@@ -599,6 +599,9 @@ channel_op_res_t channel_set_options(channel_t *this, channel_data_t *channel_da
(curl_easy_setopt(channel_curl->handle,
CURLOPT_SSLKEY,
channel_data->sslkey) != CURLE_OK) ||
+ (curl_easy_setopt(channel_curl->handle,
+ CURLOPT_KEYPASSWD,
+ channel_data->sslkeypassword) != CURLE_OK) ||
(curl_easy_setopt(channel_curl->handle,
CURLOPT_SSLCERT,
channel_data->sslcert) != CURLE_OK) ||
@@ -37,6 +37,9 @@ int channel_settings(void *elem, void *data)
GET_FIELD_STRING_RESET(LIBCFG_PARSER, elem, "sslkey", tmp);
if (strlen(tmp))
SETSTRING(chan->sslkey, tmp);
+ GET_FIELD_STRING_RESET(LIBCFG_PARSER, elem, "sslkeypassword", tmp);
+ if (strlen(tmp))
+ SETSTRING(chan->sslkeypassword, tmp);
GET_FIELD_STRING_RESET(LIBCFG_PARSER, elem, "ciphers", tmp);
if (strlen(tmp))
SETSTRING(chan->ciphers, tmp);
@@ -55,6 +55,7 @@ typedef struct {
bool dry_run;
char *cafile;
char *sslkey;
+ char *sslkeypassword;
char *sslcert;
char *ciphers;
char *proxy;
@@ -525,6 +525,7 @@ static void channel_push_options(lua_State *L, channel_data_t *channel_data)
push_to_table(L, "dry_run", channel_data->dry_run);
push_to_table(L, "cafile", channel_data->cafile);
push_to_table(L, "sslkey", channel_data->sslkey);
+ push_to_table(L, "sslkeypassword", channel_data->sslkeypassword);
push_to_table(L, "sslcert", channel_data->sslcert);
push_to_table(L, "ciphers", channel_data->ciphers);
if (channel_data->proxy && channel_data->proxy == USE_PROXY_ENV) {
@@ -571,6 +572,7 @@ static void channel_set_options(lua_State *L, channel_data_t *channel_data)
get_from_table(L, "dry_run", channel_data->dry_run);
get_from_table(L, "cafile", channel_data->cafile, COPY_DEST);
get_from_table(L, "sslkey", channel_data->sslkey, COPY_DEST);
+ get_from_table(L, "sslkeypassword", channel_data->sslkeypassword, COPY_DEST);
get_from_table(L, "sslcert", channel_data->sslcert, COPY_DEST);
get_from_table(L, "ciphers", channel_data->ciphers, COPY_DEST);
get_from_table(L, "info", channel_data->info, COPY_DEST);
@@ -623,6 +625,7 @@ static void channel_free_options(channel_data_t *channel_data)
free(channel_data->iface);
free(channel_data->cafile);
free(channel_data->sslkey);
+ free(channel_data->sslkeypassword);
free(channel_data->sslcert);
free(channel_data->ciphers);
if (channel_data->proxy && channel_data->proxy != USE_PROXY_ENV) {
This enables encrypted SSL keys to be used e.g. when mTLS is used to authenticate with Hawkbit behind reverse-proxy Signed-off-by: Kuba Sanak <contact@kuba.fyi> --- corelib/channel_curl.c | 3 +++ corelib/server_utils.c | 3 +++ include/channel_curl.h | 1 + suricatta/server_lua.c | 3 +++ 4 files changed, 10 insertions(+) -- 2.43.0