cURL / Mailing Lists / curl-library / Single Mail

curl-library

CURLINFO_TLS_SESSION with OPENSSL returns SSL_CTX instead of SSL

From: Michael König <plasm_at_plasm.de>
Date: Tue, 29 Sep 2015 18:13:51 +0200 (CEST)

Hi everyone,

I got into a situation where i want to check what protocol version and cipher
was used for an SSL connection. (HTTPS)

I found CURLINFO_TLS_SESSION and it looked like it might give me access to the
information i need, but it does not. When using the OpenSSL backend
CURLINFO_TLS_SESSION returns the SSL_CTX. While the CTX contains information
that affected the creation of the SSL session. It does not contain any
information about the established connection. It contains the list of
acceptable ciphers, but not the information what cipher or protocol version was
actually used.

To probe that information from OpenSSL you need a pointer to the SSL object,
which holds the SSL_CTX and not the other way around.

Was there a reason for not returning the SSL object, or was it an oversight?
Changing the behaviour now feels like a really bad idea, due to the code
breaking potential. Is there any alternative? I did not check the other
backends as to how consistent the nature of the returned value is. I am only
somewhat familiar with CURLSSLBACKEND_SCHANNEL and could check that.

Greetings
  Michael
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-09-29