cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: CURLINFO_TLS_SESSION with OPENSSL returns SSL_CTX instead of SSL

From: Ray Satiro via curl-library <curl-library_at_cool.haxx.se>
Date: Wed, 24 Feb 2016 15:26:32 -0500

On 9/29/2015 12:13 PM, Michael K├Ânig wrote:
> Hi everyone,
>
> I got into a situation where i want to check what protocol version and cipher
> was used for an SSL connection. (HTTPS)
>
> I found CURLINFO_TLS_SESSION and it looked like it might give me access to the
> information i need, but it does not. When using the OpenSSL backend
> CURLINFO_TLS_SESSION returns the SSL_CTX. While the CTX contains information
> that affected the creation of the SSL session. It does not contain any
> information about the established connection. It contains the list of
> acceptable ciphers, but not the information what cipher or protocol version was
> actually used.
>
> To probe that information from OpenSSL you need a pointer to the SSL object,
> which holds the SSL_CTX and not the other way around.
>
> Was there a reason for not returning the SSL object, or was it an oversight?
> Changing the behaviour now feels like a really bad idea, due to the code
> breaking potential. Is there any alternative? I did not check the other
> backends as to how consistent the nature of the returned value is. I am only
> somewhat familiar with CURLSSLBACKEND_SCHANNEL and could check that.
>

I've added CURLINFO_TLS_SSL_PTR [1][2] which should do what you want.
The option name is subject to change. Barring anything unforeseen it
will be in the next version of curl, 7.48.0.

[1]: https://curl.haxx.se/libcurl/c/CURLINFO_TLS_SSL_PTR.html
[2]: https://github.com/curl/curl/commit/332414a

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-02-24