It still works for mine, but I am still using 8.6.0 version where it is used
(in some very special environment).
So, I am not sure about the latest libcurl versions.
It is really a hack, so it may have some unintended consequences.
(I forgot to mention that the sslVerifyCallback() should return 1)
I guess you just need to try it and see if it works in your particular case.
Thanks,
Dmitry Karpov
-----Original Message-----
From: Patrick Schlangen <patr...@schlangen.me>
Sent: Monday, November 4, 2024 11:51 AM
To: libcurl development <curl-library@lists.haxx.se>
Cc: Dmitry Karpov <dkar...@roku.com>
Subject: [EXTERNAL] Re: Get SSL handle after connection has been established
Am 04.11.2024 um 20:42 schrieb Dmitry Karpov via curl-library
<curl-library@lists.haxx.se>:
>
> Getting SSL* is a little bit tricky and hacky, so you need to be
> careful as libcurl doesn't provide a direct way to get OpenSSL handle and
> discourages from using it directly, especially for SSL_read/SSL_write as it
> may break how libcurl protocol filters work.
>
> But if you really need to go that path and planning to use SSL* only
> for extracting some certificate info, then here are the steps which you can
> try:
Thanks a lot for the suggestion!
> 3. In the SSL verify peer callback, you can get the SSL handle like:
>
> static int sslVerifyCallback(int valid_sig, X509_STORE_CTX* ctx) {
> auto ssl = (SSL*)(X509_STORE_CTX_get_ex_data(ctx,
> SSL_get_ex_data_X509_STORE_CTX_idx()));
> ...
> // Extract additional certificate info using OpenSSL API.
> ...
> }
Wouldn't this defeat the built-in peer verification?
Thanks,
Patrick
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
