openssl: make certinfo available for QUIC

Curl_get_certchain() is now an exported function in lib/vtls/openssl.c that can also be used from quiche.c and ngtcp2.c to get the certain for QUIC connections as well. The *certchain function was moved to the top of the file for this reason. Reported-by: Eloy Degen Fixes #9584
curl · Sep 26, 2022 · 5e8bed2 · 5e8bed2
1 parent 2481dbe
commit 5e8bed2
Show file tree

Hide file tree

Showing 4 changed files with 598 additions and 585 deletions.
diff --git a/lib/vquic/ngtcp2.c b/lib/vquic/ngtcp2.c
@@ -1703,6 +1703,11 @@ static CURLcode ng_has_connected(struct Curl_easy *data,
   }
   else
     infof(data, "Skipped certificate verification");
+#ifdef USE_OPENSSL
+  if(data->set.ssl.certinfo)
+    /* asked to gather certificate info */
+    (void)Curl_get_certchain(data, qs->ssl);
+#endif
   return result;
 }
 

diff --git a/lib/vquic/quiche.c b/lib/vquic/quiche.c
@@ -416,6 +416,10 @@ static CURLcode quiche_has_connected(struct Curl_easy *data,
     qs->cfg = NULL;
     qs->conn = NULL;
   }
+  if(data->set.ssl.certinfo)
+    /* asked to gather certificate info */
+    (void)Curl_get_certchain(data, qs->ssl);
+
   return CURLE_OK;
   fail:
   quiche_h3_config_free(qs->h3config);