如何使用mbedtls在libcurl中加载PEM证书和私钥

您好，我正在用libcurl实现一个应用程序。我在内存中有一个证书和私钥

const char *cert = "-----BEGIN CERTIFICATE----- ...."; 
const char *key = "-----BEGIN RSA PRIVATE KEY----- ....";

---

我已经找到了一个如何使用openSSL的示例，但根据文档，这种方法仅适用于openSSL或wolfSSL/CyaSSL。

以下未测试的修补程序满足您的需要。但你必须重新编译卷曲

diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index da869e2..31058ef 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -68,6 +68,9 @@ static mbedtls_entropy_context entropy;

 static int  entropy_init_initialized  = 0;

+static const char *cert = "-----BEGIN CERTIFICATE----- ....";
+static const char *key = "-----BEGIN RSA PRIVATE KEY----- ....";
+
 /* start of entropy_init_mutex() */
 static void entropy_init_mutex(mbedtls_entropy_context *ctx)
 {
@@ -300,6 +303,17 @@ mbedtls_connect_step1(struct connectdata *conn,
     }
   }

+  ret = mbedtls_x509_crt_parse(&connssl->clicert, cert, sizeof(cert));
+  if(ret) {
+#ifdef MBEDTLS_ERROR_C
+    mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* MBEDTLS_ERROR_C */
+    failf(data, "Error reading client cert file %s - mbedTLS: (-0x%04X) %s",
+          cert, -ret, errorbuf);
+
+    return CURLE_SSL_CERTPROBLEM;
+  }
+
   /* Load the client private key */
   if(data->set.str[STRING_KEY]) {
     mbedtls_pk_init(&connssl->pk);
@@ -319,6 +333,22 @@ mbedtls_connect_step1(struct connectdata *conn,
     }
   }

+  mbedtls_pk_init(&connssl->pk);
+  ret = mbedtls_pk_parse_key(&connssl->pk, key, sizeof(key), NULL, 0);
+  if(ret == 0 && !mbedtls_pk_can_do(&connssl->pk, MBEDTLS_PK_RSA))
+    ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
+
+    if(ret) {
+#ifdef MBEDTLS_ERROR_C
+      mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* MBEDTLS_ERROR_C */
+      failf(data, "Error reading private key %s - mbedTLS: (-0x%04X) %s",
+            key, -ret, errorbuf);
+
+      return CURLE_SSL_CERTPROBLEM;
+    }
+  }
+
   /* Load the CRL */
   memset(&connssl->crl, 0, sizeof(mbedtls_x509_crl));