How can I get SSL server certificate info from libcurl when a handshake fails?
For the server, using a cert that will fail verification for example: socat openssl-listen:4433,reuseaddr,cert=fail.pem,verify=0,fork - For the client, using libcurl 7.33.0: curl_easy_setopt(curl, CURLOPT_VERBOSE, 1); curl_easy_setopt(curl, CURLOPT_CERTINFO, 1); curl_easy_setopt(curl, CURLOPT_URL, "https://localhost:4433/";); curl_easy_perform() will return CURLE_SSL_CACERT. I thought I could get the certificate info by requesting it using CURLINFO_CERTINFO (ref http://curl.haxx.se/libcurl/c/certinfo.html) but that's doesn't work: * Adding handle: conn: 0x1d55a60 * Adding handle: send: 0 * Adding handle: recv: 0 * Curl_addHandleToPipeline: length: 1 * - Conn 0 (0x1d55a60) send_pipe: 1, recv_pipe: 0 * About to connect() to localhost port 4433 (#0) * Trying 127.0.0.1... * Connected to localhost (127.0.0.1) port 4433 (#0) * SSL certificate problem: self signed certificate * Closing connection 0 0 certs! When the VERIFY options are disabled I can get those certificates. I don't want to disable verification but I do want to record the certificate chain if verification (or anything else, really) fails. Is that possible using libcurl? Thanks
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
