curl-library
Embed client cert and key into libcurl when using mbed TLS as backend
Date: Wed, 6 Jan 2016 07:55:15 +0100
Hello Mindaugas,
the following untested patch against libcurl should do what you want:
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index da869e2..31058ef 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -68,6 +68,9 @@ static mbedtls_entropy_context entropy;
static int entropy_init_initialized = 0;
+static const char *cert = "-----BEGIN CERTIFICATE----- ....";
+static const char *key = "-----BEGIN RSA PRIVATE KEY----- ....";
+
/* start of entropy_init_mutex() */
static void entropy_init_mutex(mbedtls_entropy_context *ctx)
{
@@ -300,6 +303,17 @@ mbedtls_connect_step1(struct connectdata *conn,
}
}
+ ret = mbedtls_x509_crt_parse(&connssl->clicert, cert, sizeof(cert));
+ if(ret) {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* MBEDTLS_ERROR_C */
+ failf(data, "Error reading client cert file %s - mbedTLS: (-0x%04X) %s",
+ cert, -ret, errorbuf);
+
+ return CURLE_SSL_CERTPROBLEM;
+ }
+
/* Load the client private key */
if(data->set.str[STRING_KEY]) {
mbedtls_pk_init(&connssl->pk);
@@ -319,6 +333,22 @@ mbedtls_connect_step1(struct connectdata *conn,
}
}
+ mbedtls_pk_init(&connssl->pk);
+ ret = mbedtls_pk_parse_key(&connssl->pk, key, sizeof(key), NULL, 0);
+ if(ret == 0 && !mbedtls_pk_can_do(&connssl->pk, MBEDTLS_PK_RSA))
+ ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
+
+ if(ret) {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* MBEDTLS_ERROR_C */
+ failf(data, "Error reading private key %s - mbedTLS: (-0x%04X) %s",
+ key, -ret, errorbuf);
+
+ return CURLE_SSL_CERTPROBLEM;
+ }
+ }
+
/* Load the CRL */
memset(&connssl->crl, 0, sizeof(mbedtls_x509_crl));
You have to compile libcurl afterwards.
Cheers,
Thomas
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2016-01-06