diff options
author | Christian Grothoff <christian@grothoff.org> | 2020-07-16 17:40:14 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2020-07-16 17:40:37 +0200 |
commit | ee1fbffa1c42f7ac3fc897e73e90c525037dd915 (patch) | |
tree | b8b5f553413fb99a92a59786862ba25049f62725 /src/curl | |
parent | 23820348b1221c78dc2d4eca9a234c375bbc68cb (diff) | |
download | gnunet-ee1fbffa1c42f7ac3fc897e73e90c525037dd915.tar.gz gnunet-ee1fbffa1c42f7ac3fc897e73e90c525037dd915.zip |
support context-wide client authentication
Diffstat (limited to 'src/curl')
-rw-r--r-- | src/curl/curl.c | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/src/curl/curl.c b/src/curl/curl.c index a63a10f3b..f43670944 100644 --- a/src/curl/curl.c +++ b/src/curl/curl.c | |||
@@ -170,10 +170,93 @@ struct GNUNET_CURL_Context | |||
170 | * Closure for @e cb. | 170 | * Closure for @e cb. |
171 | */ | 171 | */ |
172 | void *cb_cls; | 172 | void *cb_cls; |
173 | |||
174 | /** | ||
175 | * USERNAME:PASSWORD to use for client-authentication | ||
176 | * with all requests of this context, or NULL. | ||
177 | */ | ||
178 | char *userpass; | ||
179 | |||
180 | /** | ||
181 | * Type of the TLS client certificate used, or NULL. | ||
182 | */ | ||
183 | char *certtype; | ||
184 | |||
185 | /** | ||
186 | * File with the TLS client certificate, or NULL. | ||
187 | */ | ||
188 | char *certfile; | ||
189 | |||
190 | /** | ||
191 | * File with the private key to authenticate the | ||
192 | * TLS client, or NULL. | ||
193 | */ | ||
194 | char *keyfile; | ||
195 | |||
196 | /** | ||
197 | * Passphrase to decrypt @e keyfile, or NULL. | ||
198 | */ | ||
199 | char *keypass; | ||
200 | |||
173 | }; | 201 | }; |
174 | 202 | ||
175 | 203 | ||
176 | /** | 204 | /** |
205 | * Force use of the provided username and password | ||
206 | * for client authentication for all operations performed | ||
207 | * with @a ctx. | ||
208 | * | ||
209 | * @param ctx context to set authentication data for | ||
210 | * @param userpass string with "$USERNAME:$PASSWORD" | ||
211 | */ | ||
212 | void | ||
213 | GNUNET_CURL_set_userpass (struct GNUNET_CURL_Context *ctx, | ||
214 | const char *userpass) | ||
215 | { | ||
216 | GNUNET_free (ctx->userpass); | ||
217 | if (NULL != userpass) | ||
218 | ctx->userpass = GNUNET_strdup (userpass); | ||
219 | } | ||
220 | |||
221 | |||
222 | /** | ||
223 | * Force use of the provided TLS client certificate | ||
224 | * for client authentication for all operations performed | ||
225 | * with @a ctx. | ||
226 | * | ||
227 | * Note that if the provided information is incorrect, | ||
228 | * the earliest operation that could fail is | ||
229 | * #GNUNET_CURL_job_add() or #GNUNET_CURL_job_add2()! | ||
230 | * | ||
231 | * @param ctx context to set authentication data for | ||
232 | * @param certtype type of the certificate | ||
233 | * @param certfile file with the certificate | ||
234 | * @param keyfile file with the private key | ||
235 | * @param keypass passphrase to decrypt @a keyfile (or NULL) | ||
