1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
From cdd4d80aecb29f98d325b5389bdcc0813a37abfd Mon Sep 17 00:00:00 2001
From: Alejandro Soto <alejandro@34project.org>
Date: Sat, 28 Jun 2025 22:50:16 -0600
Subject: [PATCH] gnutls: add support for client key URLs separate from client
certs
---
conn/config.c | 3 +++
conn/gnutls.c | 8 ++++++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/conn/config.c b/conn/config.c
index e45e81bd7..161e8e584 100644
--- a/conn/config.c
+++ b/conn/config.c
@@ -74,6 +74,9 @@ static struct ConfigDef ConnVarsSsl[] = {
{ "ssl_client_cert", DT_PATH|D_PATH_FILE, 0, 0, NULL,
"File containing client certificates"
},
+ { "ssl_client_key", DT_PATH|D_PATH_FILE, 0, 0, NULL,
+ "File containing client certificate key"
+ },
{ "ssl_force_tls", DT_BOOL, true, 0, NULL,
"(ssl) Require TLS encryption for all connections"
},
diff --git a/conn/gnutls.c b/conn/gnutls.c
index 536948e6e..379580871 100644
--- a/conn/gnutls.c
+++ b/conn/gnutls.c
@@ -897,9 +897,13 @@ static int tls_negotiate(struct Connection *conn)
const char *const c_ssl_client_cert = cs_subset_path(NeoMutt->sub, "ssl_client_cert");
if (c_ssl_client_cert)
{
- mutt_debug(LL_DEBUG2, "Using client certificate %s\n", c_ssl_client_cert);
+ const char *c_ssl_client_key = cs_subset_path(NeoMutt->sub, "ssl_client_key");
+ if (!c_ssl_client_key)
+ c_ssl_client_key = c_ssl_client_cert;
+
+ mutt_debug(LL_DEBUG2, "Using client certificate %s, key %s\n", c_ssl_client_cert, c_ssl_client_key);
gnutls_certificate_set_x509_key_file(data->xcred, c_ssl_client_cert,
- c_ssl_client_cert, GNUTLS_X509_FMT_PEM);
+ c_ssl_client_key, GNUTLS_X509_FMT_PEM);
}
#ifdef HAVE_DECL_GNUTLS_VERIFY_DISABLE_TIME_CHECKS
--
2.49.0
|
