From f911a23c8cd52789aeb8dce5ad0fed70268d027e Mon Sep 17 00:00:00 2001 From: DongHun Kwak Date: Tue, 1 Nov 2016 10:33:53 +0900 Subject: [PATCH] Imported Upstream version 14.38.6 Change-Id: I121687cc965f4c4c1b2fa66a3180512928799788 Signed-off-by: DongHun Kwak --- VERSION.cmake | 4 ++-- package/libzypp.changes | 7 +++++++ zypp/media/MediaCurl.cc | 12 ++++++++++++ zypp/media/MediaManager.h | 4 +++- zypp/media/TransferSettings.cc | 11 +++++++++++ zypp/media/TransferSettings.h | 10 ++++++++++ 6 files changed, 45 insertions(+), 3 deletions(-) diff --git a/VERSION.cmake b/VERSION.cmake index 9a1436d..5775ce4 100644 --- a/VERSION.cmake +++ b/VERSION.cmake @@ -61,8 +61,8 @@ SET(LIBZYPP_MAJOR "14") SET(LIBZYPP_COMPATMINOR "30") SET(LIBZYPP_MINOR "38") -SET(LIBZYPP_PATCH "5") +SET(LIBZYPP_PATCH "6") # -# LAST RELEASED: 14.38.5 (30) +# LAST RELEASED: 14.38.6 (30) # (The number in parenthesis is LIBZYPP_COMPATMINOR) #======= diff --git a/package/libzypp.changes b/package/libzypp.changes index fdb8702..f3d338d 100644 --- a/package/libzypp.changes +++ b/package/libzypp.changes @@ -1,4 +1,11 @@ ------------------------------------------------------------------- +Tue Jun 2 16:56:13 CEST 2015 - ma@suse.de + +- Fix SSL client certificate authentication via URL option + ssl_clientcert/ssl_clientkey (bnc#932393) +- version 14.38.6 (30) + +------------------------------------------------------------------- Mon Jun 1 16:14:04 CEST 2015 - ma@suse.de - FindFileConflicts: avoid nested exception on user abort (bnc#931601) diff --git a/zypp/media/MediaCurl.cc b/zypp/media/MediaCurl.cc index 871395c..7ed3f50 100644 --- a/zypp/media/MediaCurl.cc +++ b/zypp/media/MediaCurl.cc @@ -295,6 +295,14 @@ void fillSettingsFromUrl( const Url &url, TransferSettings &s ) else s.setClientCertificatePath(client_cert); } + Pathname client_key( url.getQueryParam("ssl_clientkey") ); + if( ! client_key.empty()) + { + if( !PathInfo(client_key).isFile() || !client_key.absolute()) + ZYPP_THROW(MediaBadUrlException(url, "Invalid ssl_clientkey file")); + else + s.setClientKeyPath(client_key); + } param = url.getQueryParam( "proxy" ); if ( ! param.empty() ) @@ -632,6 +640,10 @@ void MediaCurl::setupEasy() { SET_OPTION(CURLOPT_SSLCERT, _settings.clientCertificatePath().c_str()); } + if( ! _settings.clientKeyPath().empty() ) + { + SET_OPTION(CURLOPT_SSLKEY, _settings.clientKeyPath().c_str()); + } #ifdef CURLSSLOPT_ALLOW_BEAST // see bnc#779177 diff --git a/zypp/media/MediaManager.h b/zypp/media/MediaManager.h index 2e953de..049da47 100644 --- a/zypp/media/MediaManager.h +++ b/zypp/media/MediaManager.h @@ -409,7 +409,9 @@ namespace zypp * server is authentic against the chain of digital signatures * found in ssl_capath. * - ssl_clientcert - * Path to a ssl client certificate for authentication to a repo. + * Path to the ssl client certificate for authentication to a repo (CURLOPT_SSLCERT). + * - ssl_clientkey + * Path to the ssl client key for authentication to a repo (CURLOPT_SSLKEY). * - timeout: * Transfer timeout in seconds between 0 and 3600, 0 disables * the timeout, default timeout is 180 seconds. diff --git a/zypp/media/TransferSettings.cc b/zypp/media/TransferSettings.cc index faf57d7..f5edfb6 100644 --- a/zypp/media/TransferSettings.cc +++ b/zypp/media/TransferSettings.cc @@ -76,6 +76,7 @@ public: bool _verify_peer; Pathname _ca_path; Pathname _client_cert_path; + Pathname _client_key_path; // workarounds bool _head_requests_allowed; @@ -287,6 +288,16 @@ void TransferSettings::setClientCertificatePath( const zypp::Pathname &path ) _impl->_client_cert_path = path; } +Pathname TransferSettings::clientKeyPath() const +{ + return _impl->_client_key_path; +} + +void TransferSettings::setClientKeyPath( const zypp::Pathname &path ) +{ + _impl->_client_key_path = path; +} + void TransferSettings::setVerifyPeerEnabled( bool enabled ) { diff --git a/zypp/media/TransferSettings.h b/zypp/media/TransferSettings.h index 210b586..759bd5b 100644 --- a/zypp/media/TransferSettings.h +++ b/zypp/media/TransferSettings.h @@ -264,6 +264,16 @@ public: */ void setClientCertificatePath( const zypp::Pathname &path ); + /** + * SSL client key file + */ + Pathname clientKeyPath() const; + + /** + * Sets the SSL client key file + */ + void setClientKeyPath( const zypp::Pathname &path ); + protected: class Impl; RWCOW_pointer _impl; -- 2.7.4