luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ngtcp2: add client certificate authentication for OpenSSL

Browse Source 
Closes #8522
This commit is contained in:
Tatsuhiro Tsujikawa 2022-02-28 21:21:06 +09:00 committed by Daniel Stenberg
parent bec62e39d1
commit c82b281e17
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
3 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
lib/vquic/ngtcp2.c
View File

@ -47,6 +47,7 @@
#include "vquic.h"
#include "h2h3.h"
#include "vtls/keylog.h"
#include "vtls/vtls.h"
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
@ -314,6 +315,25 @@ static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data)
return ssl_ctx;
}
static CURLcode quic_set_client_cert(struct Curl_easy *data,
struct quicsocket *qs)
{
struct connectdata *conn = data->conn;
SSL_CTX *ssl_ctx = qs->sslctx;
char *const ssl_cert = SSL_SET_OPTION(primary.clientcert);
const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob);
const char *const ssl_cert_type = SSL_SET_OPTION(cert_type);
if(ssl_cert || ssl_cert_blob || ssl_cert_type) {
return Curl_ossl_set_client_cert(
data, ssl_ctx, ssl_cert, ssl_cert_blob, ssl_cert_type,
SSL_SET_OPTION(key), SSL_SET_OPTION(key_blob),
SSL_SET_OPTION(key_type), SSL_SET_OPTION(key_passwd));
}
return CURLE_OK;
}
/** SSL callbacks ***/
static int quic_init_ssl(struct quicsocket *qs)
@ -786,6 +806,10 @@ CURLcode Curl_quic_connect(struct Curl_easy *data,
qs->sslctx = quic_ssl_ctx(data);
if(!qs->sslctx)
return CURLE_QUIC_CONNECT_ERROR;
result = quic_set_client_cert(data, qs);
if(result)
return result;
#endif
if(quic_init_ssl(qs))

16
lib/vtls/openssl.c
View File

@ -1167,6 +1167,22 @@ int cert_stuff(struct Curl_easy *data,
return 1;
}
CURLcode Curl_ossl_set_client_cert(struct Curl_easy *data, SSL_CTX *ctx,
char *cert_file,
const struct curl_blob *cert_blob,
const char *cert_type, char *key_file,
const struct curl_blob *key_blob,
const char *key_type, char *key_passwd)
{
int rv = cert_stuff(data, ctx, cert_file, cert_blob, cert_type, key_file,
key_blob, key_type, key_passwd);
if(rv != 1) {
return CURLE_SSL_CERTPROBLEM;
}
return CURLE_OK;
}
/* returns non-zero on failure */
static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
{

8
lib/vtls/openssl.h
View File

@ -43,5 +43,13 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
struct x509_st *server_cert);
extern const struct Curl_ssl Curl_ssl_openssl;
struct ssl_ctx_st;
CURLcode Curl_ossl_set_client_cert(struct Curl_easy *data,
struct ssl_ctx_st *ctx, char *cert_file,
const struct curl_blob *cert_blob,
const char *cert_type, char *key_file,
const struct curl_blob *key_blob,
const char *key_type, char *key_passwd);
#endif /* USE_OPENSSL */
#endif /* HEADER_CURL_SSLUSE_H */