From cdd4d80aecb29f98d325b5389bdcc0813a37abfd Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Sat, 28 Jun 2025 22:50:16 -0600 Subject: [PATCH] gnutls: add support for client key URLs separate from client certs --- conn/config.c | 3 +++ conn/gnutls.c | 8 ++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/conn/config.c b/conn/config.c index e45e81bd7..161e8e584 100644 --- a/conn/config.c +++ b/conn/config.c @@ -74,6 +74,9 @@ static struct ConfigDef ConnVarsSsl[] = { { "ssl_client_cert", DT_PATH|D_PATH_FILE, 0, 0, NULL, "File containing client certificates" }, + { "ssl_client_key", DT_PATH|D_PATH_FILE, 0, 0, NULL, + "File containing client certificate key" + }, { "ssl_force_tls", DT_BOOL, true, 0, NULL, "(ssl) Require TLS encryption for all connections" }, diff --git a/conn/gnutls.c b/conn/gnutls.c index 536948e6e..379580871 100644 --- a/conn/gnutls.c +++ b/conn/gnutls.c @@ -897,9 +897,13 @@ static int tls_negotiate(struct Connection *conn) const char *const c_ssl_client_cert = cs_subset_path(NeoMutt->sub, "ssl_client_cert"); if (c_ssl_client_cert) { - mutt_debug(LL_DEBUG2, "Using client certificate %s\n", c_ssl_client_cert); + const char *c_ssl_client_key = cs_subset_path(NeoMutt->sub, "ssl_client_key"); + if (!c_ssl_client_key) + c_ssl_client_key = c_ssl_client_cert; + + mutt_debug(LL_DEBUG2, "Using client certificate %s, key %s\n", c_ssl_client_cert, c_ssl_client_key); gnutls_certificate_set_x509_key_file(data->xcred, c_ssl_client_cert, - c_ssl_client_cert, GNUTLS_X509_FMT_PEM); + c_ssl_client_key, GNUTLS_X509_FMT_PEM); } #ifdef HAVE_DECL_GNUTLS_VERIFY_DISABLE_TIME_CHECKS -- 2.49.0