curl/curl
1
1
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-09-12 23:22:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

wolfssl: assume key_file equal to clientcert in the absence of key_file

Browse Source 
When user sets CURLOPT_SSLCERT but leaves CURLOPT_SSLKEY unset assume
the path passed in CURLOPT_SSLCERT holds the ssl key which is what we do
in openssl implementation.

Fixes #14007
Closes #14008
This commit is contained in:
Alex Snast 2024-06-24 14:28:23 -07:00 committed by Daniel Stenberg
parent b7b41b1ea9
commit ad3e476275
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/vtls/wolfssl.c
View File

@ -759,7 +759,8 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
#ifndef NO_FILESYSTEM #ifndef NO_FILESYSTEM
/* Load the client certificate, and private key */ /* Load the client certificate, and private key */
if(ssl_config->primary.clientcert && ssl_config->key) { if(ssl_config->primary.clientcert) {
char *key_file = ssl_config->key;
int file_type = do_file_type(ssl_config->cert_type); int file_type = do_file_type(ssl_config->cert_type);
if(file_type == WOLFSSL_FILETYPE_PEM) { if(file_type == WOLFSSL_FILETYPE_PEM) {
@ -783,8 +784,12 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
return CURLE_BAD_FUNCTION_ARGUMENT; return CURLE_BAD_FUNCTION_ARGUMENT;
} }
file_type = do_file_type(ssl_config->key_type); if(!key_file)
if(wolfSSL_CTX_use_PrivateKey_file(backend->ctx, ssl_config->key, key_file = ssl_config->primary.clientcert;
else
file_type = do_file_type(ssl_config->key_type);
if(wolfSSL_CTX_use_PrivateKey_file(backend->ctx, key_file,
file_type) != 1) { file_type) != 1) {
failf(data, "unable to set private key"); failf(data, "unable to set private key");
return CURLE_SSL_CONNECT_ERROR; return CURLE_SSL_CONNECT_ERROR;