1

您好,我正在使用 libcurl 实现一个应用程序。我在内存中有一个证书和私钥。

const char *cert = "-----BEGIN CERTIFICATE----- ...."; 
const char *key = "-----BEGIN RSA PRIVATE KEY----- ....";

我找到了一个如何使用 openSSL http://curl.haxx.se/libcurl/c/usercertinmem.html的示例,但根据文档,这种方法仅适用于 OpenSSL 或 wolfSSL/CyaSSL。

4

1 回答 1

1

以下未经测试的补丁可以满足您的需求。但是你必须重新编译 curl。

diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index da869e2..31058ef 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -68,6 +68,9 @@ static mbedtls_entropy_context entropy;

 static int  entropy_init_initialized  = 0;

+static const char *cert = "-----BEGIN CERTIFICATE----- ....";
+static const char *key = "-----BEGIN RSA PRIVATE KEY----- ....";
+
 /* start of entropy_init_mutex() */
 static void entropy_init_mutex(mbedtls_entropy_context *ctx)
 {
@@ -300,6 +303,17 @@ mbedtls_connect_step1(struct connectdata *conn,
     }
   }

+  ret = mbedtls_x509_crt_parse(&connssl->clicert, cert, sizeof(cert));
+  if(ret) {
+#ifdef MBEDTLS_ERROR_C
+    mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* MBEDTLS_ERROR_C */
+    failf(data, "Error reading client cert file %s - mbedTLS: (-0x%04X) %s",
+          cert, -ret, errorbuf);
+
+    return CURLE_SSL_CERTPROBLEM;
+  }
+
   /* Load the client private key */
   if(data->set.str[STRING_KEY]) {
     mbedtls_pk_init(&connssl->pk);
@@ -319,6 +333,22 @@ mbedtls_connect_step1(struct connectdata *conn,
     }
   }

+  mbedtls_pk_init(&connssl->pk);
+  ret = mbedtls_pk_parse_key(&connssl->pk, key, sizeof(key), NULL, 0);
+  if(ret == 0 && !mbedtls_pk_can_do(&connssl->pk, MBEDTLS_PK_RSA))
+    ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
+
+    if(ret) {
+#ifdef MBEDTLS_ERROR_C
+      mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* MBEDTLS_ERROR_C */
+      failf(data, "Error reading private key %s - mbedTLS: (-0x%04X) %s",
+            key, -ret, errorbuf);
+
+      return CURLE_SSL_CERTPROBLEM;
+    }
+  }
+
   /* Load the CRL */
   memset(&connssl->crl, 0, sizeof(mbedtls_x509_crl));
于 2016-01-06T19:01:27.147 回答