From 30c131f51f605d35e5d90f4be1727045fef17351 Mon Sep 17 00:00:00 2001 From: Daniel Hwang Date: Sat, 12 Sep 2015 14:35:12 -0700 Subject: ssl: add server cert's "sha256//" hash to verbose Add a "pinnedpubkey" section to the "Server Certificate" verbose Bug: https://github.com/bagder/curl/issues/410 Reported-by: W. Mark Kubacki Closes #430 Closes #410 --- lib/vtls/gtls.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'lib/vtls/gtls.c') diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index c54dfc1d2..5f7041a30 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -724,7 +724,8 @@ gtls_connect_step1(struct connectdata *conn, return CURLE_OK; } -static CURLcode pkp_pin_peer_pubkey(gnutls_x509_crt_t cert, +static CURLcode pkp_pin_peer_pubkey(struct SessionHandle *data, + gnutls_x509_crt_t cert, const char *pinnedpubkey) { /* Scratch */ @@ -769,7 +770,7 @@ static CURLcode pkp_pin_peer_pubkey(gnutls_x509_crt_t cert, /* End Gyrations */ /* The one good exit point */ - result = Curl_pin_peer_pubkey(pinnedpubkey, buff1, len1); + result = Curl_pin_peer_pubkey(data, pinnedpubkey, buff1, len1); } while(0); if(NULL != key) @@ -1152,7 +1153,7 @@ gtls_connect_step3(struct connectdata *conn, ptr = data->set.str[STRING_SSL_PINNEDPUBLICKEY]; if(ptr) { - result = pkp_pin_peer_pubkey(x509_cert, ptr); + result = pkp_pin_peer_pubkey(data, x509_cert, ptr); if(result != CURLE_OK) { failf(data, "SSL: public key does not match pinned public key!"); gnutls_x509_crt_deinit(x509_cert); -- cgit v1.2.3