NSS: support for CERTINFO feature

.\" *                            | (__| |_| |  _ <| |___

.\" *                             \___|\___/|_| \_\_____|

.\" *

.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.

.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.

.\" *

.\" * This software is licensed as described in the file COPYING, which

.\" * you should have received as part of this distribution. The terms

for each of those certs by following the linked lists. The info chain is

provided in a series of data in the format "name:content" where the content is

for the specific named data. See also the certinfo.c example. NOTE: this

option is only available in libcurl built with OpenSSL support. (Added in

7.19.1)

option is only available in libcurl built with OpenSSL, NSS, GSKit or QsoSSL

support. (Added in 7.19.1)

.IP CURLINFO_CONDITION_UNMET

Pass a pointer to a long to receive the number 1 if the condition provided in

the previous request didn't match (see \fICURLOPT_TIMECONDITION\fP). Alas, if

.IP CURLOPT_CERTINFO

Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With

this enabled, libcurl (if built with OpenSSL) will extract lots of information

this enabled, libcurl (if built with OpenSSL, NSS, GSKit or QsoSSL) will

extract lots of information

and data about the certificates in the certificate chain used in the SSL

connection. This data is then possible to extract after a transfer using

connection. This data may then be retrieved after a transfer using

\fIcurl_easy_getinfo(3)\fP and its option \fICURLINFO_CERTINFO\fP. (Added in

7.19.1)

.IP CURLOPT_RANDOM_FILE

#include "curl_setup.h"

#if defined(USE_SSLEAY) || defined(USE_AXTLS) || defined(USE_QSOSSL) || \

    defined(USE_GSKIT)

    defined(USE_GSKIT) || defined(USE_NSS)

/* these backends use functions from this file */

#include "hostcheck.h"

  return 0;

}

#endif /* SSLEAY or AXTLS or QSOSSL or GSKIT */

#endif /* SSLEAY or AXTLS or QSOSSL or GSKIT or NSS */

  SSLChannelInfo channel;

  SSLCipherSuiteInfo suite;

  CERTCertificate *cert;

  CERTCertificate *cert2;

  CERTCertificate *cert3;

  PRTime now;

  int i;

  if(SSL_GetChannelInfo(sock, &channel, sizeof channel) ==

     SECSuccess && channel.length == sizeof channel &&

    }

  }

  cert = SSL_PeerCertificate(sock);

  if(cert) {

    infof(conn->data, "Server certificate:\n");

  cert = SSL_PeerCertificate(sock);

    if(!conn->data->set.ssl.certinfo) {

      display_cert_info(conn->data, cert);

      CERT_DestroyCertificate(cert);

    }

    else {

      /* Count certificates in chain. */

      now = PR_Now();

      i = 1;

      if(!cert->isRoot) {

        cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);

        while(cert2) {

          i++;

          if(cert2->isRoot) {

            CERT_DestroyCertificate(cert2);

            break;

          }

          cert3 = CERT_FindCertIssuer(cert2, now, certUsageSSLCA);

          CERT_DestroyCertificate(cert2);

          cert2 = cert3;

        }

      }

      Curl_ssl_init_certinfo(conn->data, i);

      for(i = 0; cert; cert = cert2) {

        Curl_extract_certinfo(conn, i++, cert->derCert.data,

                              cert->derCert.data + cert->derCert.len);

        if(cert->isRoot) {

          CERT_DestroyCertificate(cert);

          break;

        }

        cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);

        CERT_DestroyCertificate(cert);

      }

    }

  }

  return;

}

    data->set.ssl.fsslctxp = va_arg(param, void *);

    break;

#endif

#if defined(USE_SSLEAY) || defined(USE_QSOSSL) || defined(USE_GSKIT)

#if defined(USE_SSLEAY) || defined(USE_QSOSSL) || defined(USE_GSKIT) || \

    defined(USE_NSS)

  case CURLOPT_CERTINFO:

    data->set.ssl.certinfo = (0 != va_arg(param, long))?TRUE:FALSE;

    break;