yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-11-04 10:35:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add support for password protected key file to ssl_client2

Browse source 
The example application programs/ssl/ssl_client2 allows the
configuration of a client CRT through the parameters
- crt_file, key_file
However, password protected key files are not supported.

This commit adds a new command line option
- key_pwd
which allow to specify a password for the key file specified
in the key_file parameter.
This commit is contained in:
Hanno Becker 2018-11-07 16:22:14 +00:00
parent e58a630cb0
commit ca04fdc2cc
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
programs/ssl/ssl_client2.c
View file

@ -103,6 +103,7 @@ int main( void )
#define DFL_CRT_FILE "" #define DFL_CRT_FILE ""
#define DFL_KEY_FILE "" #define DFL_KEY_FILE ""
#define DFL_KEY_OPAQUE 0 #define DFL_KEY_OPAQUE 0
#define DFL_KEY_PWD ""
#define DFL_PSK "" #define DFL_PSK ""
#define DFL_PSK_OPAQUE 0 #define DFL_PSK_OPAQUE 0
#define DFL_PSK_IDENTITY "Client_identity" #define DFL_PSK_IDENTITY "Client_identity"
@ -487,6 +488,7 @@ struct options
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
int ca_callback; /* Use callback for trusted certificate list */ int ca_callback; /* Use callback for trusted certificate list */
#endif #endif
const char *key_pwd; /* the password for the client key */
const char *psk; /* the pre-shared key */ const char *psk; /* the pre-shared key */
const char *psk_identity; /* the pre-shared key identity */ const char *psk_identity; /* the pre-shared key identity */
const char *ecjpake_pw; /* the EC J-PAKE password */ const char *ecjpake_pw; /* the EC J-PAKE password */
@ -1251,6 +1253,7 @@ int main( int argc, char *argv[] )
opt.crt_file = DFL_CRT_FILE; opt.crt_file = DFL_CRT_FILE;
opt.key_file = DFL_KEY_FILE; opt.key_file = DFL_KEY_FILE;
opt.key_opaque = DFL_KEY_OPAQUE; opt.key_opaque = DFL_KEY_OPAQUE;
opt.key_pwd = DFL_KEY_PWD;
opt.psk = DFL_PSK; opt.psk = DFL_PSK;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
opt.psk_opaque = DFL_PSK_OPAQUE; opt.psk_opaque = DFL_PSK_OPAQUE;
@ -1396,6 +1399,8 @@ int main( int argc, char *argv[] )
opt.cid_val_renego = q; opt.cid_val_renego = q;
} }
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
else if( strcmp( p, "key_pwd" ) == 0 )
opt.key_pwd = q;
else if( strcmp( p, "psk" ) == 0 ) else if( strcmp( p, "psk" ) == 0 )
opt.psk = q; opt.psk = q;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -2079,7 +2084,7 @@ int main( int argc, char *argv[] )
else else
#if defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_FS_IO)
if( strlen( opt.key_file ) ) if( strlen( opt.key_file ) )
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" ); ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, opt.key_pwd );
else else
#endif #endif
#if defined(MBEDTLS_CERTS_C) #if defined(MBEDTLS_CERTS_C)