Re: SSL Key password from environment variable and not from the command line
Date: Thu, 12 Jan 2006 08:44:02 -0500
> Message: 3
> Date: Wed, 11 Jan 2006 16:20:40 +0100 (CET)
> From: Daniel Stenberg <daniel_at_haxx.se>
> Subject: Re: SSL Key password from environment variable and not from
> the command line
> To: the curl tool <curl-users_at_cool.haxx.se>
> Message-ID: <Pine.LNX.4.63.0601111615090.7835_at_yvahk3.pbagnpgbe.fr>
> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
> On Wed, 11 Jan 2006, Juergen Brauckmann wrote:
> > Please find attached a mini-patch that will tell curl to get the
> > for a private key for SSL client authentication from an environment
> > instead of passing the passphrase directly on the command line or
> > for it.
> Thanks for your contribution!
> I think the patch could be modified somewhat to be more generic and
thus a lot
> more useful. What if you instead skipped the command line option and
> whatever options you want in the CURL_CMDLINE environment variable
> you have curl parse that variable as if it was a line in a config file
> given on the command line?
> In your case, you'd set it to "-pass mysecretpassword", but others
> it useful to use -u, -U or other options in that variable...
> Don't you agree?
Yes! I like this. The need to hide sensitive stuff from the command
meant that I had to burn stdin for a -K - parameter, forcing the data
transferred to have to be sent via a temp file.
Why not have a command line option that inserts a specified environment
variable at that point in the command line, much as -K includes a
specified file? Either modify -K to have a special syntax for using
an environment variable rather than file or add something like
--config-env <env var name> which works like -K. This would
a) give the user control of the position(s) where the option(s) get
b) give the user control over the environment variable name(s)
c) avoid having an extraneous hard coded environment variable
around with the small chance of name space collision.
Received on 2006-01-12