gtls: implement CURLOPT_CERTINFO

curl · Mar 20, 2015 · a332922 · a332922
1 parent 8854f8d
commit a332922
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 13 deletions.
diff --git a/docs/libcurl/opts/CURLOPT_CERTINFO.3 b/docs/libcurl/opts/CURLOPT_CERTINFO.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -29,19 +29,18 @@ CURLOPT_CERTINFO \- request SSL certificate information
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CERTINFO, long certinfo);
 .SH DESCRIPTION
 Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With
-this enabled, libcurl (if built with OpenSSL, NSS or GSKit) will
-extract lots of information and data about the certificates in the certificate
-chain used in the SSL connection. This data may then be retrieved after a
-transfer using \fIcurl_easy_getinfo(3)\fP and its option
-\fICURLINFO_CERTINFO\fP.
+this enabled, libcurl will extract lots of information and data about the
+certificates in the certificate chain used in the SSL connection. This data may
+then be retrieved after a transfer using \fIcurl_easy_getinfo(3)\fP and its
+option \fICURLINFO_CERTINFO\fP.
 .SH DEFAULT
 0
 .SH PROTOCOLS
 All TLS-based
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY
-Added in 7.19.1
+This option is supported by the OpenSSL, GnuTLS, NSS and GSKit backends.
 .SH RETURN VALUE
 Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
 .SH "SEE ALSO"

diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
@@ -53,6 +53,7 @@
 #include "select.h"
 #include "rawstr.h"
 #include "warnless.h"
+#include "x509asn1.h"
 #include "curl_printf.h"
 #include "curl_memory.h"
 /* The last #include file should be: */
@@ -837,6 +838,23 @@ gtls_connect_step3(struct connectdata *conn,
     infof(data, "\t common name: WARNING couldn't obtain\n");
   }
 
+  if(data->set.ssl.certinfo) {
+    unsigned int i;
+
+    result = Curl_ssl_init_certinfo(data, cert_list_size);
+    if(result)
+      return result;
+
+    for(i = 0; i < cert_list_size; i++) {
+      const char *beg = (const char *) chainp[i].data;
+      const char *end = beg + chainp[i].size;
+
+      result = Curl_extract_certinfo(conn, i, beg, end);
+      if(result)
+        return result;
+    }
+  }
+
   if(data->set.ssl.verifypeer) {
     /* This function will try to verify the peer's certificate and return its
        status (trusted, invalid etc.). The value of status should be one or

diff --git a/lib/vtls/gtls.h b/lib/vtls/gtls.h
@@ -57,6 +57,9 @@ bool Curl_gtls_cert_status_request(void);
 /* this backend supports the CAPATH option */
 #define have_curlssl_ca_path 1
 
+/* this backend supports CURLOPT_CERTINFO */
+#define have_curlssl_certinfo 1
+
 /* API setup for GnuTLS */
 #define curlssl_init Curl_gtls_init
 #define curlssl_cleanup Curl_gtls_cleanup

diff --git a/lib/x509asn1.c b/lib/x509asn1.c
@@ -22,7 +22,7 @@
 
 #include "curl_setup.h"
 
-#if defined(USE_GSKIT) || defined(USE_NSS)
+#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS)
 
 #include <curl/curl.h>
 #include "urldata.h"
@@ -209,7 +209,6 @@ static const char * octet2str(const char * beg, const char * end)
 }
 
 static const char * bit2str(const char * beg, const char * end)
-
 {
   /* Convert an ASN.1 bit string to a printable string.
      Return the dynamically allocated string, or NULL if an error occurs. */
@@ -1024,7 +1023,7 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn,
   return CURLE_OK;
 }
 
-#endif /* USE_GSKIT or USE_NSS */
+#endif /* USE_GSKIT or USE_NSS or USE_GNUTLS */
 
 #if defined(USE_GSKIT)
 

diff --git a/lib/x509asn1.h b/lib/x509asn1.h
@@ -8,7 +8,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -25,7 +25,7 @@
 
 #include "curl_setup.h"
 
-#if defined(USE_GSKIT) || defined(USE_NSS)
+#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS)
 
 #include "urldata.h"
 
@@ -127,5 +127,5 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, int certnum,
 CURLcode Curl_verifyhost(struct connectdata * conn,
                          const char * beg, const char * end);
 
-#endif /* USE_GSKIT or USE_NSS */
+#endif /* USE_GSKIT or USE_NSS or  USE_GNUTLS */
 #endif /* HEADER_CURL_X509ASN1_H */