gtls: Add P12 format support

This change adds P12 format support for GnuTLS backend.

Closes #14991

docs/libcurl/opts/CURLOPT_SSLCERTTYPE.md

@@ -39,7 +39,7 @@ the format of your certificate.
 Supported formats are "PEM" and "DER", except with Secure Transport or
 Schannel. OpenSSL (versions 0.9.3 and later), Secure Transport (on iOS 5 or
 later, or macOS 10.7 or later) and Schannel support "P12" for PKCS#12-encoded
-files.
+files. GnuTLS supports P12 starting with curl 8.11.0.
 
 The application does not have to keep the string around after setting this
 option.

lib/vtls/gtls.c

@@ -936,7 +936,19 @@ static CURLcode gtls_client_init(struct Curl_cfilter *cf,
       if(result)
         return result;
     }
-    if(ssl_config->key_passwd) {
+    if(ssl_config->cert_type && strcasecompare(ssl_config->cert_type, "P12")) {
+      rc = gnutls_certificate_set_x509_simple_pkcs12_file(
+        gtls->shared_creds->creds, config->clientcert, GNUTLS_X509_FMT_DER,
+        ssl_config->key_passwd ? ssl_config->key_passwd : "");
+      if(rc != GNUTLS_E_SUCCESS) {
+        failf(data,
+              "error reading X.509 potentially-encrypted key or certificate "
+              "file: %s",
+              gnutls_strerror(rc));
+        return CURLE_SSL_CONNECT_ERROR;
+      }
+    }
+    else if(ssl_config->key_passwd) {
       const unsigned int supported_key_encryption_algorithms =
         GNUTLS_PKCS_USE_PKCS12_3DES | GNUTLS_PKCS_USE_PKCS12_ARCFOUR |
         GNUTLS_PKCS_USE_PKCS12_RC2_40 | GNUTLS_PKCS_USE_PBES2_3DES |