s.setCertificateAuthoritiesPath(ca_path);
}
+ Pathname client_cert( url.getQueryParam("ssl_clientcert") );
+ if( ! client_cert.empty())
+ {
+ if( !PathInfo(client_cert).isFile() || !client_cert.absolute())
+ ZYPP_THROW(MediaBadUrlException(url, "Invalid ssl_clientcert file"));
+ else
+ s.setClientCertificatePath(client_cert);
+ }
+
param = url.getQueryParam( "proxy" );
if ( ! param.empty() )
{
SET_OPTION(CURLOPT_CAPATH, _settings.certificateAuthoritiesPath().c_str());
}
+ if( ! _settings.clientCertificatePath().empty() )
+ {
+ SET_OPTION(CURLOPT_SSLCERT, _settings.clientCertificatePath().c_str());
+ }
+
#ifdef CURLSSLOPT_ALLOW_BEAST
// see bnc#779177
ret = curl_easy_setopt( _curl, CURLOPT_SSL_OPTIONS, CURLSSLOPT_ALLOW_BEAST );
* - 'peer': Verifies whether the certificate provided by the
* server is authentic against the chain of digital signatures
* found in <tt>ssl_capath</tt>.
+ * - <tt>ssl_clientcert</tt>
+ * Path to a ssl client certificate for authentication to a repo.
* - <tt>timeout</tt>:
* Transfer timeout in seconds between 0 and 3600, 0 disables
* the timeout, default timeout is 180 seconds.
bool _verify_host;
bool _verify_peer;
Pathname _ca_path;
+ Pathname _client_cert_path;
// workarounds
bool _head_requests_allowed;
return _impl->_verify_peer;
}
+Pathname TransferSettings::clientCertificatePath() const
+{
+ return _impl->_client_cert_path;
+}
+
+void TransferSettings::setClientCertificatePath( const zypp::Pathname &path )
+{
+ _impl->_client_cert_path = path;
+}
+
void TransferSettings::setVerifyPeerEnabled( bool enabled )
{
*/
bool headRequestsAllowed() const;
+ /**
+ * SSL client certificate file
+ */
+ Pathname clientCertificatePath() const;
+
+ /**
+ * Sets the SSL client certificate file
+ */
+ void setClientCertificatePath( const zypp::Pathname &path );
+
protected:
class Impl;
RWCOW_pointer<Impl> _impl;