On 2/26/2021 4:10 PM, Morten Minde Neergaard via curl-library wrote:
I'm making an app that's using public key pinning, and it would be very
helpful to have programmatic access to the pubkey fingerprint. The app
currently has a huge and horrible mountain of platform- and
backend-specific code that extracts the public key fingerprint from the
TLS backend before calculating the exact same fingerprint as curl does
in Curl_pin_peer_pubkey.
It would be a lot more elegant if there were an option to get the pubkey
fingerprint directly, using the same pattern as CURLOPT_CERTINFO /
CURLINFO_CERTINFO. Suggesting this addition to the curl APIs:
CURLOPT(CURLOPT_PUBKEY_FINGERPRINT, CURLOPTTYPE_LONG, 309),
CURLINFO_PUBKEY_FINGERPRINT = CURLINFO_STRING + 60,
After refactoring all the TLS backends to extract the code that
calculates the pubkey fingerprint, this implementation should be fairly
trivial.
Comments? Patches accepted?
Is this not provided by certinfo already? If not I think it would be
easier to add it there in a separate line, pubkey:asdf
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
