SSL: implement public key pinning

Browse Source

Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).

Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().

Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der

...

This commit is contained in:

moparisthebest

2014-09-30 22:31:17 -04:00

committed by Daniel Stenberg

parent d1b56d0043

commit 93e450793c

20 changed files with 311 additions and 2 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

BIN

tests/certs/Server-localhost0h-sv.pub.der Normal file

Binary file not shown.