moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity
curl/src
History
David Woodhouse 01f69232b0 curl: allow "pkcs11:" prefix for client certificates 
RFC7512 provides a standard method to reference certificates in PKCS#11
tokens, by means of a URI starting 'pkcs11:'.

We're working on fixing various applications so that whenever they would
have been able to use certificates from a file, users can simply insert
a PKCS#11 URI instead and expect it to work. This expectation is now a
part of the Fedora packaging guidelines, for example.

This doesn't work with cURL because of the way that the colon is used
to separate the certificate argument from the passphrase. So instead of

   curl -E 'pkcs11:manufacturer=piv_II;id=%01' …

I instead need to invoke cURL with the colon escaped, like this:

   curl -E 'pkcs11\:manufacturer=piv_II;id=%01' …

This is suboptimal because we want *consistency* — the URI should be
usable in place of a filename anywhere, without having strange
differences for different applications.

This patch therefore disables the processing in parse_cert_parameter()
when the string starts with 'pkcs11:'. It means you can't pass a
passphrase with an unescaped PKCS#11 URI, but there's no need to do so
because RFC7512 allows a PIN to be given as a 'pin-value' attribute in
the URI itself.

Also, if users are already using RFC7512 URIs with the colon escaped as
in the above example — even providing a passphrase for cURL to handling
instead of using a pin-value attribute, that will continue to work
because their string will start 'pkcs11\:' and won't match the check.

What *does* break with this patch is the extremely unlikely case that a
user has a file which is in the local directory and literally named
just "pkcs11", and they have a passphrase on it. If that ever happened,
the user would need to refer to it as './pkcs11:<passphrase>' instead.
 		2016-08-17 11:35:16 +02:00
..
macos code/docs: Use Unix rather than UNIX to avoid use of the trademark 2014-12-26 21:42:44 +00:00
.gitignore gitignore: ignore more generated VC Makefiles 2015-09-03 23:35:41 +02:00
CMakeLists.txt Makefile.inc: s/curl_SOURCES/CURL_FILES 2015-12-23 12:07:50 +01:00
Makefile.Watcom URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
Makefile.am src/checksrc.whitelist: removed 2016-04-19 08:56:06 +02:00
Makefile.b32 URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
Makefile.inc Makefile.inc: s/curl_SOURCES/CURL_FILES 2015-12-23 12:07:50 +01:00
Makefile.m32 makefile.m32: add crypt32 for winssl builds 2016-06-01 10:39:13 +02:00
Makefile.netware URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
Makefile.vc6 makefile.vc6: use d suffix on debug object 2016-04-17 17:16:21 +02:00
curl.rc URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
makefile.amiga build: Renamed CURLX_ONES file list definition to CURLX_CFILES 2014-05-21 23:11:51 +01:00
makefile.dj URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
mkhelp.pl URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
slist_wc.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
slist_wc.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_binmode.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_binmode.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_bname.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_bname.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_cb_dbg.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_cb_dbg.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_cb_hdr.c tool_cb_hdr: Fix --remote-header-name with schemeless URL 2016-05-01 16:07:04 -04:00
tool_cb_hdr.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_cb_prg.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_cb_prg.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_cb_rea.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_cb_rea.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_cb_see.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_cb_see.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_cb_wrt.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_cb_wrt.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_cfgable.c CURLOPT_TCP_NODELAY: now enabled by default 2016-08-05 00:12:57 +02:00
tool_cfgable.h tool: add --tcp-fastopen option 2016-04-18 23:17:19 +02:00
tool_convert.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_convert.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_dirhie.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_dirhie.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_doswin.c tool_doswin: Support for literal path prefix \\?\ 2016-02-09 03:28:58 -05:00
tool_doswin.h tool_doswin: Improve sanitization processing 2016-02-05 01:44:27 -05:00
tool_easysrc.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_easysrc.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_formparse.c code: style updates 2016-04-03 22:38:36 +02:00
tool_formparse.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_getparam.c curl: allow "pkcs11:" prefix for client certificates 2016-08-17 11:35:16 +02:00
tool_getparam.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_getpass.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_getpass.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_help.c curl: show the long option version of -q in the -h list 2016-04-29 00:31:37 +02:00
tool_help.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_helpers.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_helpers.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_homedir.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_homedir.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_hugehelp.c.cvs URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_hugehelp.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_libinfo.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_libinfo.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_main.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_main.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_metalink.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_metalink.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_mfiles.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_mfiles.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_msgs.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_msgs.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_operate.c CURLOPT_TCP_NODELAY: now enabled by default 2016-08-05 00:12:57 +02:00
tool_operate.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_operhlp.c tool_operhlp: Check for backslashes in get_url_file_name 2016-02-08 03:14:04 -05:00
tool_operhlp.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_panykey.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_panykey.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_paramhlp.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_paramhlp.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_parsecfg.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_parsecfg.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_sdecls.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_setopt.c CURLOPT_TCP_NODELAY: now enabled by default 2016-08-05 00:12:57 +02:00
tool_setopt.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_setup.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_sleep.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_sleep.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_strdup.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_strdup.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_urlglob.c tool_urlglob: fix off-by-one error in glob_parse() 2016-06-03 13:07:22 +02:00
tool_urlglob.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_util.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_util.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_version.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_vms.c code: style updates 2016-04-03 22:38:36 +02:00
tool_vms.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_writeenv.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_writeenv.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_writeout.c http: add CURLINFO_HTTP_VERSION and %{http_version} 2016-05-30 22:58:51 +02:00
tool_writeout.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_xattr.c URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
tool_xattr.h URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00