1CURLINFO_TLS_SSL_PTR(3)    curl_easy_getinfo options   CURLINFO_TLS_SSL_PTR(3)
2
3
4

NAME

6       CURLINFO_TLS_SESSION, CURLINFO_TLS_SSL_PTR - get TLS session info
7

SYNOPSIS

9       #include <curl/curl.h>
10
11       CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_TLS_SSL_PTR,
12                                  struct curl_tlssessioninfo **session);
13
14       /* if you need compatibility with libcurl < 7.48.0 use
15          CURLINFO_TLS_SESSION instead: */
16
17       CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_TLS_SESSION,
18                                  struct curl_tlssessioninfo **session);
19

DESCRIPTION

21       Pass  a  pointer to a 'struct curl_tlssessioninfo *'.  The pointer will
22       be initialized to refer to a 'struct curl_tlssessioninfo *'  that  will
23       contain an enum indicating the SSL library used for the handshake and a
24       pointer to the respective internal TLS session structure of this under‐
25       lying SSL library.
26
27       This  option  may be useful for example to extract certificate informa‐
28       tion in a format convenient for further processing, such as manual val‐
29       idation. Refer to the LIMITATIONS section.
30
31       struct curl_tlssessioninfo {
32         curl_sslbackend backend;
33         void *internals;
34       };
35
36       The backend struct member is one of the defines in the CURLSSLBACKEND_*
37       series:  CURLSSLBACKEND_NONE  (when   built   without   TLS   support),
38       CURLSSLBACKEND_CYASSL, CURLSSLBACKEND_DARWINSSL, CURLSSLBACKEND_GNUTLS,
39       CURLSSLBACKEND_GSKIT,    CURLSSLBACKEND_MBEDTLS,    CURLSSLBACKEND_NSS,
40       CURLSSLBACKEND_OPENSSL,  CURLSSLBACKEND_POLARSSL, CURLSSLBACKEND_SCHAN‐
41       NEL or CURLSSLBACKEND_MESALINK. (Note that the OpenSSL  forks  are  all
42       reported as just OpenSSL here.)
43
44       The  internals  struct  member  will  point  to  a TLS library specific
45       pointer for the active ("in use") SSL connection,  with  the  following
46       underlying types:
47
48              GnuTLS gnutls_session_t
49
50              gskit  gsk_handle
51
52              NSS    PRFileDesc *
53
54              OpenSSL
55                     CURLINFO_TLS_SESSION: SSL_CTX *
56
57                     CURLINFO_TLS_SSL_PTR: SSL *
58       Since 7.48.0 the internals member can point to these other SSL backends
59       as well:
60
61              mbedTLS
62                     mbedtls_ssl_context *
63
64              PolarSSL
65                     ssl_context *
66
67              Secure Channel
68                     CtxtHandle *
69
70              Secure Transport (DarwinSSL)
71                     SSLContext *
72
73              WolfSSL (formerly CyaSSL)
74                     SSL *
75
76              MesaLink
77                     SSL *
78
79       If the internals pointer is NULL then either the  SSL  backend  is  not
80       supported,  an  SSL session has not yet been established or the connec‐
81       tion is no longer associated with the easy handle (eg curl_easy_perform
82       has returned).
83

LIMITATIONS

85       This  option  has  some  limitations  that could make it unsafe when it
86       comes to the manual verification of certificates.
87
88       This option only retrieves the first in-use  SSL  session  pointer  for
89       your  easy  handle, however your easy handle may have more than one in-
90       use SSL session if using FTP over SSL. That is because the FTP protocol
91       has  a  control  channel and a data channel and one or both may be over
92       SSL. Currently there is no way to retrieve a second in-use SSL  session
93       associated with an easy handle.
94
95       This  option  has  not  been thoroughly tested with plaintext protocols
96       that can be upgraded/downgraded to/from SSL: FTP, SMTP, POP3, IMAP when
97       used  with  CURLOPT_USE_SSL(3). Though you will be able to retrieve the
98       SSL pointer, it's possible that before you can do that data  (including
99       auth)  may  have  already  been  sent  over  a  connection after it was
100       upgraded.
101
102       Renegotiation. If unsafe renegotiation or renegotiation in a  way  that
103       the  certificate  is  allowed  to change is allowed by your SSL library
104       this may occur and the certificate may change, and data may continue to
105       be  sent or received after renegotiation but before you are able to get
106       the (possibly) changed SSL pointer, with the  (possibly)  changed  cer‐
107       tificate information.
108
109       If  you  are  using OpenSSL or wolfSSL then CURLOPT_SSL_CTX_FUNCTION(3)
110       can be used to set a certificate verification callback in the CTX. That
111       is  safer  than  using  this option to poll for certificate changes and
112       doesn't suffer from any of the problems above. There  is  currently  no
113       way  in  libcurl to set a verification callback for the other SSL back‐
114       ends.
115
116       How are you using this option? Are you affected by any of these limita‐
117       tions?     Please    let    us    know   by   making   a   comment   at
118       https://github.com/curl/curl/issues/685
119

PROTOCOLS

121       All TLS-based
122

EXAMPLE

124       #include <curl/curl.h>
125       #include <openssl/ssl.h>
126
127       CURL *curl;
128       static size_t wf(void *ptr, size_t size, size_t nmemb, void *stream)
129       {
130         const struct curl_tlssessioninfo *info = NULL;
131         CURLcode res = curl_easy_getinfo(curl, CURLINFO_TLS_SSL_PTR, &info);
132         if(info && !res) {
133           if(CURLSSLBACKEND_OPENSSL == info->backend) {
134              printf("OpenSSL ver. %s\n", SSL_get_version((SSL*)info->internals));
135           }
136         }
137         return size * nmemb;
138       }
139
140       int main(int argc, char** argv)
141       {
142         CURLcode res;
143         curl = curl_easy_init();
144         if(curl) {
145           curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
146           curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, wf);
147           res = curl_easy_perform(curl);
148           curl_easy_cleanup(curl);
149         }
150         return res;
151       }
152

AVAILABILITY

154       Added in 7.48.0.
155
156       This option  supersedes  CURLINFO_TLS_SESSION(3)  which  was  added  in
157       7.34.0.   This  option is exactly the same as that option except in the
158       case of OpenSSL.
159

RETURN VALUE

161       Returns CURLE_OK if the option is supported,  and  CURLE_UNKNOWN_OPTION
162       if not.
163

SEE ALSO

165       curl_easy_getinfo(3), curl_easy_setopt(3), CURLINFO_TLS_SESSION(3),
166
167
168
169libcurl 7.64.0                 January 29, 2019        CURLINFO_TLS_SSL_PTR(3)
Impressum