From 4f8b17743d7c55a0bfb48463238c88564875ae47 Mon Sep 17 00:00:00 2001
From: Thomas Glanzmann <thomas@glanzmann.de>
Date: Fri, 25 Nov 2016 10:47:25 +0100
Subject: HTTPS Proxy: Implement CURLOPT_PROXY_PINNEDPUBLICKEY

---
 lib/vtls/nss.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'lib/vtls/nss.c')

diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 91b8e05cc..efb19e6e7 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1926,6 +1926,10 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
   PRUint32 timeout;
   long * const certverifyresult = SSL_IS_PROXY() ?
     &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
+  const char * const pinnedpubkey = SSL_IS_PROXY() ?
+              data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
+              data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
+
 
   /* check timeout situation */
   const long time_left = Curl_timeleft(data, NULL, TRUE);
@@ -1971,7 +1975,7 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
     }
   }
 
-  result = cmp_peer_pubkey(connssl, data->set.str[STRING_SSL_PINNEDPUBLICKEY]);
+  result = cmp_peer_pubkey(connssl, pinnedpubkey);
   if(result)
     /* status already printed */
     goto error;
-- 
cgit v1.2.3