1/***************************************************************************
2 *                                  _   _ ____  _
3 *  Project                     ___| | | |  _ \| |
4 *                             / __| | | | |_) | |
5 *                            | (__| |_| |  _ <| |___
6 *                             \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * SPDX-License-Identifier: curl
22 *
23 ***************************************************************************/
24/* <DESC>
25 * Uses the CURLINFO_TLS_SESSION data.
26 * </DESC>
27 */
28
29/* Note that this example currently requires curl to be linked against
30   GnuTLS (and this program must also be linked against -lgnutls). */
31
32#include <stdio.h>
33
34#include <curl/curl.h>
35#include <gnutls/gnutls.h>
36#include <gnutls/x509.h>
37
38static CURL *curl;
39
40static size_t wrfu(void *ptr, size_t size, size_t nmemb, void *stream)
41{
42  const struct curl_tlssessioninfo *info;
43  unsigned int cert_list_size;
44  const gnutls_datum_t *chainp;
45  CURLcode res;
46
47  (void)stream;
48  (void)ptr;
49
50  res = curl_easy_getinfo(curl, CURLINFO_TLS_SESSION, &info);
51
52  if(!res) {
53    switch(info->backend) {
54    case CURLSSLBACKEND_GNUTLS:
55      /* info->internals is now the gnutls_session_t */
56      chainp = gnutls_certificate_get_peers(info->internals, &cert_list_size);
57      if((chainp) && (cert_list_size)) {
58        unsigned int i;
59
60        for(i = 0; i < cert_list_size; i++) {
61          gnutls_x509_crt_t cert;
62          gnutls_datum_t dn;
63
64          if(GNUTLS_E_SUCCESS == gnutls_x509_crt_init(&cert)) {
65            if(GNUTLS_E_SUCCESS ==
66               gnutls_x509_crt_import(cert, &chainp[i], GNUTLS_X509_FMT_DER)) {
67              if(GNUTLS_E_SUCCESS ==
68                 gnutls_x509_crt_print(cert, GNUTLS_CRT_PRINT_FULL, &dn)) {
69                fprintf(stderr, "Certificate #%u: %.*s", i, dn.size, dn.data);
70
71                gnutls_free(dn.data);
72              }
73            }
74
75            gnutls_x509_crt_deinit(cert);
76          }
77        }
78      }
79      break;
80    case CURLSSLBACKEND_NONE:
81    default:
82      break;
83    }
84  }
85
86  return size * nmemb;
87}
88
89int main(void)
90{
91  curl_global_init(CURL_GLOBAL_DEFAULT);
92
93  curl = curl_easy_init();
94  if(curl) {
95    curl_easy_setopt(curl, CURLOPT_URL, "https://www.example.com/");
96
97    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, wrfu);
98
99    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
100    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
101
102    curl_easy_setopt(curl, CURLOPT_VERBOSE, 0L);
103
104    (void) curl_easy_perform(curl);
105
106    curl_easy_cleanup(curl);
107  }
108
109  curl_global_cleanup();
110
111  return 0;
112}
113