add support for DER and P12 certs (#2411) (#2413)

* add support for DER and P12 certs (#2411) https://curl.haxx.se/libcurl/c/CURLOPT_SSLCERTTYPE.html * add test for P12/DER cert types * dont fail test because of cleanup error Co-authored-by: Razvan Grigore <razvan.grigore@aboutyou.com>
guzzle · Mar 10, 2021 · 9687c73 · 9687c73
1 parent da94ef2
commit 9687c73
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 0 deletions.
diff --git a/src/Handler/CurlFactory.php b/src/Handler/CurlFactory.php
@@ -456,6 +456,12 @@ private function applyHandlerOptions(EasyHandle $easy, array &$conf): void
             if (!\file_exists($cert)) {
                 throw new \InvalidArgumentException("SSL certificate not found: {$cert}");
             }
+            # OpenSSL (versions 0.9.3 and later) also support "P12" for PKCS#12-encoded files.
+            # see https://curl.se/libcurl/c/CURLOPT_SSLCERTTYPE.html
+            $ext = pathinfo($cert, \PATHINFO_EXTENSION);
+            if (preg_match('#^(der|p12)$#i', $ext)) {
+                $conf[\CURLOPT_SSLCERTTYPE] = strtoupper($ext);
+            }
             $conf[\CURLOPT_SSLCERT] = $cert;
         }
 

diff --git a/tests/Handler/CurlFactoryTest.php b/tests/Handler/CurlFactoryTest.php
@@ -277,6 +277,34 @@ public function testAddsCertWithPassword()
         self::assertEquals('test', $_SERVER['_curl'][\CURLOPT_SSLCERTPASSWD]);
     }
 
+    public function testAddsDerCert()
+    {
+        $certFile = tempnam(sys_get_temp_dir(), "mock_test_cert");
+        rename($certFile, $certFile .= '.der');
+        try {
+            $f = new Handler\CurlFactory(3);
+            $f->create(new Psr7\Request('GET', Server::$url), ['cert' => $certFile]);
+            self::assertArrayHasKey(\CURLOPT_SSLCERTTYPE, $_SERVER['_curl']);
+            self::assertEquals('DER', $_SERVER['_curl'][\CURLOPT_SSLCERTTYPE]);
+        } finally {
+            @\unlink($certFile);
+        }
+    }
+
+    public function testAddsP12Cert()
+    {
+        $certFile = tempnam(sys_get_temp_dir(), "mock_test_cert");
+        rename($certFile, $certFile .= '.p12');
+        try {
+            $f = new Handler\CurlFactory(3);
+            $f->create(new Psr7\Request('GET', Server::$url), ['cert' => $certFile]);
+            self::assertArrayHasKey(\CURLOPT_SSLCERTTYPE, $_SERVER['_curl']);
+            self::assertEquals('P12', $_SERVER['_curl'][\CURLOPT_SSLCERTTYPE]);
+        } finally {
+            @\unlink($certFile);
+        }
+    }
+
     public function testValidatesProgress()
     {
         $f = new Handler\CurlFactory(3);