summaryrefslogtreecommitdiff
path: root/lib/getinfo.c
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2013-11-17 20:49:16 +0100
committerSteve Holme <steve_holme@hotmail.com>2013-11-21 20:40:04 +0000
commit2c04e8d80c29ab6e07eddb4bdd50591f46606239 (patch)
treec3d621ff6c3db71f83778294ac3c5726e37a70d4 /lib/getinfo.c
parent925df5358005a587e593834cc625187e6e74f7ce (diff)
downloadcurl-2c04e8d80c29ab6e07eddb4bdd50591f46606239.tar.gz
curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals
Added new API for returning a SSL backend type and pointer, in order to allow access to the TLS internals, that may then be used to obtain X509 certificate information for example.
Diffstat (limited to 'lib/getinfo.c')
-rw-r--r--lib/getinfo.c46
1 files changed, 46 insertions, 0 deletions
diff --git a/lib/getinfo.c b/lib/getinfo.c
index 3d09dc684..6a4e72e4a 100644
--- a/lib/getinfo.c
+++ b/lib/getinfo.c
@@ -277,7 +277,53 @@ static CURLcode getinfo_slist(struct SessionHandle *data, CURLINFO info,
ptr.to_certinfo = &data->info.certs;
*param_slistp = ptr.to_slist;
break;
+ case CURLINFO_TLS_SESSION:
+ {
+ struct curl_tlsinfo **tlsinfop = (struct curl_tlsinfo **) param_slistp;
+ struct curl_tlsinfo *tlsinfo = &data->tlsinfo;
+ struct connectdata *conn = data->easy_conn;
+ unsigned int sockindex = 0;
+ *tlsinfop = tlsinfo;
+ tlsinfo->ssl_backend = CURLSSLBACKEND_NONE;
+ tlsinfo->internals = NULL;
+
+ /* Find the active ("in use") SSL connection, if any */
+ while((sockindex < sizeof(conn->ssl) / sizeof(conn->ssl[0])) &&
+ (!conn->ssl[sockindex].use))
+ sockindex++;
+
+ if(sockindex == sizeof(conn->ssl) / sizeof(conn->ssl[0]))
+ break; /* no SSL session found */
+
+ /* Return the TLS session information from the relevant backend */
+#ifdef USE_SSLEAY
+ tlsinfo->ssl_backend = CURLSSLBACKEND_OPENSSL;
+ tlsinfo->internals = conn->ssl[sockindex].ctx;
+#endif
+#ifdef USE_GNUTLS
+ tlsinfo->ssl_backend = CURLSSLBACKEND_GNUTLS;
+ tlsinfo->internals = conn->ssl[sockindex].session;
+#endif
+#ifdef USE_NSS
+ tlsinfo->ssl_backend = CURLSSLBACKEND_NSS;
+ tlsinfo->internals = conn->ssl[sockindex].handle;
+#endif
+#ifdef USE_QSOSSL
+ tlsinfo->ssl_backend = CURLSSLBACKEND_QSOSSL;
+ tlsinfo->internals = conn->ssl[sockindex].handle;
+#endif
+#ifdef USE_GSKIT
+ tlsinfo->ssl_backend = CURLSSLBACKEND_GSKIT;
+ tlsinfo->internals = conn->ssl[sockindex].handle;
+#endif
+ /* NOTE: For other SSL backends, it is not immediately clear what data
+ to return from 'struct ssl_connect_data'; thus, for now we keep the
+ backend as CURLSSLBACKEND_NONE in those cases, which should be
+ interpreted as "not supported" */
+ break;
+ }
+ break;
default:
return CURLE_BAD_FUNCTION_ARGUMENT;
}