Permalink
Browse files

Add -R (ssl client certificate) and -S (private key) command line opt…

…ions.
  • Loading branch information...
merlino authored and gianm committed Jul 11, 2011
1 parent 764d1e8 commit 9983e7cdbf8c9b963b16d59ca559a23f6869b1ef
Showing with 41 additions and 1 deletion.
  1. +9 −1 c/client.c
  2. +6 −0 c/doc/zsync.1
  3. +24 −0 c/http.c
  4. +2 −0 c/http.h
View
@@ -434,7 +434,7 @@ int main(int argc, char **argv) {
srand(getpid());
{ /* Option parsing */
int opt;
- while ((opt = getopt(argc, argv, "A:k:o:i:Vsqvu:C:KT:I:")) != -1) {
+ while ((opt = getopt(argc, argv, "A:k:o:i:Vsqvu:C:KT:I:R:S:")) != -1) {
switch (opt) {
case 'A': /* Authentication options for remote server */
{ /* Scan string as hostname=username:password */
@@ -494,6 +494,14 @@ int main(int argc, char **argv) {
/* Insecure (disable SSL host/peer verification) */
be_insecure = 1;
break;
+ case 'R':
+ /* SSL certificate path */
+ sslcert = strdup(optarg);
+ break;
+ case 'S':
+ /* SSL private key path */
+ sslkey = strdup(optarg);
+ break;
case 'T':
/* Timeout */
{
View
@@ -55,6 +55,12 @@ links work).
\fB\-C\fR \fIcacert\fP
Use the specified certificate file to verify the peer when making https connections. This option overrides the ZSYNC_CA_BUNDLE environment variable.
.TP
+\fB\-R\fR \fIsslcert\fP
+Use the specified client-side certificate file when making https connections.
+.TP
+\fB\-S\fR \fIsslkey\fP
+Use the specified client-side private key file when making https connections.
+.TP
\fB\-I\fR \fIinterface\fP
Attempt to use this interface name, IP address or hostname as the source of http connections.
.TP
View
@@ -60,6 +60,10 @@ char *cacert = NULL;
/* Should we tell curl to use a particular interface (or IP or hostname)? */
char *want_interface = NULL;
+/* Should we tell curl to use a particular SSL public / private cert? */
+char *sslcert = NULL;
+char *sslkey = NULL;
+
/* Should we tell curl to ignore SSL peer verification? */
int be_insecure = 0;
@@ -131,6 +135,26 @@ CURL *make_curl_handle() {
}
}
+ if(sslcert) {
+ /* -R */
+ res = curl_easy_setopt( curl, CURLOPT_SSLCERT, sslcert );
+ if( res != CURLE_OK ) {
+ fprintf(stderr, "-R: %s\n", curl_easy_strerror(res));
+ curl_easy_cleanup(curl);
+ return NULL;
+ }
+ }
+
+ if(sslkey) {
+ /* -S */
+ res = curl_easy_setopt( curl, CURLOPT_SSLKEY, sslkey );
+ if( res != CURLE_OK ) {
+ fprintf(stderr, "-S: %s\n", curl_easy_strerror(res));
+ curl_easy_cleanup(curl);
+ return NULL;
+ }
+ }
+
if(want_interface) {
/* -I */
res = curl_easy_setopt( curl, CURLOPT_INTERFACE, want_interface );
View
@@ -21,6 +21,8 @@ extern char *referer;
extern char *cacert;
extern char *want_interface;
+extern char *sslcert;
+extern char *sslkey;
extern int be_insecure;
extern int be_verbose;
extern long use_timeout;

0 comments on commit 9983e7c

Please sign in to comment.