mirror of
https://github.com/moparisthebest/curl
synced 2024-12-22 08:08:50 -05:00
gtls: implement CURLOPT_CERTINFO
This commit is contained in:
parent
8854f8d45a
commit
a332922a52
@ -5,7 +5,7 @@
|
||||
.\" * | (__| |_| | _ <| |___
|
||||
.\" * \___|\___/|_| \_\_____|
|
||||
.\" *
|
||||
.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
.\" *
|
||||
.\" * This software is licensed as described in the file COPYING, which
|
||||
.\" * you should have received as part of this distribution. The terms
|
||||
@ -29,11 +29,10 @@ CURLOPT_CERTINFO \- request SSL certificate information
|
||||
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CERTINFO, long certinfo);
|
||||
.SH DESCRIPTION
|
||||
Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With
|
||||
this enabled, libcurl (if built with OpenSSL, NSS or GSKit) will
|
||||
extract lots of information and data about the certificates in the certificate
|
||||
chain used in the SSL connection. This data may then be retrieved after a
|
||||
transfer using \fIcurl_easy_getinfo(3)\fP and its option
|
||||
\fICURLINFO_CERTINFO\fP.
|
||||
this enabled, libcurl will extract lots of information and data about the
|
||||
certificates in the certificate chain used in the SSL connection. This data may
|
||||
then be retrieved after a transfer using \fIcurl_easy_getinfo(3)\fP and its
|
||||
option \fICURLINFO_CERTINFO\fP.
|
||||
.SH DEFAULT
|
||||
0
|
||||
.SH PROTOCOLS
|
||||
@ -41,7 +40,7 @@ All TLS-based
|
||||
.SH EXAMPLE
|
||||
TODO
|
||||
.SH AVAILABILITY
|
||||
Added in 7.19.1
|
||||
This option is supported by the OpenSSL, GnuTLS, NSS and GSKit backends.
|
||||
.SH RETURN VALUE
|
||||
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
|
||||
.SH "SEE ALSO"
|
||||
|
@ -53,6 +53,7 @@
|
||||
#include "select.h"
|
||||
#include "rawstr.h"
|
||||
#include "warnless.h"
|
||||
#include "x509asn1.h"
|
||||
#include "curl_printf.h"
|
||||
#include "curl_memory.h"
|
||||
/* The last #include file should be: */
|
||||
@ -837,6 +838,23 @@ gtls_connect_step3(struct connectdata *conn,
|
||||
infof(data, "\t common name: WARNING couldn't obtain\n");
|
||||
}
|
||||
|
||||
if(data->set.ssl.certinfo) {
|
||||
unsigned int i;
|
||||
|
||||
result = Curl_ssl_init_certinfo(data, cert_list_size);
|
||||
if(result)
|
||||
return result;
|
||||
|
||||
for(i = 0; i < cert_list_size; i++) {
|
||||
const char *beg = (const char *) chainp[i].data;
|
||||
const char *end = beg + chainp[i].size;
|
||||
|
||||
result = Curl_extract_certinfo(conn, i, beg, end);
|
||||
if(result)
|
||||
return result;
|
||||
}
|
||||
}
|
||||
|
||||
if(data->set.ssl.verifypeer) {
|
||||
/* This function will try to verify the peer's certificate and return its
|
||||
status (trusted, invalid etc.). The value of status should be one or
|
||||
|
@ -57,6 +57,9 @@ bool Curl_gtls_cert_status_request(void);
|
||||
/* this backend supports the CAPATH option */
|
||||
#define have_curlssl_ca_path 1
|
||||
|
||||
/* this backend supports CURLOPT_CERTINFO */
|
||||
#define have_curlssl_certinfo 1
|
||||
|
||||
/* API setup for GnuTLS */
|
||||
#define curlssl_init Curl_gtls_init
|
||||
#define curlssl_cleanup Curl_gtls_cleanup
|
||||
|
@ -22,7 +22,7 @@
|
||||
|
||||
#include "curl_setup.h"
|
||||
|
||||
#if defined(USE_GSKIT) || defined(USE_NSS)
|
||||
#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS)
|
||||
|
||||
#include <curl/curl.h>
|
||||
#include "urldata.h"
|
||||
@ -209,7 +209,6 @@ static const char * octet2str(const char * beg, const char * end)
|
||||
}
|
||||
|
||||
static const char * bit2str(const char * beg, const char * end)
|
||||
|
||||
{
|
||||
/* Convert an ASN.1 bit string to a printable string.
|
||||
Return the dynamically allocated string, or NULL if an error occurs. */
|
||||
@ -1024,7 +1023,7 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn,
|
||||
return CURLE_OK;
|
||||
}
|
||||
|
||||
#endif /* USE_GSKIT or USE_NSS */
|
||||
#endif /* USE_GSKIT or USE_NSS or USE_GNUTLS */
|
||||
|
||||
#if defined(USE_GSKIT)
|
||||
|
||||
|
@ -8,7 +8,7 @@
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
* Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
* Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
@ -25,7 +25,7 @@
|
||||
|
||||
#include "curl_setup.h"
|
||||
|
||||
#if defined(USE_GSKIT) || defined(USE_NSS)
|
||||
#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS)
|
||||
|
||||
#include "urldata.h"
|
||||
|
||||
@ -127,5 +127,5 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, int certnum,
|
||||
CURLcode Curl_verifyhost(struct connectdata * conn,
|
||||
const char * beg, const char * end);
|
||||
|
||||
#endif /* USE_GSKIT or USE_NSS */
|
||||
#endif /* USE_GSKIT or USE_NSS or USE_GNUTLS */
|
||||
#endif /* HEADER_CURL_X509ASN1_H */
|
||||
|
Loading…
Reference in New Issue
Block a user