Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Private key passed as a blob (ssl::KeyBlob) not working #1150

Closed
b3rgschu3tz opened this issue Dec 4, 2024 · 2 comments · Fixed by #1151
Closed

Private key passed as a blob (ssl::KeyBlob) not working #1150

b3rgschu3tz opened this issue Dec 4, 2024 · 2 comments · Fixed by #1151
Labels
Milestone

Comments

@b3rgschu3tz
Copy link
Contributor

b3rgschu3tz commented Dec 4, 2024

Description

With version 1.11.1 passing a private key as blob as described in the docs (https://docs.libcpr.org/advanced-usage.html) does not work. The following error is returned:
unable to set private key file: '(memory blob)' type PEM

Example/How to Reproduce

Like in the example:

cpr::SslOptions sslOpts = cpr::Ssl(ssl::CertFile{"cert.pem"}, ssl::KeyBlob{"-----BEGIN RSA PRIVATE KEY-----[...]"});
cpr::Response r = cpr::Get(cpr::Url{"https://www.httpbin.org/get"}, sslOpts);

Possible Fix

In the session.cpp file https://github.com/libcpr/cpr/blob/master/cpr/session.cpp#L471 the local string key_blob is assigned to the blob.data value.

...
else if (!options.key_blob.empty()) {
        std::string key_blob(options.key_blob);
        curl_blob blob{};
        // NOLINTNEXTLINE (readability-container-data-pointer)
        blob.data = &key_blob[0];
        blob.len = key_blob.length();
        curl_easy_setopt(curl_->handle, CURLOPT_SSLKEY_BLOB, &blob);
        if (!options.key_type.empty()) {
            curl_easy_setopt(curl_->handle, CURLOPT_SSLKEYTYPE, options.key_type.c_str());
        }
        if (!options.key_pass.empty()) {
            curl_easy_setopt(curl_->handle, CURLOPT_KEYPASSWD, options.key_pass.c_str());
        }
...

In the curl documentation it is stated:
If the blob is initialized with the flags member of struct curl_blob set to CURL_BLOB_COPY, the application does not have to keep the buffer around after setting this.
=> If it CURL_BLOB_COPY is not set the buffer has to be kept alive until the request is performed.
As far is I can understand key_blob will go out of scope and be destroyed after the if-branch, thus CURL_BLOB_COPY needs to be set.

When set, it works as expected.

Where did you get it from?

GitHub (branch e.g. master)

Additional Context/Your Environment

  • OS: Debian
  • Version: 1.11.1
@COM8
Copy link
Member

COM8 commented Dec 4, 2024

@b3rgschu3tz thanks for reporting! Confirmed. This is a bug. Would you like to create a PR for fix this?

@b3rgschu3tz
Copy link
Contributor Author

b3rgschu3tz commented Dec 4, 2024

@b3rgschu3tz thanks for reporting! Confirmed. This is a bug. Would you like to create a PR for fix this?

Yes, I can do that. PR is here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants