curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder Daniel himself.

Re: Get SSL handle after connection has been established

From: Patrick Schlangen via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 4 Nov 2024 19:50:58 +0000

Am 04.11.2024 um 20:42 schrieb Dmitry Karpov via curl-library <curl-library_at_lists.haxx.se>:
>
> Getting SSL* is a little bit tricky and hacky, so you need to be careful as libcurl doesn't provide a direct way to get OpenSSL handle
> and discourages from using it directly, especially for SSL_read/SSL_write as it may break how libcurl protocol filters work.
>
> But if you really need to go that path and planning to use SSL* only for extracting some certificate info,
> then here are the steps which you can try:

Thanks a lot for the suggestion!

> 3. In the SSL verify peer callback, you can get the SSL handle like:
>
> static int sslVerifyCallback(int valid_sig, X509_STORE_CTX* ctx) {
> auto ssl = (SSL*)(X509_STORE_CTX_get_ex_data(ctx,
> SSL_get_ex_data_X509_STORE_CTX_idx()));
> ...
> // Extract additional certificate info using OpenSSL API.
> ...
> }

Wouldn't this defeat the built-in peer verification?

Thanks,

Patrick


-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2024-11-04