diff options
Diffstat (limited to 'home/pim/0001-gnutls-add-support-for-client-key-URLs-separate-from.patch')
| -rw-r--r-- | home/pim/0001-gnutls-add-support-for-client-key-URLs-separate-from.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/home/pim/0001-gnutls-add-support-for-client-key-URLs-separate-from.patch b/home/pim/0001-gnutls-add-support-for-client-key-URLs-separate-from.patch new file mode 100644 index 0000000..792a528 --- /dev/null +++ b/home/pim/0001-gnutls-add-support-for-client-key-URLs-separate-from.patch @@ -0,0 +1,48 @@ +From cdd4d80aecb29f98d325b5389bdcc0813a37abfd Mon Sep 17 00:00:00 2001 +From: Alejandro Soto <alejandro@34project.org> +Date: Sat, 28 Jun 2025 22:50:16 -0600 +Subject: [PATCH] gnutls: add support for client key URLs separate from client + certs + +--- + conn/config.c | 3 +++ + conn/gnutls.c | 8 ++++++-- + 2 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/conn/config.c b/conn/config.c +index e45e81bd7..161e8e584 100644 +--- a/conn/config.c ++++ b/conn/config.c +@@ -74,6 +74,9 @@ static struct ConfigDef ConnVarsSsl[] = { + { "ssl_client_cert", DT_PATH|D_PATH_FILE, 0, 0, NULL, + "File containing client certificates" + }, ++ { "ssl_client_key", DT_PATH|D_PATH_FILE, 0, 0, NULL, ++ "File containing client certificate key" ++ }, + { "ssl_force_tls", DT_BOOL, true, 0, NULL, + "(ssl) Require TLS encryption for all connections" + }, +diff --git a/conn/gnutls.c b/conn/gnutls.c +index 536948e6e..379580871 100644 +--- a/conn/gnutls.c ++++ b/conn/gnutls.c +@@ -897,9 +897,13 @@ static int tls_negotiate(struct Connection *conn) + const char *const c_ssl_client_cert = cs_subset_path(NeoMutt->sub, "ssl_client_cert"); + if (c_ssl_client_cert) + { +- mutt_debug(LL_DEBUG2, "Using client certificate %s\n", c_ssl_client_cert); ++ const char *c_ssl_client_key = cs_subset_path(NeoMutt->sub, "ssl_client_key"); ++ if (!c_ssl_client_key) ++ c_ssl_client_key = c_ssl_client_cert; ++ ++ mutt_debug(LL_DEBUG2, "Using client certificate %s, key %s\n", c_ssl_client_cert, c_ssl_client_key); + gnutls_certificate_set_x509_key_file(data->xcred, c_ssl_client_cert, +- c_ssl_client_cert, GNUTLS_X509_FMT_PEM); ++ c_ssl_client_key, GNUTLS_X509_FMT_PEM); + } + + #ifdef HAVE_DECL_GNUTLS_VERIFY_DISABLE_TIME_CHECKS +-- +2.49.0 + |