xref: /curl/docs/libcurl/opts/CURLINFO_CERTINFO.md (revision e3fe0200) 
1---
2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
3SPDX-License-Identifier: curl
4Title: CURLINFO_CERTINFO
5Section: 3
6Source: libcurl
7See-also:
8  - CURLINFO_CAPATH (3)
9  - curl_easy_getinfo (3)
10  - curl_easy_setopt (3)
11Protocol:
12  - TLS
13TLS-backend:
14  - OpenSSL
15  - GnuTLS
16  - Schannel
17  - Secure Transport
18---
19
20# NAME
21
22CURLINFO_CERTINFO - get the TLS certificate chain
23
24# SYNOPSIS
25
26~~~c
27#include <curl/curl.h>
28
29CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_CERTINFO,
30                           struct curl_certinfo **chainp);
31~~~
32
33# DESCRIPTION
34
35Pass a pointer to a *struct curl_certinfo ** and it is set to point to a
36struct that holds info about the server's certificate chain, assuming you had
37CURLOPT_CERTINFO(3) enabled when the request was made.
38
39~~~c
40struct curl_certinfo {
41  int num_of_certs;
42  struct curl_slist **certinfo;
43};
44~~~
45
46The *certinfo* struct member is an array of linked lists of certificate
47information. The *num_of_certs* struct member is the number of certificates
48which is the number of elements in the array. Each certificate's list has
49items with textual information in the format "name:content" such as
50"Subject:Foo", "Issuer:Bar", etc. The items in each list varies depending on
51the SSL backend and the certificate.
52
53# EXAMPLE
54
55~~~c
56int main(void)
57{
58  CURL *curl = curl_easy_init();
59  if(curl) {
60    CURLcode res;
61    curl_easy_setopt(curl, CURLOPT_URL, "https://www.example.com/");
62
63    /* connect to any HTTPS site, trusted or not */
64    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
65    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
66
67    curl_easy_setopt(curl, CURLOPT_CERTINFO, 1L);
68
69    res = curl_easy_perform(curl);
70
71    if(!res) {
72      int i;
73      struct curl_certinfo *ci;
74      res = curl_easy_getinfo(curl, CURLINFO_CERTINFO, &ci);
75
76      if(!res) {
77        printf("%d certs!\n", ci->num_of_certs);
78
79        for(i = 0; i < ci->num_of_certs; i++) {
80          struct curl_slist *slist;
81
82          for(slist = ci->certinfo[i]; slist; slist = slist->next)
83            printf("%s\n", slist->data);
84        }
85      }
86    }
87    curl_easy_cleanup(curl);
88  }
89}
90~~~
91
92See also the *certinfo.c* example.
93
94# AVAILABILITY
95
96This option is only working in libcurl built with OpenSSL, GnuTLS, Schannel or
97Secure Transport. GnuTLS support added in 7.42.0. Schannel support added in
987.50.0. Secure Transport support added in 7.79.0.
99
100Added in 7.19.1
101
102# RETURN VALUE
103
104Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
105