On Tue, 22 Sep 2015, Mike Crowe wrote:

>> IMO this failure should happen much earlier, ideally when CURLOPT_KEYPASSWD
>> is set in Curl_setopt(), like we do for e.g. CURLOPT_SSL_VERIFYSTATUS.
>> Other TLS backends that support CURLOPT_KEYPASSWD should be updated as
>> well, but that should probably go in a separate patch.
>
> The main part of the patch tries to bring GnuTLS up to the same level of
> functionality as OpenSSL (and presumably other SSL backends.) I believe that
> your suggestion would involve modifying all the SSL backends.
>
> I agree that detecting failure earlier would be useful but since the
> certificate, the key and the password are all be set in any order using
> separate curl_easy_setopt calls, I don't believe that it can be done
> reliably at that stage whilst maintaining compatibility.

I'll agree with both of you here!

I think we should fix this for all backends and we should make the non-
working ones fail early, but I also think that this patch is a good step
forward at least so I'll start with merging this asap.

Thanks a lot for your work!

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html