]> git.ipfire.org Git - thirdparty/curl.git/commit
projects / thirdparty / curl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d1b56d0) | patch
SSL: implement public key pinning
authormoparisthebest <admin@moparisthebest.com>
Wed, 1 Oct 2014 02:31:17 +0000 (22:31 -0400)
committerDaniel Stenberg <daniel@haxx.se>
Tue, 7 Oct 2014 12:44:19 +0000 (14:44 +0200)
commit93e450793ce289925dfd1d5e3b2d14e781f8dfd4
tree3ceea898922e067a4a692204f6388ab633deebeftree | snapshot
parentd1b56d00439ab26d7fc43e37ab18ae331ddc400dcommit | diff
SSL: implement public key pinning

Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).

Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().

Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der
20 files changed:
docs/curl.1 diff | blob | blame | history
docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 [new file with mode: 0644] blob
docs/libcurl/symbols-in-versions diff | blob | blame | history
include/curl/curl.h diff | blob | blame | history
lib/strerror.c diff | blob | blame | history
lib/url.c diff | blob | blame | history
lib/urldata.h diff | blob | blame | history
lib/vtls/openssl.c diff | blob | blame | history
src/tool_cfgable.c diff | blob | blame | history
src/tool_cfgable.h diff | blob | blame | history
src/tool_getparam.c diff | blob | blame | history
src/tool_help.c diff | blob | blame | history
src/tool_operate.c diff | blob | blame | history
tests/certs/Server-localhost-sv.pub.der [new file with mode: 0644] blob
tests/certs/Server-localhost.nn-sv.pub.der [new file with mode: 0644] blob
tests/certs/Server-localhost0h-sv.pub.der [new file with mode: 0644] blob
tests/certs/scripts/genserv.sh diff | blob | blame | history
tests/data/Makefile.am diff | blob | blame | history
tests/data/test2034 [new file with mode: 0644] blob
tests/data/test2035 [new file with mode: 0644] blob
Mirror of https://github.com/curl/curl.git