mirror of
https://github.com/moparisthebest/curl
synced 2025-01-11 05:58:01 -05:00
parent
7ea2e1d0c5
commit
182ff2d63c
@ -3635,18 +3635,15 @@ static CURLcode create_conn(struct Curl_easy *data,
|
||||
data->set.proxy_ssl.primary.cert_blob = data->set.blobs[BLOB_CERT_PROXY];
|
||||
data->set.proxy_ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_PROXY];
|
||||
data->set.proxy_ssl.issuercert = data->set.str[STRING_SSL_ISSUERCERT_PROXY];
|
||||
data->set.proxy_ssl.cert = data->set.str[STRING_CERT_PROXY];
|
||||
data->set.proxy_ssl.cert_type = data->set.str[STRING_CERT_TYPE_PROXY];
|
||||
data->set.proxy_ssl.key = data->set.str[STRING_KEY_PROXY];
|
||||
data->set.proxy_ssl.key_type = data->set.str[STRING_KEY_TYPE_PROXY];
|
||||
data->set.proxy_ssl.key_passwd = data->set.str[STRING_KEY_PASSWD_PROXY];
|
||||
data->set.proxy_ssl.primary.clientcert = data->set.str[STRING_CERT_PROXY];
|
||||
data->set.proxy_ssl.cert_blob = data->set.blobs[BLOB_CERT_PROXY];
|
||||
data->set.proxy_ssl.key_blob = data->set.blobs[BLOB_KEY_PROXY];
|
||||
#endif
|
||||
data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_ORIG];
|
||||
data->set.ssl.issuercert = data->set.str[STRING_SSL_ISSUERCERT_ORIG];
|
||||
data->set.ssl.cert = data->set.str[STRING_CERT_ORIG];
|
||||
data->set.ssl.cert_type = data->set.str[STRING_CERT_TYPE_ORIG];
|
||||
data->set.ssl.key = data->set.str[STRING_KEY_ORIG];
|
||||
data->set.ssl.key_type = data->set.str[STRING_KEY_TYPE_ORIG];
|
||||
@ -3661,7 +3658,6 @@ static CURLcode create_conn(struct Curl_easy *data,
|
||||
#endif
|
||||
#endif
|
||||
|
||||
data->set.ssl.cert_blob = data->set.blobs[BLOB_CERT_ORIG];
|
||||
data->set.ssl.key_blob = data->set.blobs[BLOB_KEY_ORIG];
|
||||
data->set.ssl.issuercert_blob = data->set.blobs[BLOB_SSL_ISSUERCERT_ORIG];
|
||||
|
||||
|
@ -245,8 +245,6 @@ struct ssl_config_data {
|
||||
struct curl_blob *issuercert_blob;
|
||||
curl_ssl_ctx_callback fsslctx; /* function to initialize ssl ctx */
|
||||
void *fsslctxp; /* parameter for call back */
|
||||
char *cert; /* client certificate file name */
|
||||
struct curl_blob *cert_blob;
|
||||
char *cert_type; /* format for certificate (default: PEM)*/
|
||||
char *key; /* private key file name */
|
||||
struct curl_blob *key_blob;
|
||||
|
@ -705,7 +705,7 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex)
|
||||
int rc;
|
||||
const char * const keyringfile = SSL_CONN_CONFIG(CAfile);
|
||||
const char * const keyringpwd = SSL_SET_OPTION(key_passwd);
|
||||
const char * const keyringlabel = SSL_SET_OPTION(cert);
|
||||
const char * const keyringlabel = SSL_SET_OPTION(primary.clientcert);
|
||||
const long int ssl_version = SSL_CONN_CONFIG(version);
|
||||
const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
|
||||
const char * const hostname = SSL_IS_PROXY()? conn->http_proxy.host.name:
|
||||
|
@ -645,7 +645,7 @@ gtls_connect_step1(struct connectdata *conn,
|
||||
gnutls_alpn_set_protocols(session, protocols, cur, 0);
|
||||
}
|
||||
|
||||
if(SSL_SET_OPTION(cert)) {
|
||||
if(SSL_SET_OPTION(primary.clientcert)) {
|
||||
if(SSL_SET_OPTION(key_passwd)) {
|
||||
const unsigned int supported_key_encryption_algorithms =
|
||||
GNUTLS_PKCS_USE_PKCS12_3DES | GNUTLS_PKCS_USE_PKCS12_ARCFOUR |
|
||||
@ -654,9 +654,9 @@ gtls_connect_step1(struct connectdata *conn,
|
||||
GNUTLS_PKCS_USE_PBES2_AES_256;
|
||||
rc = gnutls_certificate_set_x509_key_file2(
|
||||
backend->cred,
|
||||
SSL_SET_OPTION(cert),
|
||||
SSL_SET_OPTION(primary.clientcert),
|
||||
SSL_SET_OPTION(key) ?
