cURL / Mailing Lists / curl-library / Single Mail


RE: [PATCH] gtls: implement CURLOPT_CERTINFO

From: Patrick Monnerat <>
Date: Mon, 16 Mar 2015 10:14:34 +0100

Alessandro Ghedini wrote:

> The patch uses Curl_extract_certinfo() like the NSS and GSKit backends
do, so I was wondring if there was any reason why the OpenSSL backend
does not.

Originally, only the openSSL backend implemented it using openSSL
specific procedures.
I wrote the X509/ASN1 code to support the certinfo feature (at least
partially) in the GSKit backend.
Then I modified the NSS backend to use it, as an example for other
backends :-)

x509asn1.c does not check for data validity: this is supposed to be done
before calling it by the "real" backend.
Currently, it does not implement attribute listing, so openSSL
implementation is more complete.


List admin:
Received on 2015-03-16