Hi, I'm making an app that's using public key pinning, and it would be very helpful to have programmatic access to the pubkey fingerprint. The app currently has a huge and horrible mountain of platform- and backend-specific code that extracts the public key fingerprint from the TLS backend before calculating the exact same fingerprint as curl does in Curl_pin_peer_pubkey.
It would be a lot more elegant if there were an option to get the pubkey fingerprint directly, using the same pattern as CURLOPT_CERTINFO / CURLINFO_CERTINFO. Suggesting this addition to the curl APIs: CURLOPT(CURLOPT_PUBKEY_FINGERPRINT, CURLOPTTYPE_LONG, 309), CURLINFO_PUBKEY_FINGERPRINT = CURLINFO_STRING + 60, After refactoring all the TLS backends to extract the code that calculates the pubkey fingerprint, this implementation should be fairly trivial. Comments? Patches accepted? Smiles, -- Morten Minde Neergaard ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
