Add support for password protected key file to ssl_client2

The example application programs/ssl/ssl_client2 allows the configuration of a client CRT through the parameters - crt_file, key_file However, password protected key files are not supported. This commit adds a new command line option - key_pwd which allow to specify a password for the key file specified in the key_file parameter.
2025-11-04 10:35:02 +00:00 · 2018-11-07 16:22:14 +00:00 · 2018-11-07 16:22:14 +00:00 · ca04fdc2cc
parent e58a630cb0
commit ca04fdc2cc
1 changed files with 6 additions and 1 deletions
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -103,6 +103,7 @@ int main( void )
 #define DFL_CRT_FILE            ""
 #define DFL_KEY_FILE            ""
 #define DFL_KEY_OPAQUE          0
+#define DFL_KEY_PWD             ""
 #define DFL_PSK                 ""
 #define DFL_PSK_OPAQUE          0
 #define DFL_PSK_IDENTITY        "Client_identity"
@ -487,6 +488,7 @@ struct options
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
    int ca_callback;            /* Use callback for trusted certificate list */
 #endif
+    const char *key_pwd;        /* the password for the client key          */
    const char *psk;            /* the pre-shared key                       */
    const char *psk_identity;   /* the pre-shared key identity              */
    const char *ecjpake_pw;     /* the EC J-PAKE password                   */
@ -1251,6 +1253,7 @@ int main( int argc, char *argv[] )
    opt.crt_file            = DFL_CRT_FILE;
    opt.key_file            = DFL_KEY_FILE;
    opt.key_opaque          = DFL_KEY_OPAQUE;
+    opt.key_pwd             = DFL_KEY_PWD;
    opt.psk                 = DFL_PSK;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
    opt.psk_opaque          = DFL_PSK_OPAQUE;
@ -1396,6 +1399,8 @@ int main( int argc, char *argv[] )
            opt.cid_val_renego = q;
        }
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+        else if( strcmp( p, "key_pwd" ) == 0 )
+            opt.key_pwd = q;
        else if( strcmp( p, "psk" ) == 0 )
            opt.psk = q;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -2079,7 +2084,7 @@ int main( int argc, char *argv[] )
    else
 #if defined(MBEDTLS_FS_IO)
    if( strlen( opt.key_file ) )
-        ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" );
+        ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, opt.key_pwd );
    else
 #endif
 #if defined(MBEDTLS_CERTS_C)