From cac5374298b3e79405bbdabe38941227c73a4c96 Mon Sep 17 00:00:00 2001 From: Gilles Vollant Date: Fri, 15 May 2020 10:47:46 +0200 Subject: setopt: support certificate options in memory with struct curl_blob This change introduces a generic way to provide binary data in setopt options, called BLOBs. This change introduces these new setopts: CURLOPT_ISSUERCERT_BLOB, CURLOPT_PROXY_SSLCERT_BLOB, CURLOPT_PROXY_SSLKEY_BLOB, CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB. Reviewed-by: Daniel Stenberg Closes #5357 --- src/tool_operate.c | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ src/tool_setopt.c | 16 ++++++++++- 2 files changed, 94 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/tool_operate.c b/src/tool_operate.c index 2a12d030f..e6d346067 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -1556,11 +1556,90 @@ static CURLcode single_transfer(struct GlobalConfig *global, } } + /* In debug build of curl tool, using + * --cert loadmem=: --cert-type p12 + * must do the same thing than classic: + * --cert : --cert-type p12 + * but is designed to test blob */ +#if defined(CURLDEBUG) || defined(DEBUGBUILD) + if(config->cert && (strlen(config->cert) > 8) && + (memcmp(config->cert, "loadmem=",8) == 0)) { + FILE *fInCert = fopen(config->cert + 8, "rb"); + void *certdata = NULL; + long filesize = 0; + bool continue_reading = fInCert != NULL; + if(continue_reading) + continue_reading = fseek(fInCert, 0, SEEK_END) == 0; + if(continue_reading) + filesize = ftell(fInCert); + if(filesize < 0) + continue_reading = FALSE; + if(continue_reading) + continue_reading = fseek(fInCert, 0, SEEK_SET) == 0; + if(continue_reading) + certdata = malloc(((size_t)filesize) + 1); + if((!certdata) || + ((int)fread(certdata, (size_t)filesize, 1, fInCert) != 1)) + continue_reading = FALSE; + if(fInCert) + fclose(fInCert); + if((filesize > 0) && continue_reading) { + struct curl_blob structblob; + structblob.data = certdata; + structblob.len = (size_t)filesize; + structblob.flags = CURL_BLOB_COPY; + my_setopt_str(curl, CURLOPT_SSLCERT_BLOB, &structblob); + /* if test run well, we are sure we don't reuse + * original mem pointer */ + memset(certdata, 0, (size_t)filesize); + } + free(certdata); + } + else +#endif my_setopt_str(curl, CURLOPT_SSLCERT, config->cert); my_setopt_str(curl, CURLOPT_PROXY_SSLCERT, config->proxy_cert); my_setopt_str(curl, CURLOPT_SSLCERTTYPE, config->cert_type); my_setopt_str(curl, CURLOPT_PROXY_SSLCERTTYPE, config->proxy_cert_type); + + +#if defined(CURLDEBUG) || defined(DEBUGBUILD) + if(config->key && (strlen(config->key) > 8) && + (memcmp(config->key, "loadmem=",8) == 0)) { + FILE *fInCert = fopen(config->key + 8, "rb"); + void *certdata = NULL; + long filesize = 0; + bool continue_reading = fInCert != NULL; + if(continue_reading) + continue_reading = fseek(fInCert, 0, SEEK_END) == 0; + if(continue_reading) + filesize = ftell(fInCert); + if(filesize < 0) + continue_reading = FALSE; + if(continue_reading) + continue_reading = fseek(fInCert, 0, SEEK_SET) == 0; + if(continue_reading) + certdata = malloc(((size_t)filesize) + 1); + if((!certdata) || + ((int)fread(certdata, (size_t)filesize, 1, fInCert) != 1)) + continue_reading = FALSE; + if(fInCert) + fclose(fInCert); + if((filesize > 0) && continue_reading) { + struct curl_blob structblob; + structblob.data = certdata; + structblob.len = (size_t)filesize; + structblob.flags = CURL_BLOB_COPY; + my_setopt_str(curl, CURLOPT_SSLKEY_BLOB, &structblob); + /* if test run well, we are sure we don't reuse + * original mem pointer */ + memset(certdata, 0, (size_t)filesize); + } + free(certdata); + } + else +#endif my_setopt_str(curl, CURLOPT_SSLKEY, config->key); my_setopt_str(curl, CURLOPT_PROXY_SSLKEY, config->proxy_key); my_setopt_str(curl, CURLOPT_SSLKEYTYPE, config->key_type); diff --git a/src/tool_setopt.c b/src/tool_setopt.c index 494518b6b..9858d49c9 100644 --- a/src/tool_setopt.c +++ b/src/tool_setopt.c @@ -683,7 +683,7 @@ CURLcode tool_setopt(CURL *curl, bool str, struct GlobalConfig *config, ret = curl_easy_setopt(curl, tag, pval); } - else { + else if(tag < CURLOPTTYPE_BLOB) { /* Value is expected to be curl_off_t */ curl_off_t oval = va_arg(arg, curl_off_t); msnprintf(buf, sizeof(buf), @@ -694,6 +694,20 @@ CURLcode tool_setopt(CURL *curl, bool str, struct GlobalConfig *config, if(!oval) skip = TRUE; } + else { + /* Value is a blob */ + void *pblob = va_arg(arg, void *); + + /* blobs are never printable */ + if(pblob) { + value = "blobpointer"; + remark = TRUE; + } + else + skip = TRUE; + + ret = curl_easy_setopt(curl, tag, pblob); + } va_end(arg); -- cgit v1.2.3