curl/curl
1
1
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-09-08 13:24:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

openssl: set the cipher string before doing private cert

Browse Source 
... as this allows a set string to affect how OpenSSL deals with the
private keys/certs.

Closes #17227
This commit is contained in:
Corinna Brandt 2025-04-29 15:31:17 +02:00 committed by Daniel Stenberg
parent 47b2300192
commit ea897fddfc
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
lib/vtls/openssl.c
View File

@ -3812,18 +3812,6 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx,
SSL_CTX_set_mode(octx->ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
#endif
if(ssl_cert || ssl_cert_blob || ssl_cert_type) {
if(!result &&
!cert_stuff(data, octx->ssl_ctx,
ssl_cert, ssl_cert_blob, ssl_cert_type,
ssl_config->key, ssl_config->key_blob,
ssl_config->key_type, ssl_config->key_passwd))
result = CURLE_SSL_CERTPROBLEM;
if(result)
/* failf() is already done in cert_stuff() */
return result;
}
ciphers = conn_config->cipher_list;
if(!ciphers && (peer->transport != TRNSPRT_QUIC))
ciphers = DEFAULT_CIPHER_SELECTION;
@ -3850,6 +3838,18 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx,
}
#endif
if(ssl_cert || ssl_cert_blob || ssl_cert_type) {
if(!result &&
!cert_stuff(data, octx->ssl_ctx,
ssl_cert, ssl_cert_blob, ssl_cert_type,
ssl_config->key, ssl_config->key_blob,
ssl_config->key_type, ssl_config->key_passwd))
result = CURLE_SSL_CERTPROBLEM;
if(result)
/* failf() is already done in cert_stuff() */
return result;
}
#ifdef HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
/* OpenSSL 1.1.1 requires clients to opt-in for PHA */
SSL_CTX_set_post_handshake_auth(octx->ssl_ctx, 1);