MINOR: added '--client-certfile' program command-line argument

This option allows to specify a PEM file to use as client certificate
when connecting to a mirror-url over https.

Author: Pierre Belanger

NEWS

@@ -0,0 +1,9 @@
+2021-04-16
+
+    - added option "-C --client-certfile=FILE"
+
+      This option allows to specify a PEM file to use as client certificate
+      when connecting to a mirror-url over https.
+
+      Ex. : spoa-mirror --client-certfile=/path/ssl/clientcert.pem \
+                        --mirror-url https://vip_sslclient_yourdomain.com/ ...

README

@@ -92,6 +92,7 @@ Options are:
   -B, --libev-backend=TYPE        Specify the libev backend type (default: AUTO).
   -b, --connection-backlog=VALUE  Specify the connection backlog size (default: 10).
   -c, --capability=NAME           Enable the support of the specified capability.
+  -C, --client-certfile=FILE      Specifies a PEM file to use as client certificate.
   -D, --daemonize                 Run this program as a daemon.
   -F, --pidfile=FILE              Specifies a file to write the process-id to.
   -h, --help                      Show this text.

include/types/main.h

@@ -1,5 +1,6 @@
 /***
  * Copyright 2018-2020 HAProxy Technologies
+ * Copyright 2021 Verizon Media, Pierre Belanger
  *
  * This file is part of spoa-mirror.
  *
@@ -74,6 +75,7 @@ struct config_data {
 	const char   *pidfile;
 	int           pidfile_fd;
 	uint          ev_backend;
+	const char   *client_certfile;
 #ifdef HAVE_LIBCURL
 	char         *mir_url;
 	const char   *mir_address;

src/curl.c

@@ -1,5 +1,6 @@
 /***
  * Copyright 2018-2020 HAProxy Technologies
+ * Copyright 2021 Verizon Media, Pierre Belanger
  *
  * This file is part of spoa-mirror.
  *
@@ -979,6 +980,9 @@ int mir_curl_add(struct curl_data *curl, struct mirror *mir)
 		CURL_ERR_EASY("Failed to set read timeout", rc);
 	else if ((rc = mir_curl_add_keepalive(con, 1, CURL_KEEPIDLE_TIME, CURL_KEEPINTVL_TIME)) != CURLE_OK)
 		/* Do nothing. */;
+	else if ((rc = curl_easy_setopt(con->easy, CURLOPT_SSLCERT, cfg.client_certfile)) != CURLE_OK)
+		CURL_ERR_EASY("Failed to set client_certfile", rc);
+
 	else if ((rc = mir_curl_add_post(con, mir)) == CURLE_OK) {
 		CURL_DBG("Adding easy %p to multi %p (%s)", con->easy, curl->multi, mir->url);
 

src/main.c

@@ -1,5 +1,6 @@
 /***
  * Copyright 2018-2020 HAProxy Technologies
+ * Copyright 2021 Verizon Media, Pierre Belanger
  *
  * This file is part of spoa-mirror.
  *
@@ -64,6 +65,7 @@ static void usage(const char *program_name, bool_t flag_verbose)
 		(void)printf("  -B, --libev-backend=TYPE        Specify the libev backend type (default: AUTO).\n");
 		(void)printf("  -b, --connection-backlog=VALUE  Specify the connection backlog size (default: %d).\n", DEFAULT_CONNECTION_BACKLOG);
 		(void)printf("  -c, --capability=NAME           Enable the support of the specified capability.\n");
+		(void)printf("  -C, --client-certfile=FILE      Specifies a PEM file to use as client certificate.\n");
 		(void)printf("  -D, --daemonize                 Run this program as a daemon.\n");
 #ifdef DEBUG
 		(void)printf("  -d, --debug=LEVEL               Enable and specify the debug mode level (default: %d).\n", DEFAULT_DEBUG_LEVEL);
@@ -348,6 +350,7 @@ int main(int argc, char **argv, char **envp __maybe_unused)
 		{ "libev-backend",      required_argument, NULL, 'B' },
 		{ "connection-backlog", required_argument, NULL, 'b' },
 		{ "capability",         required_argument, NULL, 'c' },
+		{ "client-certfile",    required_argument, NULL, 'C' },
 		{ "daemonize",          no_argument,       NULL, 'D' },
 		{ "debug",              required_argument, NULL, 'd' },
 		{ "pidfile",            required_argument, NULL, 'F' },
@@ -394,6 +397,8 @@ int main(int argc, char **argv, char **envp __maybe_unused)
 			cfg.connection_backlog = atoi(optarg);
 		else if (c == 'c')
 			flag_error |= _OK(getopt_set_capability(optarg)) ? 0 : 1;
+		else if (c == 'C')
+			cfg.client_certfile = optarg;
 		else if (c == 'D')
 			cfg.opt_flags |= FLAG_OPT_DAEMONIZE;
 #ifdef DEBUG