curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Getting pubkey fingerprint in libcurl

From: Morten Minde Neergaard via curl-library <curl-library_at_cool.haxx.se>
Date: Fri, 26 Feb 2021 22:10:18 +0100

Hi,

I'm making an app that's using public key pinning, and it would be very
helpful to have programmatic access to the pubkey fingerprint. The app
currently has a huge and horrible mountain of platform- and
backend-specific code that extracts the public key fingerprint from the
TLS backend before calculating the exact same fingerprint as curl does
in Curl_pin_peer_pubkey.

It would be a lot more elegant if there were an option to get the pubkey
fingerprint directly, using the same pattern as CURLOPT_CERTINFO /
CURLINFO_CERTINFO. Suggesting this addition to the curl APIs:

 CURLOPT(CURLOPT_PUBKEY_FINGERPRINT, CURLOPTTYPE_LONG, 309),

 CURLINFO_PUBKEY_FINGERPRINT = CURLINFO_STRING + 60,

After refactoring all the TLS backends to extract the code that
calculates the pubkey fingerprint, this implementation should be fairly
trivial.

Comments? Patches accepted?


Smiles,
-- 
Morten Minde Neergaard
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2021-02-26