diff options
author | Thomas Glanzmann <thomas@glanzmann.de> | 2016-11-25 10:47:25 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2016-11-25 10:49:38 +0100 |
commit | 4f8b17743d7c55a0bfb48463238c88564875ae47 (patch) | |
tree | ea77a17d0cc904146e5bd17909c5c4dfbe1002ea /lib/vtls/polarssl.c | |
parent | 1232dbb8bd49b5502834ae9dd9f7ab1cb7a88b7b (diff) | |
download | gnurl-4f8b17743d7c55a0bfb48463238c88564875ae47.tar.gz gnurl-4f8b17743d7c55a0bfb48463238c88564875ae47.tar.bz2 gnurl-4f8b17743d7c55a0bfb48463238c88564875ae47.zip |
HTTPS Proxy: Implement CURLOPT_PROXY_PINNEDPUBLICKEY
Diffstat (limited to 'lib/vtls/polarssl.c')
-rw-r--r-- | lib/vtls/polarssl.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c index f2f973c50..4bba3e3f2 100644 --- a/lib/vtls/polarssl.c +++ b/lib/vtls/polarssl.c @@ -397,6 +397,10 @@ polarssl_connect_step2(struct connectdata *conn, struct Curl_easy *data = conn->data; struct ssl_connect_data* connssl = &conn->ssl[sockindex]; char buffer[1024]; + const char * const pinnedpubkey = SSL_IS_PROXY() ? + data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] : + data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]; + char errorbuf[128]; errorbuf[0] = 0; @@ -458,7 +462,7 @@ polarssl_connect_step2(struct connectdata *conn, } /* adapted from mbedtls.c */ - if(data->set.str[STRING_SSL_PINNEDPUBLICKEY]) { + if(pinnedpubkey) { int size; CURLcode result; x509_crt *p; @@ -500,7 +504,7 @@ polarssl_connect_step2(struct connectdata *conn, /* pk_write_pubkey_der writes data at the end of the buffer. */ result = Curl_pin_peer_pubkey(data, - data->set.str[STRING_SSL_PINNEDPUBLICKEY], + pinnedpubkey, &pubkey[PUB_DER_MAX_BYTES - size], size); if(result) { x509_crt_free(p); |