File 0001-http-Check-for-PKCS-11-URI-in-ssl_cert-and... of Package git

Overview Repositories Revisions Requests Users Attributes Meta

File 0001-http-Check-for-PKCS-11-URI-in-ssl_cert-and-set.patch of Package git

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Bidar?= <bjorn.bidar@jolla.com>
Date: Thu, 19 May 2022 14:24:18 +0300
Subject: [PATCH] http: Check for PKCS#11 URI in ssl_cert and set
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Curl can use the PKCS#11 URI for certificates but the type has to be
set to "ENG" for it to do so.

Curl it self detects it by checking the cert for pkcs11: and set the
type to engine implicitly.
This patch adapts the change the same change for git.

Signed-off-by: Björn Bidar <bjorn.bidar@jolla.com>
---
 http.c | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/http.c b/http.c
index bb58bb3e6a3a47163b911d8276f5c185eada003b..caa99b7d9834152dd5f8fcad8aae2ee3bb918020 100644
--- a/http.c
+++ b/http.c
@@ -149,6 +149,19 @@ static int http_schannel_check_revoke = 1;
  */
 static int http_schannel_use_ssl_cainfo;
 
+/*
+ * Check if a given string is a PKCS#11 URI
+ */
+static int is_pkcs11_uri(const char *string)
+{
+	if(curl_strnequal(string, "pkcs11:", 7)) {
+		return 1;
+	}
+	else {
+		return 0;
+	}
+}
+
 size_t fread_buffer(char *ptr, size_t eltsize, size_t nmemb, void *buffer_)
 {
 	size_t size = eltsize * nmemb;
@@ -1022,8 +1035,10 @@ static CURL *get_curl_handle(void)
 
 	if (ssl_cert)
 		curl_easy_setopt(result, CURLOPT_SSLCERT, ssl_cert);
-	if (ssl_cert_type)
+	if (ssl_cert_type) {
 		curl_easy_setopt(result, CURLOPT_SSLCERTTYPE, ssl_cert_type);
+	} else if (ssl_cert && (is_pkcs11_uri(ssl_cert)))
+		curl_easy_setopt(result, CURLOPT_SSLCERTTYPE, "ENG");
 	if (has_cert_password())
 		curl_easy_setopt(result, CURLOPT_KEYPASSWD, cert_auth.password);
 	if (ssl_key)
@@ -1146,8 +1161,11 @@ static CURL *get_curl_handle(void)
 		else if (starts_with(curl_http_proxy, "https")) {
 			curl_easy_setopt(result, CURLOPT_PROXYTYPE, CURLPROXY_HTTPS);
 
-			if (http_proxy_ssl_cert)
+			if (http_proxy_ssl_cert) {
 				curl_easy_setopt(result, CURLOPT_PROXY_SSLCERT, http_proxy_ssl_cert);
+				if (is_pkcs11_uri(ssl_cert))
+					curl_easy_setopt(result, CURLOPT_PROXY_SSLCERT, "ENG");
+			}
 
 			if (http_proxy_ssl_key)
 				curl_easy_setopt(result, CURLOPT_PROXY_SSLKEY, http_proxy_ssl_key);

Places

File 0001-http-Check-for-PKCS-11-URI-in-ssl_cert-and-set.patch of Package git

Places