github-repos/wget
1
0
Fork 0
mirror of https://github.com/mirror/wget.git synced 2025-03-26 01:30:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

Enable client certificates when GNU TLS is used.

Browse Source
This commit is contained in:
Daniel Kahn Gillmor 2012-04-07 14:43:12 +02:00 committed by Giuseppe Scrivano
parent 08a147c672
commit 154d499be2
3 changed files with 51 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@ -22,6 +22,8 @@ Please send GNU Wget bug reports to <bug-wget@gnu.org>.
** Report stdout close errors. ** Report stdout close errors.
** Accept the --bit option. ** Accept the --bit option.
** Enable client certificates when GNU TLS is used.
* Changes in Wget 1.13.4 * Changes in Wget 1.13.4

5
src/ChangeLog
View File

@ -1,3 +1,8 @@
2012-04-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net> (tiny change)
* gnutls.c (key_type_to_gnutls_type): New function.
(ssl_init): Use correctly the specified gnutls certificate.
2012-04-01 Gijs van Tulder <gvtulder@gmail.com> 2012-04-01 Gijs van Tulder <gvtulder@gmail.com>
* html-url.c: Prevent crash on incomplete STYLE tag. * html-url.c: Prevent crash on incomplete STYLE tag.

44
src/gnutls.c
View File

@ -54,6 +54,20 @@ as that of the covered work. */
# include "w32sock.h" # include "w32sock.h"
#endif #endif
static int
key_type_to_gnutls_type (enum keyfile_type type)
{
switch (type)
{
case keyfile_pem:
return GNUTLS_X509_FMT_PEM;
case keyfile_asn1:
return GNUTLS_X509_FMT_DER;
default:
abort ();
}
}
/* Note: some of the functions private to this file have names that /* Note: some of the functions private to this file have names that
begin with "wgnutls_" (e.g. wgnutls_read) so that they wouldn't be begin with "wgnutls_" (e.g. wgnutls_read) so that they wouldn't be
confused with actual gnutls functions -- such as the gnutls_read confused with actual gnutls functions -- such as the gnutls_read
@ -108,6 +122,36 @@ ssl_init ()
closedir (dir); closedir (dir);
} }
/* Use the private key from the cert file unless otherwise specified. */
if (opt.cert_file && !opt.private_key)
{
opt.private_key = opt.cert_file;
opt.private_key_type = opt.cert_type;
}
/* Use the cert from the private key file unless otherwise specified. */
if (!opt.cert_file && opt.private_key)
{
opt.cert_file = opt.private_key;
opt.cert_type = opt.private_key_type;
}
if (opt.cert_file && opt.private_key)
{
int type;
if (opt.private_key_type != opt.cert_type)
{
/* GnuTLS can't handle this */
logprintf (LOG_NOTQUIET, _("ERROR: GnuTLS requires the key and the \
cert to be of the same type.\n"));
}
type = key_type_to_gnutls_type (opt.private_key_type);
gnutls_certificate_set_x509_key_file (credentials, opt.cert_file,
opt.private_key,
type);
}
if (opt.ca_cert) if (opt.ca_cert)
gnutls_certificate_set_x509_trust_file (credentials, opt.ca_cert, gnutls_certificate_set_x509_trust_file (credentials, opt.ca_cert,
GNUTLS_X509_FMT_PEM); GNUTLS_X509_FMT_PEM);