diff options
| author | Christian Grothoff <christian@grothoff.org> | 2013-11-17 20:49:16 +0100 |
|---|---|---|
| committer | Steve Holme <steve_holme@hotmail.com> | 2013-11-21 20:40:04 +0000 |
| commit | 2c04e8d80c29ab6e07eddb4bdd50591f46606239 (patch) | |
| tree | c3d621ff6c3db71f83778294ac3c5726e37a70d4 /lib | |
| parent | 925df5358005a587e593834cc625187e6e74f7ce (diff) | |
curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals
Added new API for returning a SSL backend type and pointer, in order to
allow access to the TLS internals, that may then be used to obtain X509
certificate information for example.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/getinfo.c | 46 | ||||
| -rw-r--r-- | lib/urldata.h | 2 |
2 files changed, 48 insertions, 0 deletions
diff --git a/lib/getinfo.c b/lib/getinfo.c index 3d09dc684..6a4e72e4a 100644 --- a/lib/getinfo.c +++ b/lib/getinfo.c @@ -277,7 +277,53 @@ static CURLcode getinfo_slist(struct SessionHandle *data, CURLINFO info, ptr.to_certinfo = &data->info.certs; *param_slistp = ptr.to_slist; break; + case CURLINFO_TLS_SESSION: + { + struct curl_tlsinfo **tlsinfop = (struct curl_tlsinfo **) param_slistp; + struct curl_tlsinfo *tlsinfo = &data->tlsinfo; + struct connectdata *conn = data->easy_conn; + unsigned int sockindex = 0; + *tlsinfop = tlsinfo; + tlsinfo->ssl_backend = CURLSSLBACKEND_NONE; + tlsinfo->internals = NULL; + + /* Find the active ("in use") SSL connection, if any */ + while((sockindex < sizeof(conn->ssl) / sizeof(conn->ssl[0])) && + (!conn->ssl[sockindex].use)) + sockindex++; + + if(sockindex == sizeof(conn->ssl) / sizeof(conn->ssl[0])) + break; /* no SSL session found */ + + /* Return the TLS session information from the relevant backend */ +#ifdef USE_SSLEAY + tlsinfo->ssl_backend = CURLSSLBACKEND_OPENSSL; + tlsinfo->internals = conn->ssl[sockindex].ctx; +#endif +#ifdef USE_GNUTLS + tlsinfo->ssl_backend = CURLSSLBACKEND_GNUTLS; + tlsinfo->internals = conn->ssl[sockindex].session; +#endif +#ifdef USE_NSS + tlsinfo->ssl_backend = CURLSSLBACKEND_NSS; + tlsinfo->internals = conn->ssl[sockindex].handle; +#endif +#ifdef USE_QSOSSL + tlsinfo->ssl_backend = CURLSSLBACKEND_QSOSSL; + tlsinfo->internals = conn->ssl[sockindex].handle; +#endif +#ifdef USE_GSKIT + tlsinfo->ssl_backend = CURLSSLBACKEND_GSKIT; + tlsinfo->internals = conn->ssl[sockindex].handle; +#endif + /* NOTE: For other SSL backends, it is not immediately clear what data + to return from 'struct ssl_connect_data'; thus, for now we keep the + backend as CURLSSLBACKEND_NONE in those cases, which should be + interpreted as "not supported" */ + break; + } + break; default: return CURLE_BAD_FUNCTION_ARGUMENT; } diff --git a/lib/urldata.h b/lib/urldata.h index 98686bb33..29cf9603b 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -1637,6 +1637,8 @@ struct SessionHandle { other dynamic purposes */ struct WildcardData wildcard; /* wildcard download state info */ struct PureInfo info; /* stats, reports and info data */ + struct curl_tlsinfo tlsinfo; /* Information about the TLS session, only + valid after a client has asked for it */ #if defined(CURL_DOES_CONVERSIONS) && defined(HAVE_ICONV) iconv_t outbound_cd; /* for translating to the network encoding */ iconv_t inbound_cd; /* for translating from the network encoding */ |