1--- 2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3SPDX-License-Identifier: curl 4Title: CURLINFO_CERTINFO 5Section: 3 6Source: libcurl 7See-also: 8 - CURLINFO_CAPATH (3) 9 - curl_easy_getinfo (3) 10 - curl_easy_setopt (3) 11Protocol: 12 - TLS 13TLS-backend: 14 - OpenSSL 15 - GnuTLS 16 - Schannel 17 - Secure Transport 18--- 19 20# NAME 21 22CURLINFO_CERTINFO - get the TLS certificate chain 23 24# SYNOPSIS 25 26~~~c 27#include <curl/curl.h> 28 29CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_CERTINFO, 30 struct curl_certinfo **chainp); 31~~~ 32 33# DESCRIPTION 34 35Pass a pointer to a *struct curl_certinfo ** and it is set to point to a 36struct that holds info about the server's certificate chain, assuming you had 37CURLOPT_CERTINFO(3) enabled when the request was made. 38 39~~~c 40struct curl_certinfo { 41 int num_of_certs; 42 struct curl_slist **certinfo; 43}; 44~~~ 45 46The *certinfo* struct member is an array of linked lists of certificate 47information. The *num_of_certs* struct member is the number of certificates 48which is the number of elements in the array. Each certificate's list has 49items with textual information in the format "name:content" such as 50"Subject:Foo", "Issuer:Bar", etc. The items in each list varies depending on 51the SSL backend and the certificate. 52 53# EXAMPLE 54 55~~~c 56int main(void) 57{ 58 CURL *curl = curl_easy_init(); 59 if(curl) { 60 CURLcode res; 61 curl_easy_setopt(curl, CURLOPT_URL, "https://www.example.com/"); 62 63 /* connect to any HTTPS site, trusted or not */ 64 curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); 65 curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); 66 67 curl_easy_setopt(curl, CURLOPT_CERTINFO, 1L); 68 69 res = curl_easy_perform(curl); 70 71 if(!res) { 72 int i; 73 struct curl_certinfo *ci; 74 res = curl_easy_getinfo(curl, CURLINFO_CERTINFO, &ci); 75 76 if(!res) { 77 printf("%d certs!\n", ci->num_of_certs); 78 79 for(i = 0; i < ci->num_of_certs; i++) { 80 struct curl_slist *slist; 81 82 for(slist = ci->certinfo[i]; slist; slist = slist->next) 83 printf("%s\n", slist->data); 84 } 85 } 86 } 87 curl_easy_cleanup(curl); 88 } 89} 90~~~ 91 92See also the *certinfo.c* example. 93 94# AVAILABILITY 95 96This option is only working in libcurl built with OpenSSL, GnuTLS, Schannel or 97Secure Transport. GnuTLS support added in 7.42.0. Schannel support added in 987.50.0. Secure Transport support added in 7.79.0. 99 100Added in 7.19.1 101 102# RETURN VALUE 103 104Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. 105