This release includes the following changes:
+ o PKCS12 certificate support added
o added CURLINFO_SSL_ENGINES (and "--engine list")
o new configure options: --disable-cookies, --disable-crypto-auth and
--disable-verbose
This release includes the following bugfixes:
+ o curl -E on windows accepts "c:/path" with forward-slash
o various improvements for large file support on windows
o file handle leak in aborted multipart formpost file upload
o -T upload multiple files with backslashes in file names
advice from friends like these:
Peter Wullinger, Guillaume Arluison, Alexander Krasnostavsky, Mohun Biswas,
- Tomas Pospisek, Gisle Vanem, Dan Fandrich, Paul Nolan, Andres Garcia,
- Tim Sneddon, Ian Gulliver, Jean-Philippe Barrette-LaPierre, Jeff Phillips,
+ Tomas Pospisek, Gisle Vanem, Dan Fandrich, Paul Nolan, Andres Garcia, Tim
+ Sneddon, Ian Gulliver, Jean-Philippe Barrette-LaPierre, Jeff Phillips,
Wojciech Zwiefka, David Phillips, Reinout van Schouwen, Maurice Barnum,
Richard Atterer, Rene Bernhardt, Matt Veenstra, Bryan Henderson, Ton Voon,
- Kai Sommerfeld, David Byron, Harshal Pradhan, Tom Lee, Dinar
+ Kai Sommerfeld, David Byron, Harshal Pradhan, Tom Lee, Dinar, Jean-Marc
+ Ranger, Samuel Listopad
Thanks! (and sorry if I forgot to mention someone)
#undef HAVE_ENGINE_LOAD_FOUR_ARGS
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x00903001L
+/* OpenSSL has PKCS 12 support */
+#define HAVE_PKCS12_SUPPORT
+#include <openssl/pkcs12.h>
+#else
+/* OpenSSL/SSLEay does not have PKCS12 support */
+#undef HAVE_PKCS12_SUPPORT
+#endif
+
+
#if OPENSSL_VERSION_NUMBER >= 0x00906001L
#define HAVE_ERR_ERROR_STRING_N 1
#endif
#ifndef SSL_FILETYPE_ENGINE
#define SSL_FILETYPE_ENGINE 42
#endif
+#ifndef SSL_FILETYPE_PKCS12
+#define SSL_FILETYPE_PKCS12 43
+#endif
static int do_file_type(const char *type)
{
if(!type || !type[0])
return SSL_FILETYPE_ASN1;
if(curl_strequal(type, "ENG"))
return SSL_FILETYPE_ENGINE;
+ if(curl_strequal(type, "P12"))
+ return SSL_FILETYPE_PKCS12;
return -1;
}
if(cert_file != NULL) {
SSL *ssl;
X509 *x509;
+ int cert_done = 0;
if(data->set.key_passwd) {
#ifndef HAVE_USERDATA_IN_PWD_CALLBACK
failf(data, "file type ENG for certificate not implemented");
return 0;
+ case SSL_FILETYPE_PKCS12:
+ {
+#ifdef HAVE_PKCS12_SUPPORT
+ FILE *f;
+ PKCS12 *p12;
+ EVP_PKEY *pri;
+
+ f = fopen(cert_file,"rb");
+ if (!f) {
+ failf(data, "could not open PKCS12 file '%s'", cert_file);
+ return 0;
+ }
+ p12 = d2i_PKCS12_fp(f, NULL);
+ fclose(f);
+
+ PKCS12_PBE_add();
+
+ if (!PKCS12_parse(p12, data->set.key_passwd, &pri, &x509, NULL)) {
+ failf(data,
+ "could not parse PKCS12 file, check password, OpenSSL error %s",
+ ERR_error_string(ERR_get_error(), NULL) );
+ return 0;
+ }
+
+ PKCS12_free(p12);
+
+ if(SSL_CTX_use_certificate(ctx, x509) != 1) {
+ failf(data, SSL_CLIENT_CERT_ERR);
+ EVP_PKEY_free(pri);
+ X509_free(x509);
+ return 0;
+ }
+
+ if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {
+ failf(data, "unable to use private key from PKCS12 file '%s'",
+ cert_file);
+ EVP_PKEY_free(pri);
+ X509_free(x509);
+ return 0;
+ }
+
+ EVP_PKEY_free(pri);
+ X509_free(x509);
+ cert_done = 1;
+ break;
+#else
+ failf(data, "file type P12 for certificate not supported");
+ return 0;
+#endif
+ }
default:
failf(data, "not supported file type '%s' for certificate", cert_type);
return 0;
switch(file_type) {
case SSL_FILETYPE_PEM:
+ if(cert_done)
+ break;
if(key_file == NULL)
/* cert & key can only be in PEM case in the same file */
key_file=cert_file;
failf(data, "file type ENG for private key not supported\n");
return 0;
#endif
+ case SSL_FILETYPE_PKCS12:
+ if(!cert_done) {
+ failf(data, "file type P12 for private key not supported\n");
+ return 0;
+ }
+ break;
default:
failf(data, "not supported file type for private key\n");
return 0;
projects / curl / commitdiff