首页 发现 帮助
注册 登录
Apq
/
winscp
镜像自地址 https://github.com/winscp/winscp.git
1
0
派生 0
文件 工单管理 0 Wiki
浏览代码

Details on various client certificate file formats

Source commit: ef1bd43d3d085548d99824cff77b41053f80c0de
Martin Prikryl 9 年之前
父节点
2fb9797b4b
当前提交
05490f79f6
共有 1 个文件被更改,包括 27 次插入0 次删除
分列视图 显示文件统计
  1. 27 0
      source/core/Common.cpp

+ 27 - 0
source/core/Common.cpp
查看文件 

@@ -2720,6 +2720,8 @@ void __fastcall ParseCertificate(const UnicodeString & Path,
 
 

   // Inspired by neon's ne_ssl_clicert_read

   File = OpenCertificate(Path);

+  // openssl pkcs12 -inkey cert.pem -in cert.crt -export -out cert.pfx

+  // Binary file

   PKCS12 * Pkcs12 = d2i_PKCS12_fp(File, NULL);

   fclose(File);

 

@@ -2745,6 +2747,20 @@ void __fastcall ParseCertificate(const UnicodeString & Path,
 
     CallbackUserData.Passphrase = const_cast<UnicodeString *>(&Passphrase);

 

     File = OpenCertificate(Path);

+    // Encrypted:

+    // openssl req -x509 -newkey rsa:2048 -keyout cert.pem -out cert.crt

+    // -----BEGIN ENCRYPTED PRIVATE KEY-----

+    // ...

+    // -----END ENCRYPTED PRIVATE KEY-----

+

+    // Not encrypted (add -nodes):

+    // -----BEGIN PRIVATE KEY-----

+    // ...

+    // -----END PRIVATE KEY-----

+    // Or (openssl genrsa -out client.key 1024   # used for certificate signing request)

+    // -----BEGIN RSA PRIVATE KEY-----

+    // ...

+    // -----END RSA PRIVATE KEY-----

     PrivateKey = PEM_read_PrivateKey(File, NULL, PemPasswordCallback, &CallbackUserData);

     fclose(File);

 

@@ -2757,6 +2773,14 @@ void __fastcall ParseCertificate(const UnicodeString & Path,
 
       }

 

       File = OpenCertificate(Path);

+      // The file can contain both private and public key

+      // (basically cert.pem and cert.crt appended one to each other)

+      // -----BEGIN ENCRYPTED PRIVATE KEY-----

+      // ...

+      // -----END ENCRYPTED PRIVATE KEY-----

+      // -----BEGIN CERTIFICATE-----

+      // ...

+      // -----END CERTIFICATE-----

       Certificate = PEM_read_X509(File, NULL, PemPasswordCallback, &CallbackUserData);

       fclose(File);

 

@@ -2783,6 +2807,9 @@ void __fastcall ParseCertificate(const UnicodeString & Path,
 
           else

           {

             File = OpenCertificate(CertificatePath);

+            // -----BEGIN CERTIFICATE-----

+            // ...

+            // -----END CERTIFICATE-----

             Certificate = PEM_read_X509(File, NULL, PemPasswordCallback, &CallbackUserData);

             fclose(File);