Merge branch 'js/http-pki-credential-store'

The http codepath learned to let the credential layer to cache the
password used to unlock a certificate that has successfully been
used.

* js/http-pki-credential-store:
  http: drop the check for an empty proxy password before approving
  http: store credential when PKI auth is used

diff --git a/http.c b/http.c
index 0e31fc21bc9cc7e135cb5b3e884a373391ea4018..70b0f15aefb2deaf1f29b2a0557b45558e1c2e94 100644 (file)
--- a/http.c
+++ b/http.c
@@ -1635,9 +1635,18 @@ static int handle_curl_result(struct slot_results *results)
 
        if (results->curl_result == CURLE_OK) {
                credential_approve(&http_auth);
-               if (proxy_auth.password)
-                       credential_approve(&proxy_auth);
+               credential_approve(&proxy_auth);
+               credential_approve(&cert_auth);
                return HTTP_OK;
+       } else if (results->curl_result == CURLE_SSL_CERTPROBLEM) {
+               /*
+                * We can't tell from here whether it's a bad path, bad
+                * certificate, bad password, or something else wrong
+                * with the certificate.  So we reject the credential to
+                * avoid caching or saving a bad password.
+                */
+               credential_reject(&cert_auth);
+               return HTTP_NOAUTH;
        } else if (missing_target(results))
                return HTTP_MISSING_TARGET;
        else if (results->http_code == 401) {