Merge branch 'js/http-pki-credential-store'

The http codepath learned to let the credential layer to cache the password used to unlock a certificate that has successfully been used. * js/http-pki-credential-store: http: drop the check for an empty proxy password before approving http: store credential when PKI auth is used
2021-03-26 14:59:02 -07:00 · 2021-03-26 14:59:02 -07:00 · 8c81fce4b0
parent ed953e1076 a4a4439fdf
commit 8c81fce4b0
1 changed files with 11 additions and 2 deletions
--- a/http.c
+++ b/http.c
@ -1635,9 +1635,18 @@ static int handle_curl_result(struct slot_results *results)

 	if (results->curl_result == CURLE_OK) {
 		credential_approve(&http_auth);
-		if (proxy_auth.password)
-			credential_approve(&proxy_auth);
+		credential_approve(&proxy_auth);
+		credential_approve(&cert_auth);
 		return HTTP_OK;
+	} else if (results->curl_result == CURLE_SSL_CERTPROBLEM) {
+		/*
+		 * We can't tell from here whether it's a bad path, bad
+		 * certificate, bad password, or something else wrong
+		 * with the certificate.  So we reject the credential to
+		 * avoid caching or saving a bad password.
+		 */
+		credential_reject(&cert_auth);
+		return HTTP_NOAUTH;
 	} else if (missing_target(results))
 		return HTTP_MISSING_TARGET;
 	else if (results->http_code == 401) {