Am 04.11.2024 um 20:42 schrieb Dmitry Karpov via curl-library
<[email protected]>:
>
> Getting SSL* is a little bit tricky and hacky, so you need to be careful as
> libcurl doesn't provide a direct way to get OpenSSL handle
> and discourages from using it directly, especially for SSL_read/SSL_write as
> it may break how libcurl protocol filters work.
>
> But if you really need to go that path and planning to use SSL* only for
> extracting some certificate info,
> then here are the steps which you can try:
Thanks a lot for the suggestion!
> 3. In the SSL verify peer callback, you can get the SSL handle like:
>
> static int sslVerifyCallback(int valid_sig, X509_STORE_CTX* ctx) {
> auto ssl = (SSL*)(X509_STORE_CTX_get_ex_data(ctx,
> SSL_get_ex_data_X509_STORE_CTX_idx()));
> ...
> // Extract additional certificate info using OpenSSL API.
> ...
> }
Wouldn't this defeat the built-in peer verification?
Thanks,
Patrick
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
