sapling

mirror of https://github.com/facebook/sapling.git synced 2024-10-10 00:45:18 +03:00

History

Arun Kulshreshtha 5ad2c03fb6 http-client: optionally convert certs to PKCS#12 Summary: Convert client certificates (which are expected to be supplied as PEM files) into an in-memory PKCS#12 archive to pass into libcurl. This is necessary on certain platforms (such as Windows) whose native crypto APIs do not support loading PEM files. This was previously landed as D27637069 (`5b759a2b52`), which unconditionally converted the certificates under the assumption that all major TLS backends support PKCS#12. That assumption is still true, but it did not account for the fact that libcurl itself is dynamically linked on some platforms (such as MacOS), and the system libcurl may be too old to support support in-memory certs (via `CURLOPT_SSLCERT_BLOB` added in libcurl version 7.71.0). This diff gates this feature behind the `http.convert-cert` config option, which we can selectively set on platforms where it is needed. Reviewed By: mzr Differential Revision: D28524444 fbshipit-source-id: 4af9cdd60b8ef3977ad81abdb8e406c63795e628	2021-05-19 10:39:45 -07:00
..
src	http-client: optionally convert certs to PKCS#12	2021-05-19 10:39:45 -07:00
Cargo.toml	http-client: optionally convert certs to PKCS#12	2021-05-19 10:39:45 -07:00

Arun Kulshreshtha 5ad2c03fb6 http-client: optionally convert certs to PKCS#12

Summary:
Convert client certificates (which are expected to be supplied as PEM files) into an in-memory PKCS#12 archive to pass into libcurl. This is necessary on certain platforms (such as Windows) whose native crypto APIs do not support loading PEM files.

This was previously landed as D27637069 (5b759a2b52), which unconditionally converted the certificates under the assumption that all major TLS backends support PKCS#12. That assumption is still true, but it did not account for the fact that libcurl itself is dynamically linked on some platforms (such as MacOS), and the system libcurl may be too old to support support in-memory certs (via `CURLOPT_SSLCERT_BLOB` added in libcurl version 7.71.0). This diff gates this feature behind the `http.convert-cert` config option, which we can selectively set on platforms where it is needed.

Reviewed By: mzr

Differential Revision: D28524444

fbshipit-source-id: 4af9cdd60b8ef3977ad81abdb8e406c63795e628

2021-05-19 10:39:45 -07:00

src http-client: optionally convert certs to PKCS#12 2021-05-19 10:39:45 -07:00

Cargo.toml http-client: optionally convert certs to PKCS#12 2021-05-19 10:39:45 -07:00