SSL: implement public key pinning

Option --pinnedpubkey takes a path to a public key in DER format and only connect if it matches (currently only implemented with OpenSSL). Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt(). Extract a public RSA key from a website like so: openssl s_client -connect google.com:443 2>&1 < /dev/null | \ sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \ | openssl rsa -pubin -outform DER > google.com.der
author: moparisthebest <admin@moparisthebest.com> 2014-09-30 22:31:17 -0400
committer: Daniel Stenberg <daniel@haxx.se> 2014-10-07 14:44:19 +0200
commit: 93e450793ce289925dfd1d5e3b2d14e781f8dfd4 (patch)
tree: 3ceea898922e067a4a692204f6388ab633deebef /lib/urldata.h
parent: d1b56d00439ab26d7fc43e37ab18ae331ddc400d (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/urldata.h b/lib/urldata.h
index 8594c2f7d..fd59d781d 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -1385,6 +1385,7 @@ enum dupstring {
   STRING_SET_URL,         /* what original URL to work on */
   STRING_SSL_CAPATH,      /* CA directory name (doesn't work on windows) */
   STRING_SSL_CAFILE,      /* certificate file to verify peer against */
+  STRING_SSL_PINNEDPUBLICKEY, /* public key file to verify peer against */
   STRING_SSL_CIPHER_LIST, /* list of ciphers to use */
   STRING_SSL_EGDSOCKET,   /* path to file containing the EGD daemon socket */
   STRING_SSL_RANDOM_FILE, /* path to file containing "random" data */
author	moparisthebest <admin@moparisthebest.com>	2014-09-30 22:31:17 -0400
committer	Daniel Stenberg <daniel@haxx.se>	2014-10-07 14:44:19 +0200
commit	93e450793ce289925dfd1d5e3b2d14e781f8dfd4 (patch)
tree	3ceea898922e067a4a692204f6388ab633deebef /lib/urldata.h
parent	d1b56d00439ab26d7fc43e37ab18ae331ddc400d (diff)