Skip to content

Commit 3337930

Browse files
authored
add ssl/tls key option (RsyncProject#216)
Improves rsync-ssl configurability.
1 parent 44cc148 commit 3337930

File tree

2 files changed

+13
-3
lines changed

2 files changed

+13
-3
lines changed

rsync-ssl

+11-3
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,15 @@ function rsync_ssl_helper {
7474
gnutls_cert_opt=""
7575
else
7676
certopt="-cert$optsep$RSYNC_SSL_CERT"
77-
gnutls_cert_opt="--x509keyfile=$RSYNC_SSL_CERT"
77+
gnutls_cert_opt="--x509certfile=$RSYNC_SSL_CERT"
78+
fi
79+
80+
if [[ -z "$RSYNC_SSL_KEY" ]]; then
81+
keyopt=""
82+
gnutls_key_opt=""
83+
else
84+
keyopt="-key$optsep$RSYNC_SSL_KEY"
85+
gnutls_key_opt="--x509keyfile=$RSYNC_SSL_KEY"
7886
fi
7987

8088
if [[ -z ${RSYNC_SSL_CA_CERT+x} ]]; then
@@ -129,9 +137,9 @@ function rsync_ssl_helper {
129137
fi
130138

131139
if [[ $RSYNC_SSL_TYPE == openssl ]]; then
132-
exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
140+
exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt $keyopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
133141
elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
134-
exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
142+
exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_key_opt $gnutls_opts $hostname:$port
135143
else
136144
# devzero@web.de came up with this no-tmpfile calling syntax:
137145
exec $RSYNC_SSL_STUNNEL -fd 10 11<&0 <<EOF 10<&0 0<&11 11<&-

rsync-ssl.1.md

+2
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,8 @@ The ssl helper scripts are affected by the following environment variables:
4646
value to the helper script.)
4747
0. `RSYNC_SSL_CERT` If specified, the value is a filename that contains a
4848
certificate to use for the connection.
49+
0. `RSYNC_SSL_KEY` If specified, the value is a filename that contains a
50+
key for the provided certificate to use for the connection.
4951
0. `RSYNC_SSL_CA_CERT` If specified, the value is a filename that contains a
5052
certificate authority certificate that is used to validate the connection.
5153
0. `RSYNC_SSL_OPENSSL` Specifies the openssl executable to run when the

0 commit comments

Comments
 (0)