cURL / Mailing Lists / curl-library / Single Mail

curl-library

[PATCH 2/2] docs/examples/sessioninfo.c: sample code for CURLINFO_TLS_SESSION

From: Christian Grothoff <christian_at_grothoff.org>
Date: Wed, 27 Nov 2013 23:37:09 +0100

Added a simple example for how one can use CURLINFO_TLS_SESSION
to obtain extensive TLS certificate information.

---
 docs/examples/Makefile.inc  |    3 +-
 docs/examples/sessioninfo.c |  107 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 109 insertions(+), 1 deletion(-)
 create mode 100644 docs/examples/sessioninfo.c
diff --git a/docs/examples/Makefile.inc b/docs/examples/Makefile.inc
index 5d3bcfc..fb628e7 100644
--- a/docs/examples/Makefile.inc
+++ b/docs/examples/Makefile.inc
@@ -13,4 +13,5 @@ COMPLICATED_EXAMPLES = curlgtk.c curlx.c htmltitle.cpp cacertinmem.c	   \
   ftpuploadresume.c ghiper.c hiperfifo.c htmltidy.c multithread.c	   \
   opensslthreadlock.c sampleconv.c synctime.c threaded-ssl.c evhiperfifo.c \
   smooth-gtk-thread.c version-check.pl href_extractor.c asiohiper.cpp \
-  multi-uv.c xmlstream.c usercertinmem.c
+  multi-uv.c xmlstream.c usercertinmem.c sessioninfo.c
+
diff --git a/docs/examples/sessioninfo.c b/docs/examples/sessioninfo.c
new file mode 100644
index 0000000..cc517c5
--- /dev/null
+++ b/docs/examples/sessioninfo.c
@@ -0,0 +1,107 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel_at_haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/* Note that this example currently requires cURL to be linked against
+   GnuTLS (and this program must also be linked against -lgnutls). */
+
+#include <stdio.h>
+
+#include <curl/curl.h>
+#include <gnutls/gnutls.h>
+
+static CURL *curl;
+
+static size_t wrfu(void *ptr,  size_t  size,  size_t  nmemb,  void *stream)
+{
+  const struct curl_tlsinfo *tlsinfo;
+  unsigned int cert_list_size;
+  const gnutls_datum_t *chainp;
+  CURLcode res;
+
+  res = curl_easy_getinfo(curl, CURLINFO_TLS_SESSION, &tlsinfo);
+
+  if(!res) {
+    switch (tlsinfo->ssl_backend) {
+    case CURLSSLBACKEND_GNUTLS:
+      /* tlsinfo->internals is now the gnutls_session_t */
+      chainp = gnutls_certificate_get_peers (tlsinfo->internals,
+                                             &cert_list_size);
+      if((chainp) && (0 != cert_list_size)) {
+        unsigned int i;
+
+        for(i=0;i<cert_list_size;i++) {
+          gnutls_x509_crt_t cert;
+          gnutls_datum_t dn;
+
+          if (GNUTLS_E_SUCCESS == gnutls_x509_crt_init (&cert)) {
+            if(GNUTLS_E_SUCCESS ==
+               gnutls_x509_crt_import (cert, &chainp[i],
+                                       GNUTLS_X509_FMT_DER)) {
+              if(GNUTLS_E_SUCCESS ==
+                 gnutls_x509_crt_print (cert,
+                                        GNUTLS_CRT_PRINT_FULL,
+                                        &dn)) {
+                fprintf (stderr,
+                         "Certificate #%d: %.*s",
+                         i, dn.size, dn.data);
+                gnutls_free (dn.data);
+              }
+            }
+            gnutls_x509_crt_deinit (cert);
+          }
+        }
+      }
+      break;
+    case CURLSSLBACKEND_NONE:
+    default:
+      break;
+    }
+  }
+
+  (void)stream;
+  (void)ptr;
+  return size * nmemb;
+}
+
+int main(void)
+{
+  curl_global_init(CURL_GLOBAL_DEFAULT);
+
+  curl = curl_easy_init();
+  if(curl) {
+    curl_easy_setopt(curl, CURLOPT_URL, "https://www.example.com/");
+
+    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, wrfu);
+
+    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
+    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
+
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 0L);
+
+    (void) curl_easy_perform(curl);
+    curl_easy_cleanup(curl);
+  }
+
+  curl_global_cleanup();
+
+  return 0;
+}
-- 
1.7.10.4
--------------020303070707070301020109
Content-Type: text/x-patch;
 name="0001-curl_easy_getopt-handle-API-violation-gracefully.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename*0="0001-curl_easy_getopt-handle-API-violation-gracefully.patch"

Received on 2001-09-17

This message: [ Message body ]
Next message: Christian Grothoff: "[PATCH 1/2] curl_easy_getopt: handle API violation gracefully"
Previous message: Christian Grothoff: "Re: CURLINFO_GNUTLS_SESSION (was Re: Patch: Support CURLINFO_CERTINFO with GnuTLS)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]