|
||||
SSL_SET_OPTION(key) : SSL_SET_OPTION(cert),
|
||||
SSL_SET_OPTION(key) : SSL_SET_OPTION(primary.clientcert),
|
||||
do_file_type(SSL_SET_OPTION(cert_type)),
|
||||
SSL_SET_OPTION(key_passwd),
|
||||
supported_key_encryption_algorithms);
|
||||
@ -670,9 +670,9 @@ gtls_connect_step1(struct connectdata *conn,
|
||||
else {
|
||||
if(gnutls_certificate_set_x509_key_file(
|
||||
backend->cred,
|
||||
SSL_SET_OPTION(cert),
|
||||
SSL_SET_OPTION(primary.clientcert),
|
||||
SSL_SET_OPTION(key) ?
|
||||
SSL_SET_OPTION(key) : SSL_SET_OPTION(cert),
|
||||
SSL_SET_OPTION(key) : SSL_SET_OPTION(primary.clientcert),
|
||||
do_file_type(SSL_SET_OPTION(cert_type)) ) !=
|
||||
GNUTLS_E_SUCCESS) {
|
||||
failf(data, "error reading X.509 key or certificate file");
|
||||
|
@ -244,7 +244,7 @@ mbed_connect_step1(struct connectdata *conn,
|
||||
const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
|
||||
const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
|
||||
const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
|
||||
char * const ssl_cert = SSL_SET_OPTION(cert);
|
||||
char * const ssl_cert = SSL_SET_OPTION(primary.clientcert);
|
||||
const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
|
||||
#ifndef CURL_DISABLE_PROXY
|
||||
const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
|
||||
|
@ -179,10 +179,11 @@ mesalink_connect_step1(struct connectdata *conn, int sockindex)
|
||||
SSL_CONN_CONFIG(CApath) ? SSL_CONN_CONFIG(CApath): "none");
|
||||
}
|
||||
|
||||
if(SSL_SET_OPTION(cert) && SSL_SET_OPTION(key)) {
|
||||
if(SSL_SET_OPTION(primary.clientcert) && SSL_SET_OPTION(key)) {
|
||||
int file_type = do_file_type(SSL_SET_OPTION(cert_type));
|
||||
|
||||
if(SSL_CTX_use_certificate_chain_file(BACKEND->ctx, SSL_SET_OPTION(cert),
|
||||
if(SSL_CTX_use_certificate_chain_file(BACKEND->ctx,
|
||||
SSL_SET_OPTION(primary.clientcert),
|
||||
file_type) != 1) {
|
||||
failf(data, "unable to use client certificate (no key or wrong pass"
|
||||
" phrase?)");
|
||||
|
@ -1981,14 +1981,15 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
|
||||
infof(data, " CRLfile: %s\n", SSL_SET_OPTION(CRLfile));
|
||||
}
|
||||
|
||||
if(SSL_SET_OPTION(cert)) {
|
||||
char *nickname = dup_nickname(data, SSL_SET_OPTION(cert));
|
||||
if(SSL_SET_OPTION(primary.clientcert)) {
|
||||
char *nickname = dup_nickname(data, SSL_SET_OPTION(primary.clientcert));
|
||||
if(nickname) {
|
||||
/* we are not going to use libnsspem.so to read the client cert */
|
||||
backend->obj_clicert = NULL;
|
||||
}
|
||||
else {
|
||||
CURLcode rv = cert_stuff(conn, sockindex, SSL_SET_OPTION(cert),
|
||||
CURLcode rv = cert_stuff(conn, sockindex,
|
||||
SSL_SET_OPTION(primary.clientcert),
|
||||
SSL_SET_OPTION(key));
|
||||
if(rv) {
|
||||
/* failf() is already done in cert_stuff() */
|
||||
|
@ -2493,8 +2493,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
|
||||
#ifdef HAVE_OPENSSL_SRP
|
||||
const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(authtype);
|
||||
#endif
|
||||
char * const ssl_cert = SSL_SET_OPTION(cert);
|
||||
const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(cert_blob);
|
||||
char * const ssl_cert = SSL_SET_OPTION(primary.clientcert);
|
||||
const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob);
|
||||
const char * const ssl_cert_type = SSL_SET_OPTION(cert_type);
|
||||
const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
|
||||
const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
|
||||
|
@ -590,7 +590,7 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
|
||||
|
||||
#ifdef HAS_CLIENT_CERT_PATH
|
||||
/* client certificate */
|
||||
if(data->set.ssl.cert || data->set.ssl.cert_blob) {
|
||||
if(data->set.ssl.primary.clientcert || data->set.ssl.primary.cert_blob) {
|
||||
DWORD cert_store_name = 0;
|
||||
TCHAR *cert_store_path = NULL;
|
||||
TCHAR *cert_thumbprint_str = NULL;
|
||||
@ -600,27 +600,28 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
|
||||
FILE *fInCert = NULL;
|
||||
void *certdata = NULL;
|
||||
size_t certsize = 0;
|
||||
bool blob = data->set.ssl.cert_blob != NULL;
