moparisthebest/curl - curl - code.moparisthebest.com

Commit Graph

Author	SHA1	Message	Date
Dan Fandrich	f9251a5c86	tests/certs: rebuild certificates with modified key usage bits The certificates were missing the digitalSignature and keyAgreement usage types, of which at least digitalSignature was checked by CyaSSL. This caused the test server in test 310 (among others) to fail the startup verification and therefore run (see http://curl.haxx.se/mail/lib-2014-07/0303.html).	2015-03-21 16:33:58 +01:00
Travis Burtrum	93e450793c	SSL: implement public key pinning Option --pinnedpubkey takes a path to a public key in DER format and only connect if it matches (currently only implemented with OpenSSL). Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt(). Extract a public RSA key from a website like so: openssl s_client -connect google.com:443 2>&1 < /dev/null \| \ sed -n '/-----BEGIN/,/-----END/p' \| openssl x509 -noout -pubkey \ \| openssl rsa -pubin -outform DER > google.com.der	2014-10-07 14:44:19 +02:00

Author

SHA1

Message

Date

Dan Fandrich

f9251a5c86

tests/certs: rebuild certificates with modified key usage bits

The certificates were missing the digitalSignature and keyAgreement
usage types, of which at least digitalSignature was checked by CyaSSL.
This caused the test server in test 310 (among others) to fail the
startup verification and therefore run (see
http://curl.haxx.se/mail/lib-2014-07/0303.html).

2015-03-21 16:33:58 +01:00

Travis Burtrum

93e450793c

SSL: implement public key pinning

Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).

Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().

Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der

2014-10-07 14:44:19 +02:00

2 Commits