generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

SSL: implement public key pinning

Browse Source 
Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).

Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().

Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der
This commit is contained in:
moparisthebest
2014-09-30 22:31:17 -04:00
committed by Daniel Stenberg
parent d1b56d0043
commit 93e450793c
20 changed files with 311 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/strerror.c
View File

@@ -298,6 +298,9 @@ curl_easy_strerror(CURLcode error)
case CURLE_NO_CONNECTION_AVAILABLE:
return "The max connection limit is reached";
case CURLE_SSL_PINNEDPUBKEYNOTMATCH:
return "SSL public key does not matched pinned public key";
/* error codes not used by current libcurl */
case CURLE_OBSOLETE20:
case CURLE_OBSOLETE24: