Commit Graph

10 Commits

Author SHA1 Message Date
moparisthebest
be1a505189 SSL: Add PEM format support for public key pinning 2014-11-24 19:30:09 +01:00
moparisthebest
93e450793c SSL: implement public key pinning
Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).

Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().

Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der
2014-10-07 14:44:19 +02:00
Yang Tse
7ab3ae0bf0 commit bc682cbd follow-up 2013-01-15 19:54:47 +01:00
Yang Tse
bc682cbd3e tests/Makefile.am: remove wildcard usage in EXTRA_DIST 2013-01-15 16:31:48 +01:00
Quinn Slack
59cf93ccdb TLS-SRP: support added when using GnuTLS 2011-01-19 20:35:02 +01:00
Kamil Dudka
99179da4cc tests/certs: re-generated because of lost pass-phrase 2010-05-27 23:39:54 +02:00
Kamil Dudka
645bdd837a tests/certs/scripts: generate also CRL
... and make it possible to do so without any user interaction
2010-05-27 23:33:19 +02:00
Yang Tse
a07bc79117 removed trailing whitespace 2010-02-14 19:40:18 +00:00
Yang Tse
4d922545d5 - Added Diffie-Hellman parameters to several test harness certificate files in
PEM format. Required by several stunnel versions used by our test harness.
2009-11-28 10:01:21 +00:00
Daniel Stenberg
e73fe837a8 - Peter Sylvester made the HTTPS test server use specific certificates for
each test, so that the test suite can now be used to actually test the
  verification of cert names etc. This made an error show up in the OpenSSL-
  specific code where it would attempt to match the CN field even if a
  subjectAltName exists that doesn't match. This is now fixed and verified
  in test 311.
2009-08-11 21:48:58 +00:00