Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Tiny display differences between CURLOPT_CERTINFO and curl verbose
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Jicea via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 5 Jun 2024 09:23:22 +0000
HI,
I'm trying to get SSL certificate infos from libcurl using CURLINFO_CERTINFO.
I'm using a simple sample with libcurl 8.7.1 on macOS (installed via homebrew):
#include <curl/curl.h>
int main(void)
{
CURL *curl = curl_easy_init();
if(curl) {
CURLcode res;
curl_easy_setopt(curl, CURLOPT_URL, "https://google.com");
/* connect to any HTTPS site, trusted or not */
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
curl_easy_setopt(curl, CURLOPT_CERTINFO, 1L);
res = curl_easy_perform(curl);
if(!res) {
int i;
struct curl_certinfo *ci;
res = curl_easy_getinfo(curl, CURLINFO_CERTINFO, &ci);
if(!res) {
printf("%d certs!\n", ci->num_of_certs);
for(i = 0; i < ci->num_of_certs; i++) {
struct curl_slist *slist;
for(slist = ci->certinfo[i]; slist; slist = slist->next)
printf("%s\n", slist->data);
}
}
}
curl_easy_cleanup(curl);
}
}
Running this sample on macOS and checking the first certificate, I can see, among other information:
Subject:CN = *.google.com
Issuer:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
Version:2
Serial Number:821c19278ee1250f10b0b8e655d685e6
Signature Algorithm:sha256WithRSAEncryption
....
With curl 8.7.1 (homebrew), running this: `curl --verbose https://google.com`
* Server certificate:
* subject: CN=*.google.com
* start date: May 13 06:34:53 2024 GMT
* expire date: Aug 5 06:34:52 2024 GMT
* subjectAltName: host "google.com" matched cert's "google.com"
* issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3
What I would like to understand is a very small detail (sorry for this !):
With libcurl:
Issuer:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3" => The issuer "format" seems to be a list of pair, each pair being "foo = bar" separated by a comma + space
With curl --verbose:
issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3 => the issuer "format" seems to be a list of pair, each pair being "foo=bar" (no space around =), separated by a semi-colon+ space
Would it be possible to give me some indications to understand these differences ?
Thanks!
Jean-Christophe
Orange Restricted
____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
Date: Wed, 5 Jun 2024 09:23:22 +0000
HI,
I'm trying to get SSL certificate infos from libcurl using CURLINFO_CERTINFO.
I'm using a simple sample with libcurl 8.7.1 on macOS (installed via homebrew):
#include <curl/curl.h>
int main(void)
{
CURL *curl = curl_easy_init();
if(curl) {
CURLcode res;
curl_easy_setopt(curl, CURLOPT_URL, "https://google.com");
/* connect to any HTTPS site, trusted or not */
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
curl_easy_setopt(curl, CURLOPT_CERTINFO, 1L);
res = curl_easy_perform(curl);
if(!res) {
int i;
struct curl_certinfo *ci;
res = curl_easy_getinfo(curl, CURLINFO_CERTINFO, &ci);
if(!res) {
printf("%d certs!\n", ci->num_of_certs);
for(i = 0; i < ci->num_of_certs; i++) {
struct curl_slist *slist;
for(slist = ci->certinfo[i]; slist; slist = slist->next)
printf("%s\n", slist->data);
}
}
}
curl_easy_cleanup(curl);
}
}
Running this sample on macOS and checking the first certificate, I can see, among other information:
Subject:CN = *.google.com
Issuer:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
Version:2
Serial Number:821c19278ee1250f10b0b8e655d685e6
Signature Algorithm:sha256WithRSAEncryption
....
With curl 8.7.1 (homebrew), running this: `curl --verbose https://google.com`
* Server certificate:
* subject: CN=*.google.com
* start date: May 13 06:34:53 2024 GMT
* expire date: Aug 5 06:34:52 2024 GMT
* subjectAltName: host "google.com" matched cert's "google.com"
* issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3
What I would like to understand is a very small detail (sorry for this !):
With libcurl:
Issuer:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3" => The issuer "format" seems to be a list of pair, each pair being "foo = bar" separated by a comma + space
With curl --verbose:
issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3 => the issuer "format" seems to be a list of pair, each pair being "foo=bar" (no space around =), separated by a semi-colon+ space
Would it be possible to give me some indications to understand these differences ?
Thanks!
Jean-Christophe
Orange Restricted
____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2024-06-05