistp = ptr.to_slist; break; +#ifdef USE_GNUTLS + case CURLINFO_GNUTLS_SESSION: + { + union { + gnutls_session session; + struct curl_slist * to_slist; + } gptr; + struct connectdata *conn; + unsigned int sockindex; + conn = data->easy_conn; + sockindex = 0; + while((sockindex < sizeof(conn->ssl)/sizeof(conn->ssl[0])) && + (! conn->ssl[sockindex].use)) sockindex++; + if(sockindex == sizeof(conn->ssl)/sizeof(conn->ssl[0])) { + *param_slistp = NULL; + break; + } + gptr.session = conn->ssl[sockindex].session; + *param_slistp = gptr.to_slist; + break; + } + break; +#endif default: return CURLE_BAD_FUNCTION_ARGUMENT; } -- 1.7.10.4