curl: fix --proxy-pinnedpubkey

This option was added in #2268 but never connected in
tool_operate.c.

Closes #14438

diff --git a/docs/cmdline-opts/proxy-pinnedpubkey.md b/docs/cmdline-opts/proxy-pinnedpubkey.md
index 6f0b52d3e6d552b439a5a5b7df5d3fa5826b26f8..df0b0bb90739ee4e42c47ddb7147e8453f1ac240 100644 (file)
--- a/docs/cmdline-opts/proxy-pinnedpubkey.md
+++ b/docs/cmdline-opts/proxy-pinnedpubkey.md
@@ -27,3 +27,5 @@ When negotiating a TLS or SSL connection, the server sends a certificate
 indicating its identity. A public key is extracted from this certificate and
 if it does not exactly match the public key provided to this option, curl
 aborts the connection before sending or receiving any data.
+
+Before curl 8.10.0 this option did not work due to a bug.

diff --git a/src/tool_operate.c b/src/tool_operate.c
index 90380063b1f2be807aeb22db45cada93c083c23e..681c83e714de39258d82339e497d049874a5ae02 100644 (file)
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -1750,6 +1750,13 @@ static CURLcode single_transfer(struct GlobalConfig *global,
             warnf(global, "ignoring %s, not supported by libcurl with %s",
                   "--pinnedpubkey", ssl_ver);
         }
+        if(config->proxy_pinnedpubkey) {
+          result = res_setopt_str(curl, CURLOPT_PROXY_PINNEDPUBLICKEY,
+                                  config->proxy_pinnedpubkey);
+          if(result == CURLE_NOT_BUILT_IN)
+            warnf(global, "ignoring %s, not supported by libcurl with %s",
+                  "--proxy-pinnedpubkey", ssl_ver);
+        }
 
         if(config->ssl_ec_curves)
           my_setopt_str(curl, CURLOPT_SSL_EC_CURVES, config->ssl_ec_curves);