HTTPS Proxy: Implement CURLOPT_PROXY_PINNEDPUBLICKEY

author: Thomas Glanzmann <thomas@glanzmann.de> 2016-11-25 10:47:25 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2016-11-25 10:49:38 +0100
commit: 4f8b17743d7c55a0bfb48463238c88564875ae47 (patch)
tree: ea77a17d0cc904146e5bd17909c5c4dfbe1002ea /lib/vtls/nss.c
parent: 1232dbb8bd49b5502834ae9dd9f7ab1cb7a88b7b (diff)
download: curl-4f8b17743d7c55a0bfb48463238c88564875ae47.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 91b8e05cc..efb19e6e7 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1926,6 +1926,10 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
   PRUint32 timeout;
   long * const certverifyresult = SSL_IS_PROXY() ?
     &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
+  const char * const pinnedpubkey = SSL_IS_PROXY() ?
+              data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
+              data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
+
 
   /* check timeout situation */
   const long time_left = Curl_timeleft(data, NULL, TRUE);
@@ -1971,7 +1975,7 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
     }
   }
 
-  result = cmp_peer_pubkey(connssl, data->set.str[STRING_SSL_PINNEDPUBLICKEY]);
+  result = cmp_peer_pubkey(connssl, pinnedpubkey);
   if(result)
     /* status already printed */
     goto error;
author	Thomas Glanzmann <thomas@glanzmann.de>	2016-11-25 10:47:25 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2016-11-25 10:49:38 +0100
commit	4f8b17743d7c55a0bfb48463238c88564875ae47 (patch)
tree	ea77a17d0cc904146e5bd17909c5c4dfbe1002ea /lib/vtls/nss.c
parent	1232dbb8bd49b5502834ae9dd9f7ab1cb7a88b7b (diff)
download	curl-4f8b17743d7c55a0bfb48463238c88564875ae47.tar.gz