Add support for CURLOPT_PINNEDPUBLICKEY (#391)

yoavk · web-flow · commit 19313129e3a4 · 2021-05-04T14:09:52.000-05:00
* Implement CURLOPT_PINNEDPUBLICKEY setter

* Implement in Easy wrapper

* rustfmt
diff --git a/curl-sys/lib.rs b/curl-sys/lib.rs
@@ -584,6 +584,7 @@ pub const CURLOPT_SSL_OPTIONS: CURLoption = CURLOPTTYPE_LONG + 216;
 // pub const CURLOPT_DNS_LOCAL_IP6: CURLoption = CURLOPTTYPE_OBJECTPOINT + 223;
 // pub const CURLOPT_LOGIN_OPTIONS: CURLoption = CURLOPTTYPE_OBJECTPOINT + 224;
 pub const CURLOPT_EXPECT_100_TIMEOUT_MS: CURLoption = CURLOPTTYPE_LONG + 227;
+pub const CURLOPT_PINNEDPUBLICKEY: CURLoption = CURLOPTTYPE_OBJECTPOINT + 230;
 pub const CURLOPT_UNIX_SOCKET_PATH: CURLoption = CURLOPTTYPE_OBJECTPOINT + 231;
 pub const CURLOPT_PATH_AS_IS: CURLoption = CURLOPTTYPE_LONG + 234;
 pub const CURLOPT_PIPEWAIT: CURLoption = CURLOPTTYPE_LONG + 237;
diff --git a/src/easy/handle.rs b/src/easy/handle.rs
@@ -1087,6 +1087,11 @@ impl Easy {
         self.inner.ssl_options(bits)
     }
 
+    /// Same as [`Easy2::pinned_public_key`](struct.Easy2.html#method.pinned_public_key)
+    pub fn pinned_public_key(&mut self, pubkey: &str) -> Result<(), Error> {
+        self.inner.pinned_public_key(pubkey)
+    }
+
     // =========================================================================
     // getters
 
diff --git a/src/easy/handler.rs b/src/easy/handler.rs
@@ -2229,23 +2229,24 @@ impl<H> Easy2<H> {
         self.setopt_long(curl_sys::CURLOPT_CERTINFO, enable as c_long)
     }
 
-    // /// Set pinned public key.
-    // ///
-    // /// Pass a pointer to a zero terminated string as parameter. The string can
-    // /// be the file name of your pinned public key. The file format expected is
-    // /// "PEM" or "DER". The string can also be any number of base64 encoded
-    // /// sha256 hashes preceded by "sha256//" and separated by ";"
-    // ///
-    // /// When negotiating a TLS or SSL connection, the server sends a certificate
-    // /// indicating its identity. A public key is extracted from this certificate
-    // /// and if it does not exactly match the public key provided to this option,
-    // /// curl will abort the connection before sending or receiving any data.
-    // ///
-    // /// By default this option is not set and corresponds to
-    // /// `CURLOPT_PINNEDPUBLICKEY`.
-    // pub fn pinned_public_key(&mut self, enable: bool) -> Result<(), Error> {
-    //     self.setopt_long(curl_sys::CURLOPT_CERTINFO, enable as c_long)
-    // }
+    /// Set pinned public key.
+    ///
+    /// Pass a pointer to a zero terminated string as parameter. The string can
+    /// be the file name of your pinned public key. The file format expected is
+    /// "PEM" or "DER". The string can also be any number of base64 encoded
+    /// sha256 hashes preceded by "sha256//" and separated by ";"
+    ///
+    /// When negotiating a TLS or SSL connection, the server sends a certificate
+    /// indicating its identity. A public key is extracted from this certificate
+    /// and if it does not exactly match the public key provided to this option,
+    /// curl will abort the connection before sending or receiving any data.
+    ///
+    /// By default this option is not set and corresponds to
+    /// `CURLOPT_PINNEDPUBLICKEY`.
+    pub fn pinned_public_key(&mut self, pubkey: &str) -> Result<(), Error> {
+        let key = CString::new(pubkey)?;
+        self.setopt_str(curl_sys::CURLOPT_PINNEDPUBLICKEY, &key)
+    }
 
     /// Specify a source for random data
     ///
