cURL / Mailing Lists / curl-library / Single Mail

curl-library

Exposing/Verifying ssl certificate hash for a https connection

From: Arindam <arindam.bosco05_at_gmail.com>
Date: Mon, 15 Oct 2012 17:09:40 -0700

Because of some security constraints, whenever we make a https request we
want to check that atleast one of the certificates in the chain matches a
particular sha1_hash. I am doing this by checking the certificate against
the X509->sha1_hash in cert_verify_callback() function in ssluse.c, and
setting a value in data->info.

However, it seems that during the SSL connection the 'data' pointer keeps
changing. So, my application points to a different 'data' pointer whereas
the conn->data points to a different one.

Is there a ssl specific data structure I can use for this scenario ? How do
I get it from the CURL* handle ?

-- 
Cheers,
Arindam.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-10-16

This message: [ Message body ]
Next message: Yehezkel Horowitz: "RE: Exposing/Verifying ssl certificate hash for a https connection"
Previous message: Daniel Stenberg: "Re: Bug#690551: libcurl3-gnutls: git fails for https repos (fwd)"
Next in thread: Yehezkel Horowitz: "RE: Exposing/Verifying ssl certificate hash for a https connection"
Reply: Yehezkel Horowitz: "RE: Exposing/Verifying ssl certificate hash for a https connection"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]