diff options
author | Daniel Stenberg <daniel@haxx.se> | 2005-11-11 23:20:07 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2005-11-11 23:20:07 +0000 |
commit | 5e3836055ff8697c0d0ea514fdc9e16ca4b3c424 (patch) | |
tree | 90d0fade0a0353fea8d3d688402f891f9fe9182b | |
parent | 37a6a0bb3efc1433609c3d17f5b15c9fb83864a6 (diff) |
Dima Barsky patched problem #1348930: the GnuTLS code completely ignored
client certificates! (http://curl.haxx.se/bug/view.cgi?id=1348930).
-rw-r--r-- | CHANGES | 4 | ||||
-rw-r--r-- | RELEASE-NOTES | 1 | ||||
-rw-r--r-- | lib/gtls.c | 24 |
3 files changed, 28 insertions, 1 deletions
@@ -8,6 +8,10 @@ +Daniel (12 November 2005) +- Dima Barsky patched problem #1348930: the GnuTLS code completely ignored + client certificates! (http://curl.haxx.se/bug/view.cgi?id=1348930). + Daniel (10 November 2005) - David Lang fixed IPv6 support for TFTP! diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 4983334e5..2fd260433 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -18,6 +18,7 @@ This release includes the following changes: This release includes the following bugfixes: + o the GnuTLS code didn't support client certificates o TFTP over IPv6 works o no reverse lookups on IP addresses when ipv6-enabled o SSPI compatibility fix: using the proper DLLs diff --git a/lib/gtls.c b/lib/gtls.c index aa9d98dfa..cc33deabf 100644 --- a/lib/gtls.c +++ b/lib/gtls.c @@ -176,6 +176,18 @@ static CURLcode handshake(struct connectdata *conn, return CURLE_OK; } +static gnutls_x509_crt_fmt_t do_file_type(const char *type) +{ + if(!type || !type[0]) + return GNUTLS_X509_FMT_PEM; + if(curl_strequal(type, "PEM")) + return GNUTLS_X509_FMT_PEM; + if(curl_strequal(type, "DER")) + return GNUTLS_X509_FMT_DER; + return -1; +} + + /* * This function is called after the TCP connect has completed. Setup the TLS * layer and do all necessary magic. @@ -253,7 +265,17 @@ Curl_gtls_connect(struct connectdata *conn, if(rc < 0) return CURLE_SSL_CONNECT_ERROR; - /* put the anonymous credentials to the current session */ + if(data->set.cert) { + if( gnutls_certificate_set_x509_key_file( + conn->ssl[sockindex].cred, data->set.cert, + data->set.key != 0 ? data->set.key : data->set.cert, + do_file_type(data->set.cert_type) ) ) { + failf(data, "error reading X.509 key or certificate file"); + return CURLE_SSL_CONNECT_ERROR; + } + } + + /* put the credentials to the current session */ rc = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, conn->ssl[sockindex].cred); |