cURL / Mailing Lists / curl-library / Single Mail



From: Ray Satiro via curl-library <>
Date: Wed, 24 Feb 2016 15:26:32 -0500

On 9/29/2015 12:13 PM, Michael K├Ânig wrote:
> Hi everyone,
> I got into a situation where i want to check what protocol version and cipher
> was used for an SSL connection. (HTTPS)
> I found CURLINFO_TLS_SESSION and it looked like it might give me access to the
> information i need, but it does not. When using the OpenSSL backend
> CURLINFO_TLS_SESSION returns the SSL_CTX. While the CTX contains information
> that affected the creation of the SSL session. It does not contain any
> information about the established connection. It contains the list of
> acceptable ciphers, but not the information what cipher or protocol version was
> actually used.
> To probe that information from OpenSSL you need a pointer to the SSL object,
> which holds the SSL_CTX and not the other way around.
> Was there a reason for not returning the SSL object, or was it an oversight?
> Changing the behaviour now feels like a really bad idea, due to the code
> breaking potential. Is there any alternative? I did not check the other
> backends as to how consistent the nature of the returned value is. I am only
> somewhat familiar with CURLSSLBACKEND_SCHANNEL and could check that.

I've added CURLINFO_TLS_SSL_PTR [1][2] which should do what you want.
The option name is subject to change. Barring anything unforeseen it
will be in the next version of curl, 7.48.0.


List admin:
Received on 2016-02-24