Comments (10)
I will agree that it would be useful to allow this to get extracted even when the check fails. You feel like taking a shot at a patch for that?
from curl.
Yes, I think I do. Any tips or guidance for this particular spot?
from curl.
Not really, i can't recall the exact reason why it ended up in that place within the handshake but a first try would be to just change where the call is made to instead be done before the certificate check is made.
from curl.
Ok, thanks, Should I also add a command line option (--showCertChain ) to the tool?
from curl.
That'd be great!
from curl.
Unfortunately, OpenSSL does not keep certificate chain info when verification fails (see ssl3_get_server_certificate in openssl). So implementing this feature is impossible without changes to openssl
from curl.
Ok, but isn't it possible to extract it before it fails then?
from curl.
No. Certificate chain is kept inside openssl and and never assigned to anything visible from outside.
from curl.
If you set CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST to 0 (like with --insecure) then you can still get the certs dumped without verification.
So what if we for example just stored the failed verification status and didn't react on it until after the certinfo is extracted?
from curl.
Dead
from curl.
Related Issues (20)
- clang-cl warnings in 'vtls/bearssl.c'
- NTLM authentication failing on Linux unless --http2 is specified HOT 3
- HTTP/2 libcurl regression HOT 5
- clang-cl warning in 'http/clients/ws-data.c' HOT 4
- Change in behavior for --remote-header-name HOT 2
- HAVE_STRUCT_TIMEVAL fails on Ubuntu 22.04 when it shouldn't HOT 4
- Bad order of linker arguments HOT 6
- curl 7.88.1-10+deb12u5 fails to download with tftp HOT 5
- mbedtls: trace with double-lines HOT 3
- About "add_custom_target(man ALL DEPENDS ${man_MANS})" HOT 10
- Write function callback is called twice after resume transfer and return CURL_WRITEFUNC_ERROR HOT 19
- File descriptor leakage HOT 11
- File descriptor leakage with multi handle and c-ares HOT 14
- mutli-thread crash with curl_share setting CURL_LOCK_DATA_CONNECT? HOT 4
- Test cases sometimes timeout HOT 3
- aws-sigv4 failing to calculate the right signature when using "content-type: multipart/form-data" HOT 7
- utf8 in powershell core HOT 8
- Having error alert when ./configure curl in a folder with an ".app" extension on macOS 14 HOT 3
- Please support setting adjustment algorithm sequence HOT 2
- `curl_multi_perform` not updating `running_handles` after redirection success HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from curl.