diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2018-02-19 14:31:06 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2018-08-08 09:46:01 +0200 |
commit | 298d2565e2a2f06a859b7f5a1cc24ba7c87a8ce2 (patch) | |
tree | d6c7b12308a7d3617d6843297168c2e6a42d7578 /src | |
parent | c892795ea3601a6d210a325b2ac566b1c30d3334 (diff) |
ssl: set engine implicitly when a PKCS#11 URI is provided
This allows the use of PKCS#11 URI for certificates and keys without
setting the corresponding type as "ENG" and the engine as "pkcs11"
explicitly. If a PKCS#11 URI is provided for certificate, key,
proxy_certificate or proxy_key, the corresponding type is set as "ENG"
if not provided and the engine is set to "pkcs11" if not provided.
Acked-by: Nikos Mavrogiannopoulos
Closes #2333
Diffstat (limited to 'src')
-rw-r--r-- | src/tool_getparam.c | 2 | ||||
-rw-r--r-- | src/tool_operate.c | 53 |
2 files changed, 54 insertions, 1 deletions
diff --git a/src/tool_getparam.c b/src/tool_getparam.c index e42a894cb..1a81c3803 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -342,7 +342,7 @@ void parse_cert_parameter(const char *cert_parameter, * looks like a RFC7512 PKCS#11 URI which can be used as-is. * Also if cert_parameter contains no colon nor backslash, this * means no passphrase was given and no characters escaped */ - if(!strncmp(cert_parameter, "pkcs11:", 7) || + if(curl_strnequal(cert_parameter, "pkcs11:", 7) || !strpbrk(cert_parameter, ":\\")) { *certname = strdup(cert_parameter); return; diff --git a/src/tool_operate.c b/src/tool_operate.c index 26fc251f5..25d450c86 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -113,6 +113,19 @@ static bool is_fatal_error(CURLcode code) return FALSE; } +/* + * Check if a given string is a PKCS#11 URI + */ +static bool is_pkcs11_uri(const char *string) +{ + if(curl_strnequal(string, "pkcs11:", 7)) { + return TRUE; + } + else { + return FALSE; + } +} + #ifdef __VMS /* * get_vms_file_size does what it takes to get the real size of the file @@ -1073,6 +1086,46 @@ static CURLcode operate_do(struct GlobalConfig *global, my_setopt_str(curl, CURLOPT_PINNEDPUBLICKEY, config->pinnedpubkey); if(curlinfo->features & CURL_VERSION_SSL) { + /* Check if config->cert is a PKCS#11 URI and set the + * config->cert_type if necessary */ + if(config->cert) { + if(!config->cert_type) { + if(is_pkcs11_uri(config->cert)) { + config->cert_type = strdup("ENG"); + } + } + } + + /* Check if config->key is a PKCS#11 URI and set the + * config->key_type if necessary */ + if(config->key) { + if(!config->key_type) { + if(is_pkcs11_uri(config->key)) { + config->key_type = strdup("ENG"); + } + } + } + + /* Check if config->proxy_cert is a PKCS#11 URI and set the + * config->proxy_type if necessary */ + if(config->proxy_cert) { + if(!config->proxy_cert_type) { + if(is_pkcs11_uri(config->proxy_cert)) { + config->proxy_cert_type = strdup("ENG"); + } + } + } + + /* Check if config->proxy_key is a PKCS#11 URI and set the + * config->proxy_key_type if necessary */ + if(config->proxy_key) { + if(!config->proxy_key_type) { + if(is_pkcs11_uri(config->proxy_key)) { + config->proxy_key_type = strdup("ENG"); + } + } + } + my_setopt_str(curl, CURLOPT_SSLCERT, config->cert); my_setopt_str(curl, CURLOPT_PROXY_SSLCERT, config->proxy_cert); my_setopt_str(curl, CURLOPT_SSLCERTTYPE, config->cert_type); |