SET(LIBZYPP_MAJOR "14")
SET(LIBZYPP_COMPATMINOR "30")
SET(LIBZYPP_MINOR "38")
-SET(LIBZYPP_PATCH "5")
+SET(LIBZYPP_PATCH "6")
#
-# LAST RELEASED: 14.38.5 (30)
+# LAST RELEASED: 14.38.6 (30)
# (The number in parenthesis is LIBZYPP_COMPATMINOR)
#=======
-------------------------------------------------------------------
+Tue Jun 2 16:56:13 CEST 2015 - ma@suse.de
+
+- Fix SSL client certificate authentication via URL option
+ ssl_clientcert/ssl_clientkey (bnc#932393)
+- version 14.38.6 (30)
+
+-------------------------------------------------------------------
Mon Jun 1 16:14:04 CEST 2015 - ma@suse.de
- FindFileConflicts: avoid nested exception on user abort (bnc#931601)
else
s.setClientCertificatePath(client_cert);
}
+ Pathname client_key( url.getQueryParam("ssl_clientkey") );
+ if( ! client_key.empty())
+ {
+ if( !PathInfo(client_key).isFile() || !client_key.absolute())
+ ZYPP_THROW(MediaBadUrlException(url, "Invalid ssl_clientkey file"));
+ else
+ s.setClientKeyPath(client_key);
+ }
param = url.getQueryParam( "proxy" );
if ( ! param.empty() )
{
SET_OPTION(CURLOPT_SSLCERT, _settings.clientCertificatePath().c_str());
}
+ if( ! _settings.clientKeyPath().empty() )
+ {
+ SET_OPTION(CURLOPT_SSLKEY, _settings.clientKeyPath().c_str());
+ }
#ifdef CURLSSLOPT_ALLOW_BEAST
// see bnc#779177
* server is authentic against the chain of digital signatures
* found in <tt>ssl_capath</tt>.
* - <tt>ssl_clientcert</tt>
- * Path to a ssl client certificate for authentication to a repo.
+ * Path to the ssl client certificate for authentication to a repo (CURLOPT_SSLCERT).
+ * - <tt>ssl_clientkey</tt>
+ * Path to the ssl client key for authentication to a repo (CURLOPT_SSLKEY).
* - <tt>timeout</tt>:
* Transfer timeout in seconds between 0 and 3600, 0 disables
* the timeout, default timeout is 180 seconds.
bool _verify_peer;
Pathname _ca_path;
Pathname _client_cert_path;
+ Pathname _client_key_path;
// workarounds
bool _head_requests_allowed;
_impl->_client_cert_path = path;
}
+Pathname TransferSettings::clientKeyPath() const
+{
+ return _impl->_client_key_path;
+}
+
+void TransferSettings::setClientKeyPath( const zypp::Pathname &path )
+{
+ _impl->_client_key_path = path;
+}
+
void TransferSettings::setVerifyPeerEnabled( bool enabled )
{
*/
void setClientCertificatePath( const zypp::Pathname &path );
+ /**
+ * SSL client key file
+ */
+ Pathname clientKeyPath() const;
+
+ /**
+ * Sets the SSL client key file
+ */
+ void setClientKeyPath( const zypp::Pathname &path );
+
protected:
class Impl;
RWCOW_pointer<Impl> _impl;