#69 [Feature request] add curl options --fingerprint and --fingerprint-sha256 --fingerprint-sha1 --fingerprint-md5

[Wikinaut]

when making a curl connection I suggest - because this appears to be missing - a new option for showing the fingerprint

--show-fingerprint-sha256
--show-fingerprint-sha1
--show-fingerprint-md5

results in curl outputting the corresponding fingerprint/s

--show-fingerprint

results in all three fingerprint formats being outputted

I suggest - because this appears to be missing - a new option with which the

• server certificate FINGERPRINT and
• certificate authority information

can be directly retrieved using the above mentioned methods (SHA256, SHA1, MD5)

• with a libcurl (php curl option)
• curl commandline parameter

[Wikinaut]

I propose that the output is the same as this command (if curl is using openssl):

Example for SHA-1

echo -n | openssl s_client -connect www.google.org:443 2>/dev/null | sed -n "/BEGIN CERTIFICATE/,/END CERTIFICATE/p" | openssl x509 -fingerprint -sha1 -noout

For those who need it, in the meantime I wrote a

Tiny PHP certificate viewer "MySimpleCertViewer"

(source code https://github.com/Wikinaut/MySimpleCertViewer )

which can be used as a starting point when you want to bake your own code to inspect certificates until curl supports this, too.

[Lluís Batlle i Rossell]

I just logged wanted to ask for this. I'd like to be able to check the remote certificate by fingerprint, and not only by the usual x509 ca check.

Most browsers offer a way of seeing a certificate fingerprint. Firefox shows SHA1 and MD5 fingerprints.