luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

curl: fix --proxy-pinnedpubkey

Browse Source 
This option was added in #2268 but never connected in
tool_operate.c.

Closes #14438
This commit is contained in:
Jan Venekamp 2024-08-07 14:09:04 +02:00 committed by Daniel Stenberg
parent cf7a080c3f
commit 1e9c1e8f2e
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/cmdline-opts/proxy-pinnedpubkey.md
View File

@ -27,3 +27,5 @@ When negotiating a TLS or SSL connection, the server sends a certificate
indicating its identity. A public key is extracted from this certificate and
if it does not exactly match the public key provided to this option, curl
aborts the connection before sending or receiving any data.
Before curl 8.10.0 this option did not work due to a bug.

7
src/tool_operate.c
View File

@ -1750,6 +1750,13 @@ static CURLcode single_transfer(struct GlobalConfig *global,
warnf(global, "ignoring %s, not supported by libcurl with %s",
"--pinnedpubkey", ssl_ver);
}
if(config->proxy_pinnedpubkey) {
result = res_setopt_str(curl, CURLOPT_PROXY_PINNEDPUBLICKEY,
config->proxy_pinnedpubkey);
if(result == CURLE_NOT_BUILT_IN)
warnf(global, "ignoring %s, not supported by libcurl with %s",
"--proxy-pinnedpubkey", ssl_ver);
}
if(config->ssl_ec_curves)
my_setopt_str(curl, CURLOPT_SSL_EC_CURVES, config->ssl_ec_curves);