cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [Patch] To add support of server certificate dump

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Sat, 27 Jan 2007 00:09:34 +0100 (CET)

On Fri, 26 Jan 2007, atul wrote:

Thanks for your work!

> Attached is the patch to add support for getting server certificate dump
> in case of Non-Trusted sites.

Only in that case? Doesn't this always export it when requested?

Are you then somehow using this cert in subsequent requests (as ca cert) to
verify that the server remains the same? If so, how?

> PS:: This is my first contribution so any whoops should be ignored.

Except for some minor indenting problems, there's a somewhat larger nit: we
can't have the lib take a FILE * and write to that for two reasons:

1) we want to allow applications to work with stuff like this kept in memory
at all times

2) some systems don't allow a shared library/DLL to use a FILE * passed in
from the application

So, we need some other means of exporting the cert to the application. By a
callback or by storing the info to be extracted after the function returns
with curl_easy_getinfo().

Also, for the docs it would be useful to not break an existing paragraph in
the middle (the curl_easy_setopt.3 change), and mention that this only works
if libcurl is built with OpenSSL.

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
Received on 2007-01-27