On Fri, 20 Sep 2013, Christian Grothoff wrote:

> Here is another patch which adds the CURLINFO_GNUTLS_SESSION option to
> curl_easy_getinfo. It exposes the GnuTLS session to clients, which is
> useful if clients need to inspect certificate chains or other properties of
> the TLS connection. Naturally, the option only works if cURL was compiled
> with GnuTLS support (hence the GNUTLS in the name). This patch should be
> completely independent from my previous patch to support CURLINFO_CERTINFO
> with GnuTLS, and I think it is generally more useful as it allows
> applications to access certificates via the nice GnuTLS X509 APIs instead of
> having to parse the strings.

Hi!

I can see why this option can be handy. I don't really like opening up the API
for even more SSL-library specific things so I would prefer if you can think
of a way that can return this information in an even more generic way that
will include information for what SSL library the handle concerns so that we
don't end up having to add a new such option for every SSL library we want to
allow this "extraction" for.

Also, I found the code needing some comments to explain what the loop does and
I'm also a bit concerned if this really works properly in all cases, like even
if the SSL connection was completely shutdown previous to this
curl_easy_getinfo() call. How much testing have you done on this?

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html