cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: SSL Key password from environment variable and not from the command line

From: Rich Gray <rgray_at_plustechnologies.com>
Date: Thu, 12 Jan 2006 08:44:02 -0500

> ------------------------------
>
> Message: 3
> Date: Wed, 11 Jan 2006 16:20:40 +0100 (CET)
> From: Daniel Stenberg <daniel_at_haxx.se>
> Subject: Re: SSL Key password from environment variable and not from
> the command line
> To: the curl tool <curl-users_at_cool.haxx.se>
> Message-ID: <Pine.LNX.4.63.0601111615090.7835_at_yvahk3.pbagnpgbe.fr>
> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
>
> On Wed, 11 Jan 2006, Juergen Brauckmann wrote:
>
> > Please find attached a mini-patch that will tell curl to get the
passphrase
> > for a private key for SSL client authentication from an environment
variable
> > instead of passing the passphrase directly on the command line or
prompting
> > for it.
>
> Thanks for your contribution!
>
> I think the patch could be modified somewhat to be more generic and
thus a lot
> more useful. What if you instead skipped the command line option and
just set
> whatever options you want in the CURL_CMDLINE environment variable
and then
> you have curl parse that variable as if it was a line in a config file
or
> given on the command line?
>
> In your case, you'd set it to "-pass mysecretpassword", but others
might find
> it useful to use -u, -U or other options in that variable...
>
> Don't you agree?

Yes! I like this. The need to hide sensitive stuff from the command
line
meant that I had to burn stdin for a -K - parameter, forcing the data
being
transferred to have to be sent via a temp file.

Why not have a command line option that inserts a specified environment
variable at that point in the command line, much as -K includes a
specified file? Either modify -K to have a special syntax for using
an environment variable rather than file or add something like
--config-env <env var name> which works like -K. This would
a) give the user control of the position(s) where the option(s) get
inserted
b) give the user control over the environment variable name(s)
c) avoid having an extraneous hard coded environment variable
   around with the small chance of name space collision.

Cheers!
- Rich
Received on 2006-01-12