diff options
author | Daniel Stenberg <daniel@haxx.se> | 2008-09-05 14:29:21 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2008-09-05 14:29:21 +0000 |
commit | 4c9768565ec3a9baf26ac8a547bca6e42cc64fa5 (patch) | |
tree | 9713affdba06e0ff43abe1f1bdb01bdc3b4cf5a7 /docs | |
parent | 873e734c3971fd620c09bdc31c2e7e4cfc4a0a67 (diff) |
- Introducing CURLOPT_CERTINFO and the corresponding CURLINFO_CERTINFO. By
enabling this feature with CURLOPT_CERTINFO for a request using SSL (HTTPS
or FTPS), libcurl will gather lots of server certificate info and that info
can then get extracted by a client after the request has completed with
curl_easy_getinfo()'s CURLINFO_CERTINFO option. Linus Nielsen Feltzing
helped me test and smoothen out this feature.
Unfortunately, this feature currently only works with libcurl built to use
OpenSSL.
This feature was sponsored by networking4all.com - thanks!
Diffstat (limited to 'docs')
-rw-r--r-- | docs/examples/Makefile.inc | 3 | ||||
-rw-r--r-- | docs/examples/certinfo.c | 62 | ||||
-rw-r--r-- | docs/libcurl/curl_easy_setopt.3 | 7 |
3 files changed, 70 insertions, 2 deletions
diff --git a/docs/examples/Makefile.inc b/docs/examples/Makefile.inc index 68b66c3e3..c3ee0228b 100644 --- a/docs/examples/Makefile.inc +++ b/docs/examples/Makefile.inc @@ -5,7 +5,7 @@ check_PROGRAMS = 10-at-a-time anyauthput cookie_interface \ https multi-app multi-debugcallback multi-double \ multi-post multi-single persistant post-callback \ postit2 sepheaders simple simplepost simplessl \ - sendrecv httpcustomheader + sendrecv httpcustomheader certinfo # These examples require external dependencies that may not be commonly # available on POSIX systems, so don't bother attempting to compile them here. @@ -14,4 +14,3 @@ COMPLICATED_EXAMPLES = \ ghiper.c hiperfifo.c htmltidy.c multithread.c \ opensslthreadlock.c sampleconv.c synctime.c threaded-ssl.c - diff --git a/docs/examples/certinfo.c b/docs/examples/certinfo.c new file mode 100644 index 000000000..b0e9759f4 --- /dev/null +++ b/docs/examples/certinfo.c @@ -0,0 +1,62 @@ +/***************************************************************************** + */ + +#include <stdio.h> + +#include <curl/curl.h> +#include <curl/types.h> +#include <curl/easy.h> + +static size_t wrfu(void *ptr, size_t size, size_t nmemb, void *stream) +{ + return size * nmemb; +} +int main(int argc, char **argv) +{ + CURL *curl; + CURLcode res; + + curl_global_init(CURL_GLOBAL_DEFAULT); + + curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://www.networking4all.com/"); + + curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, wrfu); + + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); + + curl_easy_setopt(curl, CURLOPT_VERBOSE, 0L); + curl_easy_setopt(curl, CURLOPT_CERTINFO, 1L); + + res = curl_easy_perform(curl); + + if(!res) { + struct curl_certinfo *ci = NULL; + + res = curl_easy_getinfo(curl, CURLINFO_CERTINFO, &ci); + + if(!res && ci) { + int i; + printf("%d certs!\n", ci->num_of_certs); + + for(i=0; i<ci->num_of_certs; i++) { + struct curl_slist *slist; + + for(slist = ci->certinfo[i]; slist; slist = slist->next) + printf("%s\n", slist->data); + + } + } + + } + + + curl_easy_cleanup(curl); + } + + curl_global_cleanup(); + + return 0; +} diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3 index 6059e38bf..e07776ccf 100644 --- a/docs/libcurl/curl_easy_setopt.3 +++ b/docs/libcurl/curl_easy_setopt.3 @@ -1496,6 +1496,13 @@ A specific error code (CURLE_SSL_CRL_BADFILE) is defined with the option. It is returned when the SSL exchange fails because the CRL file cannot be loaded. Note that a failure in certificate verification due to a revocation information found in the CRL does not trigger this specific error. (Added in 7.19.0) +.IP CURLOPT_CERTINFO +Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With +this enabled, libcurl (if built with OpenSSL) will extract lots of information +and data about the certificate's in the certificate chain used in the SSL +connection. This data is then possible to extract after a transfer using +\fIcurl_easy_getinfo(3)\fP and its option \fICURLINFO_CERTINFO\fP. (Added in +7.19.0) .IP CURLOPT_RANDOM_FILE Pass a char * to a zero terminated file name. The file will be used to read from to seed the random engine for SSL. The more random the specified file is, |