diff options
author | Daniel Stenberg <daniel@haxx.se> | 2005-11-11 23:20:07 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2005-11-11 23:20:07 +0000 |
commit | 5e3836055ff8697c0d0ea514fdc9e16ca4b3c424 (patch) | |
tree | 90d0fade0a0353fea8d3d688402f891f9fe9182b /lib/gtls.c | |
parent | 37a6a0bb3efc1433609c3d17f5b15c9fb83864a6 (diff) |
Dima Barsky patched problem #1348930: the GnuTLS code completely ignored
client certificates! (http://curl.haxx.se/bug/view.cgi?id=1348930).
Diffstat (limited to 'lib/gtls.c')
-rw-r--r-- | lib/gtls.c | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/lib/gtls.c b/lib/gtls.c index aa9d98dfa..cc33deabf 100644 --- a/lib/gtls.c +++ b/lib/gtls.c @@ -176,6 +176,18 @@ static CURLcode handshake(struct connectdata *conn, return CURLE_OK; } +static gnutls_x509_crt_fmt_t do_file_type(const char *type) +{ + if(!type || !type[0]) + return GNUTLS_X509_FMT_PEM; + if(curl_strequal(type, "PEM")) + return GNUTLS_X509_FMT_PEM; + if(curl_strequal(type, "DER")) + return GNUTLS_X509_FMT_DER; + return -1; +} + + /* * This function is called after the TCP connect has completed. Setup the TLS * layer and do all necessary magic. @@ -253,7 +265,17 @@ Curl_gtls_connect(struct connectdata *conn, if(rc < 0) return CURLE_SSL_CONNECT_ERROR; - /* put the anonymous credentials to the current session */ + if(data->set.cert) { + if( gnutls_certificate_set_x509_key_file( + conn->ssl[sockindex].cred, data->set.cert, + data->set.key != 0 ? data->set.key : data->set.cert, + do_file_type(data->set.cert_type) ) ) { + failf(data, "error reading X.509 key or certificate file"); + return CURLE_SSL_CONNECT_ERROR; + } + } + + /* put the credentials to the current session */ rc = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, conn->ssl[sockindex].cred); |