From ad3e4762758fb002df5d1fdf56383c8347020141 Mon Sep 17 00:00:00 2001 From: Alex Snast Date: Mon, 24 Jun 2024 14:28:23 -0700 Subject: [PATCH] wolfssl: assume key_file equal to clientcert in the absence of key_file When user sets CURLOPT_SSLCERT but leaves CURLOPT_SSLKEY unset assume the path passed in CURLOPT_SSLCERT holds the ssl key which is what we do in openssl implementation. Fixes #14007 Closes #14008 --- lib/vtls/wolfssl.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c index 9f89a972b2..94a009e5b2 100644 --- a/lib/vtls/wolfssl.c +++ b/lib/vtls/wolfssl.c @@ -759,7 +759,8 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) #ifndef NO_FILESYSTEM /* Load the client certificate, and private key */ - if(ssl_config->primary.clientcert && ssl_config->key) { + if(ssl_config->primary.clientcert) { + char *key_file = ssl_config->key; int file_type = do_file_type(ssl_config->cert_type); if(file_type == WOLFSSL_FILETYPE_PEM) { @@ -783,8 +784,12 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) return CURLE_BAD_FUNCTION_ARGUMENT; } - file_type = do_file_type(ssl_config->key_type); - if(wolfSSL_CTX_use_PrivateKey_file(backend->ctx, ssl_config->key, + if(!key_file) + key_file = ssl_config->primary.clientcert; + else + file_type = do_file_type(ssl_config->key_type); + + if(wolfSSL_CTX_use_PrivateKey_file(backend->ctx, key_file, file_type) != 1) { failf(data, "unable to set private key"); return CURLE_SSL_CONNECT_ERROR;