Add support for password protected key file to ssl_client2
The example application programs/ssl/ssl_client2 allows the
configuration of a client CRT through the parameters
- crt_file, key_file
However, password protected key files are not supported.
This commit adds a new command line option
- key_pwd
which allow to specify a password for the key file specified
in the key_file parameter.
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 2e8e105..62ca1cb 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -103,6 +103,7 @@
#define DFL_CRT_FILE ""
#define DFL_KEY_FILE ""
#define DFL_KEY_OPAQUE 0
+#define DFL_KEY_PWD ""
#define DFL_PSK ""
#define DFL_PSK_OPAQUE 0
#define DFL_PSK_IDENTITY "Client_identity"
@@ -487,6 +488,7 @@
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
int ca_callback; /* Use callback for trusted certificate list */
#endif
+ const char *key_pwd; /* the password for the client key */
const char *psk; /* the pre-shared key */
const char *psk_identity; /* the pre-shared key identity */
const char *ecjpake_pw; /* the EC J-PAKE password */
@@ -1251,6 +1253,7 @@
opt.crt_file = DFL_CRT_FILE;
opt.key_file = DFL_KEY_FILE;
opt.key_opaque = DFL_KEY_OPAQUE;
+ opt.key_pwd = DFL_KEY_PWD;
opt.psk = DFL_PSK;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
opt.psk_opaque = DFL_PSK_OPAQUE;
@@ -1396,6 +1399,8 @@
opt.cid_val_renego = q;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+ else if( strcmp( p, "key_pwd" ) == 0 )
+ opt.key_pwd = q;
else if( strcmp( p, "psk" ) == 0 )
opt.psk = q;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -2079,7 +2084,7 @@
else
#if defined(MBEDTLS_FS_IO)
if( strlen( opt.key_file ) )
- ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" );
+ ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, opt.key_pwd );
else
#endif
#if defined(MBEDTLS_CERTS_C)