|
||||
bool blob = data->set.ssl.primary.cert_blob != NULL;
|
||||
TCHAR *cert_path = NULL;
|
||||
if(blob) {
|
||||
certdata = data->set.ssl.cert_blob->data;
|
||||
certsize = data->set.ssl.cert_blob->len;
|
||||
certdata = data->set.ssl.primary.cert_blob->data;
|
||||
certsize = data->set.ssl.primary.cert_blob->len;
|
||||
}
|
||||
else {
|
||||
cert_path = curlx_convert_UTF8_to_tchar(data->set.ssl.cert);
|
||||
cert_path = curlx_convert_UTF8_to_tchar(
|
||||
data->set.ssl.primary.clientcert);
|
||||
if(!cert_path)
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
|
||||
result = get_cert_location(cert_path, &cert_store_name,
|
||||
&cert_store_path, &cert_thumbprint_str);
|
||||
|
||||
if(result && (data->set.ssl.cert[0]!='\0'))
|
||||
fInCert = fopen(data->set.ssl.cert, "rb");
|
||||
if(result && (data->set.ssl.primary.clientcert[0]!='\0'))
|
||||
fInCert = fopen(data->set.ssl.primary.clientcert, "rb");
|
||||
|
||||
if(result && !fInCert) {
|
||||
failf(data, "schannel: Failed to get certificate location"
|
||||
" or file for %s",
|
||||
data->set.ssl.cert);
|
||||
data->set.ssl.primary.clientcert);
|
||||
curlx_unicodefree(cert_path);
|
||||
return result;
|
||||
}
|
||||
@ -630,7 +631,7 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
|
||||
(!strcasecompare(data->set.ssl.cert_type, "P12"))) {
|
||||
failf(data, "schannel: certificate format compatibility error "
|
||||
" for %s",
|
||||
blob ? "(memory blob)" : data->set.ssl.cert);
|
||||
blob ? "(memory blob)" : data->set.ssl.primary.clientcert);
|
||||
curlx_unicodefree(cert_path);
|
||||
return CURLE_SSL_CERTPROBLEM;
|
||||
}
|
||||
@ -645,7 +646,7 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
|
||||
size_t pwd_len = 0;
|
||||
int str_w_len = 0;
|
||||
const char *cert_showfilename_error = blob ?
|
||||
"(memory blob)" : data->set.ssl.cert;
|
||||
"(memory blob)" : data->set.ssl.primary.clientcert;
|
||||
curlx_unicodefree(cert_path);
|
||||
if(fInCert) {
|
||||
long cert_tell = 0;
|
||||
@ -666,7 +667,7 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
|
||||
fclose(fInCert);
|
||||
if(!continue_reading) {
|
||||
failf(data, "schannel: Failed to read cert file %s",
|
||||
data->set.ssl.cert);
|
||||
data->set.ssl.primary.clientcert);
|
||||
free(certdata);
|
||||
return CURLE_SSL_CERTPROBLEM;
|
||||
}
|
||||
@ -773,7 +774,7 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
|
||||
CertCloseStore(cert_store, 0);
|
||||
}
|
||||
#else
|
||||
if(data->set.ssl.cert) {
|
||||
if(data->set.ssl.primary.clientcert || data->set.ssl.primary.cert_blob) {
|
||||
failf(data, "schannel: client cert support not built in");
|
||||
return CURLE_NOT_BUILT_IN;
|
||||
}
|
||||
|
@ -1397,8 +1397,8 @@ static CURLcode sectransp_connect_step1(struct connectdata *conn,
|
||||
const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
|
||||
const struct curl_blob *ssl_cablob = NULL;
|
||||
const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
|
||||
char * const ssl_cert = SSL_SET_OPTION(cert);
|
||||
const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(cert_blob);
|
||||
char * const ssl_cert = SSL_SET_OPTION(primary.clientcert);
|
||||
const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob);
|
||||
const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
|
||||
conn->host.name;
|
||||
const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
|
||||
|
@ -379,10 +379,11 @@ wolfssl_connect_step1(struct connectdata *conn,
|
||||
}
|
||||
|
||||
/* Load the client certificate, and private key */
|
||||
if(SSL_SET_OPTION(cert) && SSL_SET_OPTION(key)) {
|
||||
if(SSL_SET_OPTION(primary.clientcert) && SSL_SET_OPTION(key)) {
|
||||
int file_type = do_file_type(SSL_SET_OPTION(cert_type));
|
||||
|
||||
if(SSL_CTX_use_certificate_file(backend->ctx, SSL_SET_OPTION(cert),
|
||||
if(SSL_CTX_use_certificate_file(backend->ctx,
|
||||
SSL_SET_OPTION(primary.clientcert),
|
||||
file_type) != 1) {
|
||||
failf(data, "unable to use client certificate (no key or wrong pass"
|
||||
" phrase?)");
|
||||
|
Loading…
Reference in New Issue
Block a user