aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlessandro Ghedini <alessandro@ghedini.me>2015-03-20 19:03:53 +0100
committerPatrick Monnerat <pm@datasphere.ch>2015-03-20 19:03:53 +0100
commita332922a526f91876fc8ffa73a45322800bf0e73 (patch)
tree33badf13abc58ef5cda72707d251823b1cce430a
parent8854f8d45a5cef688377c29e49e8d8b2bd668ee4 (diff)
gtls: implement CURLOPT_CERTINFO
-rw-r--r--docs/libcurl/opts/CURLOPT_CERTINFO.313
-rw-r--r--lib/vtls/gtls.c18
-rw-r--r--lib/vtls/gtls.h3
-rw-r--r--lib/x509asn1.c5
-rw-r--r--lib/x509asn1.h6
5 files changed, 32 insertions, 13 deletions
diff --git a/docs/libcurl/opts/CURLOPT_CERTINFO.3 b/docs/libcurl/opts/CURLOPT_CERTINFO.3
index 8c01711dd..a508b867b 100644
--- a/docs/libcurl/opts/CURLOPT_CERTINFO.3
+++ b/docs/libcurl/opts/CURLOPT_CERTINFO.3
@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -29,11 +29,10 @@ CURLOPT_CERTINFO \- request SSL certificate information
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CERTINFO, long certinfo);
.SH DESCRIPTION
Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With
-this enabled, libcurl (if built with OpenSSL, NSS or GSKit) will
-extract lots of information and data about the certificates in the certificate
-chain used in the SSL connection. This data may then be retrieved after a
-transfer using \fIcurl_easy_getinfo(3)\fP and its option
-\fICURLINFO_CERTINFO\fP.
+this enabled, libcurl will extract lots of information and data about the
+certificates in the certificate chain used in the SSL connection. This data may
+then be retrieved after a transfer using \fIcurl_easy_getinfo(3)\fP and its
+option \fICURLINFO_CERTINFO\fP.
.SH DEFAULT
0
.SH PROTOCOLS
@@ -41,7 +40,7 @@ All TLS-based
.SH EXAMPLE
TODO
.SH AVAILABILITY
-Added in 7.19.1
+This option is supported by the OpenSSL, GnuTLS, NSS and GSKit backends.
.SH RETURN VALUE
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
.SH "SEE ALSO"
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index fbf4586e8..53412a1a2 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -53,6 +53,7 @@
#include "select.h"
#include "rawstr.h"
#include "warnless.h"
+#include "x509asn1.h"
#include "curl_printf.h"
#include "curl_memory.h"
/* The last #include file should be: */
@@ -837,6 +838,23 @@ gtls_connect_step3(struct connectdata *conn,
infof(data, "\t common name: WARNING couldn't obtain\n");
}
+ if(data->set.ssl.certinfo) {
+ unsigned int i;
+
+ result = Curl_ssl_init_certinfo(data, cert_list_size);
+ if(result)
+ return result;
+
+ for(i = 0; i < cert_list_size; i++) {
+ const char *beg = (const char *) chainp[i].data;
+ const char *end = beg + chainp[i].size;
+
+ result = Curl_extract_certinfo(conn, i, beg, end);
+ if(result)
+ return result;
+ }
+ }
+
if(data->set.ssl.verifypeer) {
/* This function will try to verify the peer's certificate and return its
status (trusted, invalid etc.). The value of status should be one or
diff --git a/lib/vtls/gtls.h b/lib/vtls/gtls.h
index af1cb5b10..dcae44225 100644
--- a/lib/vtls/gtls.h
+++ b/lib/vtls/gtls.h
@@ -57,6 +57,9 @@ bool Curl_gtls_cert_status_request(void);
/* this backend supports the CAPATH option */
#define have_curlssl_ca_path 1
+/* this backend supports CURLOPT_CERTINFO */
+#define have_curlssl_certinfo 1
+
/* API setup for GnuTLS */
#define curlssl_init Curl_gtls_init
#define curlssl_cleanup Curl_gtls_cleanup
diff --git a/lib/x509asn1.c b/lib/x509asn1.c
index 4d50f0e0c..8b32d6bf7 100644
--- a/lib/x509asn1.c
+++ b/lib/x509asn1.c
@@ -22,7 +22,7 @@
#include "curl_setup.h"
-#if defined(USE_GSKIT) || defined(USE_NSS)
+#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS)
#include <curl/curl.h>
#include "urldata.h"
@@ -209,7 +209,6 @@ static const char * octet2str(const char * beg, const char * end)
}
static const char * bit2str(const char * beg, const char * end)
-
{
/* Convert an ASN.1 bit string to a printable string.
Return the dynamically allocated string, or NULL if an error occurs. */
@@ -1024,7 +1023,7 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn,
return CURLE_OK;
}
-#endif /* USE_GSKIT or USE_NSS */
+#endif /* USE_GSKIT or USE_NSS or USE_GNUTLS */
#if defined(USE_GSKIT)
diff --git a/lib/x509asn1.h b/lib/x509asn1.h
index 075c424f3..caa5f6f33 100644
--- a/lib/x509asn1.h
+++ b/lib/x509asn1.h
@@ -8,7 +8,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -25,7 +25,7 @@
#include "curl_setup.h"
-#if defined(USE_GSKIT) || defined(USE_NSS)
+#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS)
#include "urldata.h"
@@ -127,5 +127,5 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, int certnum,
CURLcode Curl_verifyhost(struct connectdata * conn,
const char * beg, const char * end);
-#endif /* USE_GSKIT or USE_NSS */
+#endif /* USE_GSKIT or USE_NSS or USE_GNUTLS */
#endif /* HEADER_CURL_X509ASN1_H */