diff options
author | Patrick Monnerat <pm@datasphere.ch> | 2013-10-30 11:12:06 +0100 |
---|---|---|
committer | Patrick Monnerat <pm@datasphere.ch> | 2013-10-30 11:12:06 +0100 |
commit | f6c335d63f2da025a0a3efde1fe59e3bb7189b70 (patch) | |
tree | 76fafce3ea32f251118b686fabf288f604b6ef88 /lib/nss.c | |
parent | 2bd72fa61ca21c2072e09cc6808db0371847bb2c (diff) |
NSS: support for CERTINFO feature
Diffstat (limited to 'lib/nss.c')
-rw-r--r-- | lib/nss.c | 46 |
1 files changed, 42 insertions, 4 deletions
@@ -653,6 +653,10 @@ static void display_conn_info(struct connectdata *conn, PRFileDesc *sock) SSLChannelInfo channel; SSLCipherSuiteInfo suite; CERTCertificate *cert; + CERTCertificate *cert2; + CERTCertificate *cert3; + PRTime now; + int i; if(SSL_GetChannelInfo(sock, &channel, sizeof channel) == SECSuccess && channel.length == sizeof channel && @@ -663,11 +667,45 @@ static void display_conn_info(struct connectdata *conn, PRFileDesc *sock) } } - infof(conn->data, "Server certificate:\n"); - cert = SSL_PeerCertificate(sock); - display_cert_info(conn->data, cert); - CERT_DestroyCertificate(cert); + + if(cert) { + infof(conn->data, "Server certificate:\n"); + + if(!conn->data->set.ssl.certinfo) { + display_cert_info(conn->data, cert); + CERT_DestroyCertificate(cert); + } + else { + /* Count certificates in chain. */ + now = PR_Now(); + i = 1; + if(!cert->isRoot) { + cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA); + while(cert2) { + i++; + if(cert2->isRoot) { + CERT_DestroyCertificate(cert2); + break; + } + cert3 = CERT_FindCertIssuer(cert2, now, certUsageSSLCA); + CERT_DestroyCertificate(cert2); + cert2 = cert3; + } + } + Curl_ssl_init_certinfo(conn->data, i); + for(i = 0; cert; cert = cert2) { + Curl_extract_certinfo(conn, i++, cert->derCert.data, + cert->derCert.data + cert->derCert.len); + if(cert->isRoot) { + CERT_DestroyCertificate(cert); + break; + } + cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA); + CERT_DestroyCertificate(cert); + } + } + } return; } |