On Wed, 18 Sep 2013, Christian Grothoff wrote:
Here's a little patch to get CURLINFO_CERTINFO to do something meaningful if libcurl was compiled to use GnuTLS instead of OpenSSL.
The OpenSSL code only does this stuff if 'data->set.ssl.certinfo' is TRUE, shouldn't the GnuTLS code only be conditional on the same?
As described in the log, I'd prefer to get PEM as the returned text to the client, but the OpenSSL API doesn't allow that either. Would you be happy with a patch to add an option CURLINFO_CERTINFO_PEM that would return the server certificate in PEM format for machine-processing?
Possibly yes, but extracting goodies from PEM is a quite a lot of work still (and it also requires that your application knows and uses the SSL library directly) and that's kind of the reason why CURLINFO_CERTINFO is as "chatty" as it is.
-- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
