Dear Steve, Here are two more patches. #0001 makes the code more robust against applications asking for info after the HTTP request has been performed (which turns out to be too late, but even if an application does that cURL should obviously not deref NULL). #0002 adds an example for the new option, as promised about a week ago.
Happy hacking! Christian On 11/21/2013 10:10 PM, Daniel Stenberg wrote: > On Thu, 21 Nov 2013, Steve Holme wrote: > >> I have now pushed it - after tidying up the commit comments, >> documentation layout, etc... ;-) >> >> I've also added it to a pending release notes commit as well. > > Let's leave this now, but I just wanted to mention that we are now > technically in a feature freeze so (other) new things need to wait until > after the release! > > (but nice work there anyway Steve and Christian) >
>From 256ad89d22bdcefeecf579f3559a7acdaa289690 Mon Sep 17 00:00:00 2001 From: Christian Grothoff <[email protected]> Date: Wed, 27 Nov 2013 23:37:09 +0100 Subject: [PATCH 2/2] docs/examples/sessioninfo.c: sample code for CURLINFO_TLS_SESSION Added a simple example for how one can use CURLINFO_TLS_SESSION to obtain extensive TLS certificate information. --- docs/examples/Makefile.inc | 3 +- docs/examples/sessioninfo.c | 107 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+), 1 deletion(-) create mode 100644 docs/examples/sessioninfo.c diff --git a/docs/examples/Makefile.inc b/docs/examples/Makefile.inc index 5d3bcfc..fb628e7 100644 --- a/docs/examples/Makefile.inc +++ b/docs/examples/Makefile.inc @@ -13,4 +13,5 @@ COMPLICATED_EXAMPLES = curlgtk.c curlx.c htmltitle.cpp cacertinmem.c \ ftpuploadresume.c ghiper.c hiperfifo.c htmltidy.c multithread.c \ opensslthreadlock.c sampleconv.c synctime.c threaded-ssl.c evhiperfifo.c \ smooth-gtk-thread.c version-check.pl href_extractor.c asiohiper.cpp \ - multi-uv.c xmlstream.c usercertinmem.c + multi-uv.c xmlstream.c usercertinmem.c sessioninfo.c + diff --git a/docs/examples/sessioninfo.c b/docs/examples/sessioninfo.c new file mode 100644 index 0000000..cc517c5 --- /dev/null +++ b/docs/examples/sessioninfo.c @@ -0,0 +1,107 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2013, Daniel Stenberg, <[email protected]>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +/* Note that this example currently requires cURL to be linked against + GnuTLS (and this program must also be linked against -lgnutls). */ + +#include <stdio.h> + +#include <curl/curl.h> +#include <gnutls/gnutls.h> + +static CURL *curl; + +static size_t wrfu(void *ptr, size_t size, size_t nmemb, void *stream) +{ + const struct curl_tlsinfo *tlsinfo; + unsigned int cert_list_size; + const gnutls_datum_t *chainp; + CURLcode res; + + res = curl_easy_getinfo(curl, CURLINFO_TLS_SESSION, &tlsinfo); + + if(!res) { + switch (tlsinfo->ssl_backend) { + case CURLSSLBACKEND_GNUTLS: + /* tlsinfo->internals is now the gnutls_session_t */ + chainp = gnutls_certificate_get_peers (tlsinfo->internals, + &cert_list_size); + if((chainp) && (0 != cert_list_size)) { + unsigned int i; + + for(i=0;i<cert_list_size;i++) { + gnutls_x509_crt_t cert; + gnutls_datum_t dn; + + if (GNUTLS_E_SUCCESS == gnutls_x509_crt_init (&cert)) { + if(GNUTLS_E_SUCCESS == + gnutls_x509_crt_import (cert, &chainp[i], + GNUTLS_X509_FMT_DER)) { + if(GNUTLS_E_SUCCESS == + gnutls_x509_crt_print (cert, + GNUTLS_CRT_PRINT_FULL, + &dn)) { + fprintf (stderr, + "Certificate #%d: %.*s", + i, dn.size, dn.data); + gnutls_free (dn.data); + } + } + gnutls_x509_crt_deinit (cert); + } + } + } + break; + case CURLSSLBACKEND_NONE: + default: + break; + } + } + + (void)stream; + (void)ptr; + return size * nmemb; +} + +int main(void) +{ + curl_global_init(CURL_GLOBAL_DEFAULT); + + curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://www.example.com/";); + + curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, wrfu); + + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); + + curl_easy_setopt(curl, CURLOPT_VERBOSE, 0L); + + (void) curl_easy_perform(curl); + curl_easy_cleanup(curl); + } + + curl_global_cleanup(); + + return 0; +} -- 1.7.10.4
>From d662e2922308085096750f8dbe93f79796f7011c Mon Sep 17 00:00:00 2001 From: Christian Grothoff <[email protected]> Date: Wed, 27 Nov 2013 23:28:26 +0100 Subject: [PATCH 1/2] curl_easy_getopt: handle API violation gracefully This fixes a NULL dereference in the case where the client asks for CURLINFO_TLS_SESSION data after the (TLS) session has already been destroyed (i.e. curl_easy_perform has already completed for this handle). Instead of crashing, we now return an error (CURLSSLBACKEND_NONE). --- lib/getinfo.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/getinfo.c b/lib/getinfo.c index 6a4e72e..80ca264 100644 --- a/lib/getinfo.c +++ b/lib/getinfo.c @@ -288,6 +288,8 @@ static CURLcode getinfo_slist(struct SessionHandle *data, CURLINFO info, tlsinfo->ssl_backend = CURLSSLBACKEND_NONE; tlsinfo->internals = NULL; + if(conn == NULL) + break; /* Find the active ("in use") SSL connection, if any */ while((sockindex < sizeof(conn->ssl) / sizeof(conn->ssl[0])) && (!conn->ssl[sockindex].use)) -- 1.7.10.4
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
