On Tue, 22 Sep 2015, Mike Crowe wrote:
IMO this failure should happen much earlier, ideally when CURLOPT_KEYPASSWD
is set in Curl_setopt(), like we do for e.g. CURLOPT_SSL_VERIFYSTATUS.
Other TLS backends that support CURLOPT_KEYPASSWD should be updated as
well, but that should probably go in a separate patch.
The main part of the patch tries to bring GnuTLS up to the same level of
functionality as OpenSSL (and presumably other SSL backends.) I believe that
your suggestion would involve modifying all the SSL backends.
I agree that detecting failure earlier would be useful but since the
certificate, the key and the password are all be set in any order using
separate curl_easy_setopt calls, I don't believe that it can be done
reliably at that stage whilst maintaining compatibility.
I'll agree with both of you here!
I think we should fix this for all backends and we should make the non-
working ones fail early, but I also think that this patch is a good step
forward at least so I'll start with merging this asap.
Thanks a lot for your work!
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
