Package: elinks
Version: 0.12~pre6-10
Severity: wishlist
Hi!
Was checking into the Debian SSO implementation
<https://wiki.debian.org/DebianSingleSignOn>, and noticed that elinks
does not support client certs. I've implemented this, but due to the
GnuTLS rehandshake issue, I've not been able to test them. Once the
other issue is fixed I could probably take another look at this. It
might also make sense to have two options, one for the public and
private key files.
Thanks,
Guillem
diff --git a/src/network/ssl/ssl.c b/src/network/ssl/ssl.c
index 363245d..6310018 100644
--- a/src/network/ssl/ssl.c
+++ b/src/network/ssl/ssl.c
@@ -147,6 +147,21 @@ init_gnutls(struct module *module)
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
}
+ if (get_opt_bool("connection.ssl.client_cert.enable")) {
+ unsigned char *client_cert;
+
+ client_cert = get_opt_str("connection.ssl.client_cert.file");
+ if (!*client_cert) {
+ client_cert = getenv("X509_CLIENT_CERT");
+ if (client_cert && !*client_cert)
+ client_cert = NULL;
+ }
+
+ if (client_cert) {
+ gnutls_certificate_set_x509_key_file(xcred,
+ client_cert, client_cert, GNUTLS_X509_FMT_PEM);
+ }
+ }
}
static void
@@ -181,6 +196,22 @@ static union option_info gnutls_options[] = {
"restart ELinks for the changes to take effect. "
"This option affects GnuTLS but not OpenSSL.")),
+ INIT_OPT_TREE("connection.ssl", N_("Client Certificates"),
+ "client_cert", OPT_SORT,
+ N_("X509 client certificate options.")),
+
+ INIT_OPT_BOOL("connection.ssl.client_cert", N_("Enable"),
+ "enable", 0, 0,
+ N_("Enable or not the sending of X509 client certificates "
+ "to servers which request them.")),
+
+ INIT_OPT_STRING("connection.ssl.client_cert", N_("Certificate File"),
+ "file", 0, "",
+ N_("The location of a file containing the client certificate "
+ "and unencrypted private key in PEM format. If unset, the "
+ "file pointed to by the X509_CLIENT_CERT variable is used "
+ "instead.")),
+
NULL_OPTION_INFO,
};
