Name: curl
Owner: ZmartZone IAM
Description: Experimental Token Binding support for libcurl and curl
Forked from: curl/curl
Created: 2017-07-24 14:16:22.0
Updated: 2017-07-24 14:55:57.0
Pushed: 2017-07-24 19:41:26.0
Size: 46731
Language: C
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
This is a quick-and-dirty proof-of-concept to add Token Binding support to libcurl
and curl
.
Type make
in the docker
subdirectory to create a Docker image that builds and runs token-binding-enabled curl with all dependencies against a public test site.
token_bind
source tree and create symbolic links in lib/vtls
to the following files:token_bind_client.c
token_bind_common.c
cbs.c
cbb.c
base64.c
reconf --force --install && rm -rf autom4te.cache/
nfigure --with-ssl=/usr/local --with-token-binding=<full_path_to_source>/token_bind
&& make install
/local/bin/curl -v https://www.zmartzone.eu:4433
Confirm that the Sec-Token-Binding
header is present in the request and the Provided-Token-Binding-Id
is in the JSON response (as a forwarded header).
sr/local/bin/curl -v https://www.zmartzone.eu:4433
built URL to: https://www.zmartzone.eu:4433/
Trying 2001:470:78f6::1:1...
P_NODELAY set
Trying 82.74.246.215...
P_NODELAY set
nnected to www.zmartzone.eu (82.74.246.215) port 4433 (#0)
PN, offering http/1.1
pher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
ccessfully set certificate verify locations:
CAfile: /etc/ssl/cert.pem
path: none
Sv1.2 (OUT), TLS handshake, Client hello (1):
Sv1.2 (IN), TLS handshake, Server hello (2):
Sv1.2 (IN), TLS handshake, Certificate (11):
Sv1.2 (IN), TLS handshake, Server key exchange (12):
Sv1.2 (IN), TLS handshake, Server finished (14):
Sv1.2 (OUT), TLS handshake, Client key exchange (16):
Sv1.2 (OUT), TLS change cipher, Client hello (1):
Sv1.2 (OUT), TLS handshake, Finished (20):
Sv1.2 (IN), TLS handshake, Finished (20):
L connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
Connection negotiated token binding with key type: EC-DSA-P256
PN, server accepted to use http/1.1
rver certificate:
ubject: CN=www.zmartzone.eu
tart date: Apr 28 04:34:00 2017 GMT
xpire date: Jul 27 04:34:00 2017 GMT
ubjectAltName: host "www.zmartzone.eu" matched cert's "www.zmartzone.eu"
ssuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
SL certificate verify ok.
T / HTTP/1.1
st: www.zmartzone.eu:4433
er-Agent: curl/7.55.0-DEV
cept: */*
c-Token-Binding: AIkAAgBBQJe7TnJp7kp4TcH5Z4CkKWFsMew-kkv5lT8zBk1m8bKQpdIA5jC_e58IbHRIX3FYzP8H2cEU3OIDEwc9QTyLziMAQNBH5GNsKh3kL-KohbCHp7ov1VSQBvrYoa-2MdX0xWHLaiOGJ4rgjAZ13VHGpIlEAVdV1lvRn_1-xT0VZ_vixQ4AAA
TP/1.1 200 OK
te: Mon, 24 Jul 2017 14:30:05 GMT
rver: meinheld/0.6.1
ntent-Type: application/json
cess-Control-Allow-Origin: *
cess-Control-Allow-Credentials: true
Powered-By: Flask
Processed-Time: 0.000769853591919
ntent-Length: 444
a: 1.1 vegur
eaders": {
"Accept": "*/*",
"Connection": "close",
"Host": "httpbin.org",
"Provided-Token-Binding-Id": "AgBBQJe7TnJp7kp4TcH5Z4CkKWFsMew-kkv5lT8zBk1m8bKQpdIA5jC_e58IbHRIX3FYzP8H2cEU3OIDEwc9QTyLziM",
"Token-Binding-Context": "AA0CEQqn602uM8WDsUFc8Hdsm2dpv1nnGa1lpvguUlPBbK8",
"User-Agent": "curl/7.55.0-DEV",
"X-Forwarded-Host": "www.zmartzone.eu:4433",
"X-Forwarded-Server": "www.zmartzone.eu"
nnection #0 to host www.zmartzone.eu left intact
Curl is a command-line tool for transferring data specified with URL syntax. Find out how to use curl by reading the curl.1 man page or the MANUAL document. Find out how to install Curl by reading the INSTALL document.
libcurl is the library curl is using to do its job. It is readily available to be used by your software. Read the libcurl.3 man page to learn how!
You find answers to the most frequent questions we get in the FAQ document.
Study the COPYING file for distribution terms and similar. If you distribute curl binaries or other binaries that involve libcurl, you might enjoy the LICENSE-MIXING document.
If you have problems, questions, ideas or suggestions, please contact us by posting to a suitable mailing list.
All contributors to the project are listed in the THANKS document.
Visit the curl web site for the latest news and downloads.
To download the very latest source off the Git server do this:
git clone https://github.com/curl/curl.git
(you'll get a directory named curl created, filled with the source code)
Curl contains pieces of source code that is Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan. This notice is included here to comply with the distribution terms.