cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Patch: Support CURLINFO_CERTINFO with GnuTLS

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Sat, 12 Oct 2013 23:46:35 +0200 (CEST)

On Wed, 18 Sep 2013, Christian Grothoff wrote:

> Here's a little patch to get CURLINFO_CERTINFO to do something meaningful if
> libcurl was compiled to use GnuTLS instead of OpenSSL.

The OpenSSL code only does this stuff if 'data->set.ssl.certinfo' is TRUE,
shouldn't the GnuTLS code only be conditional on the same?

> As described in the log, I'd prefer to get PEM as the returned text to the
> client, but the OpenSSL API doesn't allow that either. Would you be happy
> with a patch to add an option CURLINFO_CERTINFO_PEM that would return the
> server certificate in PEM format for machine-processing?

Possibly yes, but extracting goodies from PEM is a quite a lot of work still
(and it also requires that your application knows and uses the SSL library
directly) and that's kind of the reason why CURLINFO_CERTINFO is as "chatty"
as it is.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2013-10-12

This message: [ Message body ]
Next message: Daniel Stenberg: "CURLINFO_GNUTLS_SESSION (was Re: Patch: Support CURLINFO_CERTINFO with GnuTLS)"
Previous message: Daniel Stenberg: "Re: [PATCH] multi: return CURLM_CALL_MULTI_PERFORM in PERFORM phase"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]