mirror of
https://github.com/moparisthebest/curl
synced 2024-12-22 08:08:50 -05:00
Dima Barsky patched problem #1348930: the GnuTLS code completely ignored
client certificates! (http://curl.haxx.se/bug/view.cgi?id=1348930).
This commit is contained in:
parent
37a6a0bb3e
commit
5e3836055f
4
CHANGES
4
CHANGES
@ -8,6 +8,10 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Daniel (12 November 2005)
|
||||||
|
- Dima Barsky patched problem #1348930: the GnuTLS code completely ignored
|
||||||
|
client certificates! (http://curl.haxx.se/bug/view.cgi?id=1348930).
|
||||||
|
|
||||||
Daniel (10 November 2005)
|
Daniel (10 November 2005)
|
||||||
- David Lang fixed IPv6 support for TFTP!
|
- David Lang fixed IPv6 support for TFTP!
|
||||||
|
|
||||||
|
@ -18,6 +18,7 @@ This release includes the following changes:
|
|||||||
|
|
||||||
This release includes the following bugfixes:
|
This release includes the following bugfixes:
|
||||||
|
|
||||||
|
o the GnuTLS code didn't support client certificates
|
||||||
o TFTP over IPv6 works
|
o TFTP over IPv6 works
|
||||||
o no reverse lookups on IP addresses when ipv6-enabled
|
o no reverse lookups on IP addresses when ipv6-enabled
|
||||||
o SSPI compatibility fix: using the proper DLLs
|
o SSPI compatibility fix: using the proper DLLs
|
||||||
|
24
lib/gtls.c
24
lib/gtls.c
@ -176,6 +176,18 @@ static CURLcode handshake(struct connectdata *conn,
|
|||||||
return CURLE_OK;
|
return CURLE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static gnutls_x509_crt_fmt_t do_file_type(const char *type)
|
||||||
|
{
|
||||||
|
if(!type || !type[0])
|
||||||
|
return GNUTLS_X509_FMT_PEM;
|
||||||
|
if(curl_strequal(type, "PEM"))
|
||||||
|
return GNUTLS_X509_FMT_PEM;
|
||||||
|
if(curl_strequal(type, "DER"))
|
||||||
|
return GNUTLS_X509_FMT_DER;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This function is called after the TCP connect has completed. Setup the TLS
|
* This function is called after the TCP connect has completed. Setup the TLS
|
||||||
* layer and do all necessary magic.
|
* layer and do all necessary magic.
|
||||||
@ -253,7 +265,17 @@ Curl_gtls_connect(struct connectdata *conn,
|
|||||||
if(rc < 0)
|
if(rc < 0)
|
||||||
return CURLE_SSL_CONNECT_ERROR;
|
return CURLE_SSL_CONNECT_ERROR;
|
||||||
|
|
||||||
/* put the anonymous credentials to the current session */
|
if(data->set.cert) {
|
||||||
|
if( gnutls_certificate_set_x509_key_file(
|
||||||
|
conn->ssl[sockindex].cred, data->set.cert,
|
||||||
|
data->set.key != 0 ? data->set.key : data->set.cert,
|
||||||
|
do_file_type(data->set.cert_type) ) ) {
|
||||||
|
failf(data, "error reading X.509 key or certificate file");
|
||||||
|
return CURLE_SSL_CONNECT_ERROR;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* put the credentials to the current session */
|
||||||
rc = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
|
rc = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
|
||||||
conn->ssl[sockindex].cred);
|
conn->ssl[sockindex].cred);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user