236 | */ | ||
237 | void | ||
238 | GNUNET_CURL_set_tlscert (struct GNUNET_CURL_Context *ctx, | ||
239 | const char *certtype, | ||
240 | const char *certfile, | ||
241 | const char *keyfile, | ||
242 | const char *keypass) | ||
243 | { | ||
244 | GNUNET_free (ctx->certtype); | ||
245 | GNUNET_free (ctx->certfile); | ||
246 | GNUNET_free (ctx->keyfile); | ||
247 | GNUNET_free (ctx->keypass); | ||
248 | if (NULL != certtype) | ||
249 | ctx->certtype = GNUNET_strdup (certtype); | ||
250 | if (NULL != certfile) | ||
251 | ctx->certfile = GNUNET_strdup (certfile); | ||
252 | if (NULL != keyfile) | ||
253 | ctx->certtype = GNUNET_strdup (keyfile); | ||
254 | if (NULL != keypass) | ||
255 | ctx->certtype = GNUNET_strdup (keypass); | ||
256 | } | ||
257 | |||
258 | |||
259 | /** | ||
177 | * Initialise this library. This function should be called before using any of | 260 | * Initialise this library. This function should be called before using any of |
178 | * the following functions. | 261 | * the following functions. |
179 | * | 262 | * |
@@ -457,6 +540,32 @@ GNUNET_CURL_job_add2 (struct GNUNET_CURL_Context *ctx, | |||
457 | struct curl_slist *all_headers; | 540 | struct curl_slist *all_headers; |
458 | 541 | ||
459 | GNUNET_assert (NULL != jcc); | 542 | GNUNET_assert (NULL != jcc); |
543 | if ( (NULL != ctx->userpass) && | ||
544 | (0 != curl_easy_setopt (eh, | ||
545 | CURLOPT_USERPWD, | ||
546 | ctx->userpass)) ) | ||
547 | return NULL; | ||
548 | if ( (NULL != ctx->certfile) && | ||
549 | (0 != curl_easy_setopt (eh, | ||
550 | CURLOPT_SSLCERT, | ||
551 | ctx->certfile)) ) | ||
552 | return NULL; | ||
553 | if ( (NULL != ctx->certtype) && | ||
554 | (0 != curl_easy_setopt (eh, | ||
555 | CURLOPT_SSLCERTTYPE, | ||
556 | ctx->certtype)) ) | ||
557 | return NULL; | ||
558 | if ( (NULL != ctx->keyfile) && | ||
559 | (0 != curl_easy_setopt (eh, | ||
560 | CURLOPT_SSLKEY, | ||
561 | ctx->keyfile)) ) | ||
562 | return NULL; | ||
563 | if ( (NULL != ctx->keypass) && | ||
564 | (0 != curl_easy_setopt (eh, | ||
565 | CURLOPT_KEYPASSWD, | ||
566 | ctx->keypass)) ) | ||
567 | return NULL; | ||
568 | |||
460 | all_headers = setup_job_headers (ctx, | 569 | all_headers = setup_job_headers (ctx, |
461 | job_headers); | 570 | job_headers); |
462 | if (NULL == (job = setup_job (eh, | 571 | if (NULL == (job = setup_job (eh, |
@@ -899,6 +1008,11 @@ GNUNET_CURL_fini (struct GNUNET_CURL_Context *ctx) | |||
899 | curl_share_cleanup (ctx->share); | 1008 | curl_share_cleanup (ctx->share); |
900 | curl_multi_cleanup (ctx->multi); | 1009 | curl_multi_cleanup (ctx->multi); |
901 | curl_slist_free_all (ctx->common_headers); | 1010 | curl_slist_free_all (ctx->common_headers); |
1011 | GNUNET_free (ctx->userpass); | ||
1012 | GNUNET_free (ctx->certtype); | ||
1013 | GNUNET_free (ctx->certfile); | ||
1014 | GNUNET_free (ctx->keyfile); | ||
1015 | GNUNET_free (ctx->keypass); | ||
902 | GNUNET_free (ctx); | 1016 | GNUNET_free (ctx); |
903 | } | 1017 | } |
904 | 1018 | ||