diff options
author | Daniel Hwang <danielleehwang@gmail.com> | 2015-09-12 14:35:12 -0700 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2015-09-19 23:17:39 +0200 |
commit | 30c131f51f605d35e5d90f4be1727045fef17351 (patch) | |
tree | c8a10cadd384d52586895c6ed3be9033827f5b33 /lib/vtls/openssl.c | |
parent | c979a3d0c45f141f2c728a994c3358f6e696519f (diff) |
ssl: add server cert's "sha256//" hash to verbose
Add a "pinnedpubkey" section to the "Server Certificate" verbose
Bug: https://github.com/bagder/curl/issues/410
Reported-by: W. Mark Kubacki
Closes #430
Closes #410
Diffstat (limited to 'lib/vtls/openssl.c')
-rw-r--r-- | lib/vtls/openssl.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index a5103cd42..998ab2bac 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -2420,7 +2420,8 @@ static CURLcode get_cert_chain(struct connectdata *conn, * Heavily modified from: * https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#OpenSSL */ -static CURLcode pkp_pin_peer_pubkey(X509* cert, const char *pinnedpubkey) +static CURLcode pkp_pin_peer_pubkey(struct SessionHandle *data, X509* cert, + const char *pinnedpubkey) { /* Scratch */ int len1 = 0, len2 = 0; @@ -2465,7 +2466,7 @@ static CURLcode pkp_pin_peer_pubkey(X509* cert, const char *pinnedpubkey) /* End Gyrations */ /* The one good exit point */ - result = Curl_pin_peer_pubkey(pinnedpubkey, buff1, len1); + result = Curl_pin_peer_pubkey(data, pinnedpubkey, buff1, len1); } while(0); /* https://www.openssl.org/docs/crypto/buffer.html */ @@ -2629,7 +2630,7 @@ static CURLcode servercert(struct connectdata *conn, ptr = data->set.str[STRING_SSL_PINNEDPUBLICKEY]; if(!result && ptr) { - result = pkp_pin_peer_pubkey(connssl->server_cert, ptr); + result = pkp_pin_peer_pubkey(data, connssl->server_cert, ptr); if(result) failf(data, "SSL: public key does not match pinned public key!"); } |