aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/vtls/mesalink.c62
1 files changed, 49 insertions, 13 deletions
diff --git a/lib/vtls/mesalink.c b/lib/vtls/mesalink.c
index 7ca4f0eac..9507888bd 100644
--- a/lib/vtls/mesalink.c
+++ b/lib/vtls/mesalink.c
@@ -73,6 +73,17 @@ struct ssl_backend_data
static Curl_recv mesalink_recv;
static Curl_send mesalink_send;
+static int do_file_type(const char *type)
+{
+ if(!type || !type[0])
+ return SSL_FILETYPE_PEM;
+ if(strcasecompare(type, "PEM"))
+ return SSL_FILETYPE_PEM;
+ if(strcasecompare(type, "DER"))
+ return SSL_FILETYPE_ASN1;
+ return -1;
+}
+
/*
* This function loads all the client/CA certificates and CRLs. Setup the TLS
* layer and do all necessary magic.
@@ -83,9 +94,6 @@ mesalink_connect_step1(struct connectdata *conn, int sockindex)
char *ciphers;
struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
- const char *const ssl_cafile = SSL_CONN_CONFIG(CAfile);
- const char *const ssl_capath = SSL_CONN_CONFIG(CApath);
struct in_addr addr4;
#ifdef ENABLE_IPV6
struct in6_addr addr6;
@@ -142,21 +150,25 @@ mesalink_connect_step1(struct connectdata *conn, int sockindex)
}
SSL_CTX_set_verify(
- BACKEND->ctx, verifypeer ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL);
+ BACKEND->ctx, SSL_CONN_CONFIG(verifypeer) ?
+ SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL);
- if(ssl_cafile || ssl_capath) {
- if(!SSL_CTX_load_verify_locations(BACKEND->ctx, ssl_cafile, ssl_capath)) {
- if(verifypeer) {
+ if(SSL_CONN_CONFIG(CAfile) || SSL_CONN_CONFIG(CApath)) {
+ if(!SSL_CTX_load_verify_locations(BACKEND->ctx, SSL_CONN_CONFIG(CAfile),
+ SSL_CONN_CONFIG(CApath))) {
+ if(SSL_CONN_CONFIG(verifypeer)) {
failf(data,
"error setting certificate verify locations:\n"
" CAfile: %s\n CApath: %s",
- ssl_cafile ? ssl_cafile : "none",
- ssl_capath ? ssl_capath : "none");
+ SSL_CONN_CONFIG(CAfile) ?
+ SSL_CONN_CONFIG(CAfile) : "none",
+ SSL_CONN_CONFIG(CApath) ?
+ SSL_CONN_CONFIG(CApath) : "none");
return CURLE_SSL_CACERT_BADFILE;
}
infof(data,
- "error setting certificate verify locations,"
- " continuing anyway:\n");
+ "error setting certificate verify locations,"
+ " continuing anyway:\n");
}
else {
infof(data, "successfully set certificate verify locations:\n");
@@ -164,8 +176,32 @@ mesalink_connect_step1(struct connectdata *conn, int sockindex)
infof(data,
" CAfile: %s\n"
" CApath: %s\n",
- ssl_cafile ? ssl_cafile : "none",
- ssl_capath ? ssl_capath : "none");
+ SSL_CONN_CONFIG(CAfile)?
+ SSL_CONN_CONFIG(CAfile): "none",
+ SSL_CONN_CONFIG(CApath)?
+ SSL_CONN_CONFIG(CApath): "none");
+ }
+
+ if(SSL_SET_OPTION(cert) && SSL_SET_OPTION(key)) {
+ int file_type = do_file_type(SSL_SET_OPTION(cert_type));
+
+ if(SSL_CTX_use_certificate_chain_file(BACKEND->ctx, SSL_SET_OPTION(cert),
+ file_type) != 1) {
+ failf(data, "unable to use client certificate (no key or wrong pass"
+ " phrase?)");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ file_type = do_file_type(SSL_SET_OPTION(key_type));
+ if(SSL_CTX_use_PrivateKey_file(BACKEND->ctx, SSL_SET_OPTION(key),
+ file_type) != 1) {
+ failf(data, "unable to set private key");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ infof(data,
+ "client cert: %s\n",
+ SSL_CONN_CONFIG(clientcert)?
+ SSL_CONN_CONFIG(clientcert): "none");
}
ciphers = SSL_CONN_CONFIG(cipher_list);