diff --git a/NEWS b/NEWS index e69de29..47d3cae 100644 --- a/NEWS +++ b/NEWS @@ -0,0 +1,9 @@ +2021-04-06 + + - added option "-C --client-certfile=FILE" + + This option allows to specify a PEM file to use as client certificate + when connecting to a mirror-url over https. + + Ex. : spoa-mirror --client-certfile=/path/ssl/clientcert.pem \ + --mirror-url https://vip_sslclient_yourdomain.com/ ... diff --git a/README b/README index 011fdf2..b646d08 100644 --- a/README +++ b/README @@ -92,6 +92,7 @@ Options are: -B, --libev-backend=TYPE Specify the libev backend type (default: AUTO). -b, --connection-backlog=VALUE Specify the connection backlog size (default: 10). -c, --capability=NAME Enable the support of the specified capability. + -C, --client-certfile=FILE Specifies a PEM file to use as client certificate. -D, --daemonize Run this program as a daemon. -F, --pidfile=FILE Specifies a file to write the process-id to. -h, --help Show this text. diff --git a/include/types/main.h b/include/types/main.h index 5ab393e..eecc043 100644 --- a/include/types/main.h +++ b/include/types/main.h @@ -1,5 +1,6 @@ /*** * Copyright 2018-2020 HAProxy Technologies + * Copyright 2021 Verizon Media, Pierre Belanger * * This file is part of spoa-mirror. * @@ -74,6 +75,7 @@ struct config_data { const char *pidfile; int pidfile_fd; uint ev_backend; + const char *client_certfile; #ifdef HAVE_LIBCURL char *mir_url; const char *mir_address; diff --git a/src/curl.c b/src/curl.c index 2d02671..bfaf7d5 100644 --- a/src/curl.c +++ b/src/curl.c @@ -1,5 +1,6 @@ /*** * Copyright 2018-2020 HAProxy Technologies + * Copyright 2021 Verizon Media, Pierre Belanger * * This file is part of spoa-mirror. * @@ -979,6 +980,9 @@ int mir_curl_add(struct curl_data *curl, struct mirror *mir) CURL_ERR_EASY("Failed to set read timeout", rc); else if ((rc = mir_curl_add_keepalive(con, 1, CURL_KEEPIDLE_TIME, CURL_KEEPINTVL_TIME)) != CURLE_OK) /* Do nothing. */; + else if ((rc = curl_easy_setopt(con->easy, CURLOPT_SSLCERT, cfg.client_certfile)) != CURLE_OK) + CURL_ERR_EASY("Failed to set client_certfile", rc); + else if ((rc = mir_curl_add_post(con, mir)) == CURLE_OK) { CURL_DBG("Adding easy %p to multi %p (%s)", con->easy, curl->multi, mir->url); diff --git a/src/main.c b/src/main.c index dabc1b4..d0f8efa 100644 --- a/src/main.c +++ b/src/main.c @@ -1,5 +1,6 @@ /*** * Copyright 2018-2020 HAProxy Technologies + * Copyright 2021 Verizon Media, Pierre Belanger * * This file is part of spoa-mirror. * @@ -64,6 +65,7 @@ static void usage(const char *program_name, bool_t flag_verbose) (void)printf(" -B, --libev-backend=TYPE Specify the libev backend type (default: AUTO).\n"); (void)printf(" -b, --connection-backlog=VALUE Specify the connection backlog size (default: %d).\n", DEFAULT_CONNECTION_BACKLOG); (void)printf(" -c, --capability=NAME Enable the support of the specified capability.\n"); + (void)printf(" -C, --client-certfile=FILE Specifies a PEM file to use as client certificate.\n"); (void)printf(" -D, --daemonize Run this program as a daemon.\n"); #ifdef DEBUG (void)printf(" -d, --debug=LEVEL Enable and specify the debug mode level (default: %d).\n", DEFAULT_DEBUG_LEVEL); @@ -348,6 +350,7 @@ int main(int argc, char **argv, char **envp __maybe_unused) { "libev-backend", required_argument, NULL, 'B' }, { "connection-backlog", required_argument, NULL, 'b' }, { "capability", required_argument, NULL, 'c' }, + { "client-certfile", required_argument, NULL, 'C' }, { "daemonize", no_argument, NULL, 'D' }, { "debug", required_argument, NULL, 'd' }, { "pidfile", required_argument, NULL, 'F' }, @@ -394,6 +397,8 @@ int main(int argc, char **argv, char **envp __maybe_unused) cfg.connection_backlog = atoi(optarg); else if (c == 'c') flag_error |= _OK(getopt_set_capability(optarg)) ? 0 : 1; + else if (c == 'C') + cfg.client_certfile = optarg; else if (c == 'D') cfg.opt_flags |= FLAG_OPT_DAEMONIZE; #ifdef DEBUG