cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Report on SSL cipher being used

From: Philip Montrowe <pmontrowe_at_appsecinc.com>
Date: Sat, 5 Jan 2013 08:24:26 -0500

>> Seems like something we could add to curl_easy_getinfo() - and something that will require changes for every SSL backend we want to get the info from...
>> Anything you feel like taking a stab at?

Daniel,

This might be biting off more than I can chew.

I was thinking more along the lines of adding an exit similar to CURLOPT_SSL_CTX_FUNCTION and CURLOPT_SSL_CTX_DATA like so:

CURLOPT_SSL_CONN_FUNCTION

This option functions only for libcurl powered by OpenSSL. If libcurl was built against another SSL library, this functionality is absent.

Pass a pointer to a function that matches the following prototype: CURLcode sslconnfun(CURL *curl, void *ssl, void *parm); This function gets called by libcurl just after a successful SSL connection to allow for inspection of that connection. The ssl parameter is actually a pointer to an openssl SSL structure. If an error is returned the connection is abandoned and the calling operation will return the error code from this callback function. Set the parm argument with the CURLOPT_SSL_CONN_DATA option.

CURLOPT_SSL_CONN_DATA

Data pointer to pass to the SSL connection callback set by the option CURLOPT_SSL_CONN_FUNCTION, this is the pointer you'll get as third parameter, otherwise NULL.

And then add code like this right at the end of the ossl_connect_step1 routine

  /* give application a chance to to examine new connection */
  if(data->set.ssl.fsslconn) {
    retcode = (*data->set.ssl.fsslconn)(data, connssl->handle,
                                       data->set.ssl.fsslconnp);
    if(retcode) {
      failf(data,"error signaled by ssl conn callback");
      return retcode;
    }
  }

  connssl->connecting_state = ssl_connect_2;
  return CURLE_OK;

Thoughts?

Philip

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-01-05