curl-library
Re: In TLS v1.1 X509_STORE_CTX_get_current_cert always returning NULL
Date: Thu, 24 Sep 2015 19:04:50 +0530
Hi,
Thanks for reply.
It was all just some linking error in my part,
I was building local openssl but didnt linked it with the executable.
On Thu, Sep 24, 2015 at 1:41 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:
> On Thu, 24 Sep 2015, puneet bist wrote:
>
> I was earlier using SSL 0.9.8 with curl 7.39.0. Server used TLSv1.0 for
>> communication. I used " curl_easy_setopt(curl_handle,
>> CURLOPT_SSL_CTX_FUNCTION, ctx_callback);" for self-signed certificates
>> fingerprint matching.
>>
>> In callback function X509_STORE_CTX_get_current_cert always gave the
>> certificate which i used to extract the fingerprint. It was working fine.
>>
>> Now i builded curl 7.39.0 with openssl 1.0.2d and Server used TLSv1.1 for
>> communication. But X509_STORE_CTX_get_current_cert always returning NULL.
>> So i am not able to check the fingerprint .
>>
>
> The callback simply gets the CTX pointer passed to it that libcurl has, so
> this is unfortunately not something libcurl affects. In a *SSL_CTX_FUNCTION
> callback like this you interface directly with OpenSSL and I believe you
> need to dig down into OpenSSL to figure out why it now returns a different
> result now compared to before.
>
> Maybe you can consider switching to CURLOPT_PINNEDPUBLICKEY anyway to
> avoid a custom callback?
>
> --
>
> / daniel.haxx.se
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-09-24