curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals

Added new API for returning a SSL backend type and pointer, in order to allow access to the TLS internals, that may then be used to obtain X509 certificate information for example.
author: Christian Grothoff <christian@grothoff.org> 2013-11-17 20:49:16 +0100
committer: Steve Holme <steve_holme@hotmail.com> 2013-11-21 20:40:04 +0000
commit: 2c04e8d80c29ab6e07eddb4bdd50591f46606239 (patch)
tree: c3d621ff6c3db71f83778294ac3c5726e37a70d4 /lib/getinfo.c
parent: 925df5358005a587e593834cc625187e6e74f7ce (diff)
download: curl-2c04e8d80c29ab6e07eddb4bdd50591f46606239.tar.gz
1 files changed, 46 insertions, 0 deletions
diff --git a/lib/getinfo.c b/lib/getinfo.c
index 3d09dc684..6a4e72e4a 100644
--- a/lib/getinfo.c
+++ b/lib/getinfo.c
@@ -277,7 +277,53 @@ static CURLcode getinfo_slist(struct SessionHandle *data, CURLINFO info,
     ptr.to_certinfo = &data->info.certs;
     *param_slistp = ptr.to_slist;
     break;
+  case CURLINFO_TLS_SESSION:
+    {
+      struct curl_tlsinfo **tlsinfop = (struct curl_tlsinfo **) param_slistp;
+      struct curl_tlsinfo *tlsinfo = &data->tlsinfo;
+      struct connectdata *conn = data->easy_conn;
+      unsigned int sockindex = 0;
 
+      *tlsinfop = tlsinfo;
+      tlsinfo->ssl_backend = CURLSSLBACKEND_NONE;
+      tlsinfo->internals = NULL;
+
+      /* Find the active ("in use") SSL connection, if any */
+      while((sockindex < sizeof(conn->ssl) / sizeof(conn->ssl[0])) &&
+            (!conn->ssl[sockindex].use))
+        sockindex++;
+
+      if(sockindex == sizeof(conn->ssl) / sizeof(conn->ssl[0]))
+        break; /* no SSL session found */
+
+      /* Return the TLS session information from the relevant backend */
+#ifdef USE_SSLEAY
+      tlsinfo->ssl_backend = CURLSSLBACKEND_OPENSSL;
+      tlsinfo->internals = conn->ssl[sockindex].ctx;
+#endif
+#ifdef USE_GNUTLS
+      tlsinfo->ssl_backend = CURLSSLBACKEND_GNUTLS;
+      tlsinfo->internals = conn->ssl[sockindex].session;
+#endif
+#ifdef USE_NSS
+      tlsinfo->ssl_backend = CURLSSLBACKEND_NSS;
+      tlsinfo->internals = conn->ssl[sockindex].handle;
+#endif
+#ifdef USE_QSOSSL
+      tlsinfo->ssl_backend = CURLSSLBACKEND_QSOSSL;
+      tlsinfo->internals = conn->ssl[sockindex].handle;
+#endif
+#ifdef USE_GSKIT
+      tlsinfo->ssl_backend = CURLSSLBACKEND_GSKIT;
+      tlsinfo->internals = conn->ssl[sockindex].handle;
+#endif
+      /* NOTE: For other SSL backends, it is not immediately clear what data
+         to return from 'struct ssl_connect_data'; thus, for now we keep the
+         backend as CURLSSLBACKEND_NONE in those cases, which should be
+         interpreted as "not supported" */
+      break;
+    }
+    break;
   default:
     return CURLE_BAD_FUNCTION_ARGUMENT;
   }
author	Christian Grothoff <christian@grothoff.org>	2013-11-17 20:49:16 +0100
committer	Steve Holme <steve_holme@hotmail.com>	2013-11-21 20:40:04 +0000
commit	2c04e8d80c29ab6e07eddb4bdd50591f46606239 (patch)
tree	c3d621ff6c3db71f83778294ac3c5726e37a70d4 /lib/getinfo.c
parent	925df5358005a587e593834cc625187e6e74f7ce (diff)
download	curl-2c04e8d80c29ab6e07eddb4bdd50591f46606239.tar.gz