Hello all,

This patch implements public key pinning (currently only for OpenSSL) in
curl by providing a path to a public key in DER format. The command
line option is --pinnedpubkey and if it isn't provided, curl functions
just like it did before.

For testing, the way I extracted DER formatted public keys from websites
was like so:

openssl s_client -connect google.com:443 2>&1 < /dev/null | sed -n
'/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey | openssl rsa
-pubin -outform DER > google.com.der

I've also pushed this up to my fork on github:
https://github.com/moparisthebest/curl

Please let me know what else I need to do to get this accepted into
curl. As far as I can find, there are currently no command line tools
that support certificate or public key pinning, so it'd be great to have
support in curl first.

Thanks,
moparisthebest

Received on 2014-08-26