From 13e3b235be2a9696681d8a2fbe2058c6516b7b9b Mon Sep 17 00:00:00 2001 From: Jedrzej Jajor <4048077+jedrzejj@users.noreply.github.com> Date: Fri, 16 Jun 2023 00:20:14 +0200 Subject: [PATCH] Allow to use client authentication with certificate in freshclam --- common/cert_util.h | 1 + common/linux/cert_util_linux.c | 22 ++++++++++++++++++++++ libfreshclam/libfreshclam_internal.c | 1 + 3 files changed, 24 insertions(+) diff --git a/common/cert_util.h b/common/cert_util.h index e2db51fa88..20205095cb 100644 --- a/common/cert_util.h +++ b/common/cert_util.h @@ -29,6 +29,7 @@ * @param curl Pointer to the curl connection handle. */ void set_tls_ca_bundle(CURL *curl); +void set_tls_client_certificate(CURL *curl); #endif /** diff --git a/common/linux/cert_util_linux.c b/common/linux/cert_util_linux.c index fc7fe4e093..40dc89e03d 100644 --- a/common/linux/cert_util_linux.c +++ b/common/linux/cert_util_linux.c @@ -46,6 +46,28 @@ void set_tls_ca_bundle(CURL *curl) } } +void set_tls_client_certificate(CURL *curl) +{ + char *client_certificate; + char *client_key; + + client_certificate = getenv("CURL_CLIENT_CERT"); + if (client_certificate == NULL) + return; + + client_key = getenv("CURL_CLIENT_KEY"); + if (client_key == NULL) + return; + + /* set the cert for client authentication */ + curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM"); + curl_easy_setopt(curl, CURLOPT_SSLCERT, client_certificate); + + /* set the private key type and path */ + curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM"); + curl_easy_setopt(curl, CURLOPT_SSLKEY, client_key); +} + cl_error_t cert_store_load(X509 **trusted_certs, size_t trusted_cert_count) { cl_error_t ret = CL_EOPEN; diff --git a/libfreshclam/libfreshclam_internal.c b/libfreshclam/libfreshclam_internal.c index 055b663f33..542d6cfe88 100644 --- a/libfreshclam/libfreshclam_internal.c +++ b/libfreshclam/libfreshclam_internal.c @@ -728,6 +728,7 @@ static fc_error_t create_curl_handle( } #else set_tls_ca_bundle(curl); + set_tls_client_certificate(curl); #endif *curlHandle = curl;