Allow to use client authentication with certificate in freshclam

common/cert_util.h

@@ -29,6 +29,7 @@
  * @param curl Pointer to the curl connection handle.
  */
 void set_tls_ca_bundle(CURL *curl);
+void set_tls_client_certificate(CURL *curl);
 #endif
 
 /**

common/linux/cert_util_linux.c

@@ -46,6 +46,28 @@ void set_tls_ca_bundle(CURL *curl)
     }
 }
 
+void set_tls_client_certificate(CURL *curl)
+{
+    char *client_certificate;
+    char *client_key;
+
+    client_certificate = getenv("CURL_CLIENT_CERT");
+    if (client_certificate == NULL)
+        return;
+
+    client_key = getenv("CURL_CLIENT_KEY");
+    if (client_key == NULL)
+        return;
+
+    /* set the cert for client authentication */
+    curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
+    curl_easy_setopt(curl, CURLOPT_SSLCERT, client_certificate);
+
+    /* set the private key type and path */
+    curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM");
+    curl_easy_setopt(curl, CURLOPT_SSLKEY, client_key);
+}
+
 cl_error_t cert_store_load(X509 **trusted_certs, size_t trusted_cert_count)
 {
     cl_error_t ret      = CL_EOPEN;

libfreshclam/libfreshclam_internal.c

@@ -728,6 +728,7 @@ static fc_error_t create_curl_handle(
     }
 #else
     set_tls_ca_bundle(curl);
+    set_tls_client_certificate(curl);
 #endif
 
     *curlHandle = curl;