Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Getting pubkey fingerprint in libcurl
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Morten Minde Neergaard via curl-library <curl-library_at_cool.haxx.se>
Date: Fri, 26 Feb 2021 22:10:18 +0100
Hi,
I'm making an app that's using public key pinning, and it would be very
helpful to have programmatic access to the pubkey fingerprint. The app
currently has a huge and horrible mountain of platform- and
backend-specific code that extracts the public key fingerprint from the
TLS backend before calculating the exact same fingerprint as curl does
in Curl_pin_peer_pubkey.
It would be a lot more elegant if there were an option to get the pubkey
fingerprint directly, using the same pattern as CURLOPT_CERTINFO /
CURLINFO_CERTINFO. Suggesting this addition to the curl APIs:
CURLOPT(CURLOPT_PUBKEY_FINGERPRINT, CURLOPTTYPE_LONG, 309),
CURLINFO_PUBKEY_FINGERPRINT = CURLINFO_STRING + 60,
After refactoring all the TLS backends to extract the code that
calculates the pubkey fingerprint, this implementation should be fairly
trivial.
Comments? Patches accepted?
Smiles,
Date: Fri, 26 Feb 2021 22:10:18 +0100
Hi,
I'm making an app that's using public key pinning, and it would be very
helpful to have programmatic access to the pubkey fingerprint. The app
currently has a huge and horrible mountain of platform- and
backend-specific code that extracts the public key fingerprint from the
TLS backend before calculating the exact same fingerprint as curl does
in Curl_pin_peer_pubkey.
It would be a lot more elegant if there were an option to get the pubkey
fingerprint directly, using the same pattern as CURLOPT_CERTINFO /
CURLINFO_CERTINFO. Suggesting this addition to the curl APIs:
CURLOPT(CURLOPT_PUBKEY_FINGERPRINT, CURLOPTTYPE_LONG, 309),
CURLINFO_PUBKEY_FINGERPRINT = CURLINFO_STRING + 60,
After refactoring all the TLS backends to extract the code that
calculates the pubkey fingerprint, this implementation should be fairly
trivial.
Comments? Patches accepted?
Smiles,
-- Morten Minde Neergaard ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2021-02-26