Here's my second attempt at getting the certificate password into the credential
store. I tested from a working PKI setup and found curl--at least reasonable
recent versions of it--return CURLE_SSL_CERTPROBLEM:
CURLE_SSL_CERTPROBLEM (58)
problem with the local client certificate.
It appears there could be another possible error from curl:
CURLE_SSL_CONNECT_ERROR (35)
A problem occurred somewhere in the SSL/TLS handshake. You
really want the error buffer and read the message there as it
pinpoints the problem slightly more. Could be certificates (file
formats, paths, permissions), passwords, and others.
This seems less likely to be a bad client password scenario, so I did not look
for this particular error to reject it.
I also added one other small patch to remove the check of a non-empty password
before calling credential_store() for proxy_auth, as credential_store() already
checks for a non-empty password and gracefully handles it when it doesn't.
-John
John Szakmeister (2):
http: store credential when PKI auth is used
http: drop the check for an empty proxy password before approving
http.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
--
2.30.1
