Support private_key_passwd for GnuTLS (3.1.11+)
It's possible to jump through hoops to support it in older versions too, but that seems a little unnecessary at this point. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
This commit is contained in:
parent
cbe23ffd6d
commit
7d9286d3e7
1 changed files with 14 additions and 1 deletions
|
@ -563,16 +563,29 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
|
||||||
}
|
}
|
||||||
|
|
||||||
if (params->client_cert && params->private_key) {
|
if (params->client_cert && params->private_key) {
|
||||||
/* TODO: private_key_passwd? */
|
#if GNUTLS_VERSION_NUMBER >= 0x03010b
|
||||||
|
ret = gnutls_certificate_set_x509_key_file2(
|
||||||
|
conn->xcred, params->client_cert, params->private_key,
|
||||||
|
GNUTLS_X509_FMT_PEM, params->private_key_passwd, 0);
|
||||||
|
#else
|
||||||
|
/* private_key_passwd not (easily) supported here */
|
||||||
ret = gnutls_certificate_set_x509_key_file(
|
ret = gnutls_certificate_set_x509_key_file(
|
||||||
conn->xcred, params->client_cert, params->private_key,
|
conn->xcred, params->client_cert, params->private_key,
|
||||||
GNUTLS_X509_FMT_PEM);
|
GNUTLS_X509_FMT_PEM);
|
||||||
|
#endif
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
wpa_printf(MSG_DEBUG, "Failed to read client cert/key "
|
wpa_printf(MSG_DEBUG, "Failed to read client cert/key "
|
||||||
"in PEM format: %s", gnutls_strerror(ret));
|
"in PEM format: %s", gnutls_strerror(ret));
|
||||||
|
#if GNUTLS_VERSION_NUMBER >= 0x03010b
|
||||||
|
ret = gnutls_certificate_set_x509_key_file2(
|
||||||
|
conn->xcred, params->client_cert,
|
||||||
|
params->private_key, GNUTLS_X509_FMT_DER,
|
||||||
|
params->private_key_passwd, 0);
|
||||||
|
#else
|
||||||
ret = gnutls_certificate_set_x509_key_file(
|
ret = gnutls_certificate_set_x509_key_file(
|
||||||
conn->xcred, params->client_cert,
|
conn->xcred, params->client_cert,
|
||||||
params->private_key, GNUTLS_X509_FMT_DER);
|
params->private_key, GNUTLS_X509_FMT_DER);
|
||||||
|
#endif
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
wpa_printf(MSG_DEBUG, "Failed to read client "
|
wpa_printf(MSG_DEBUG, "Failed to read client "
|
||||||
"cert/key in DER format: %s",
|
"cert/key in DER format: %s",
|
||||||
|
|
Loading…
Reference in a new issue