From aa7f9b006c76f69109c79f55dd3d1ef53ab7c12b Mon Sep 17 00:00:00 2001
From: Santtu Lakkala <santtu.lakkala@jolla.com>
Date: Thu, 16 Jan 2020 10:48:09 +0200
Subject: [PATCH] [gsupplicant] Allow private key without client cert.
 Contributes to JB#48581

Allow definition of network with private_key set, but client_cert not
set, as this is the format wpa_supplicant expects PKCS#12 bundles to be
used. Reject requests with client_cert but no private_key.
---
 src/gsupplicant_interface.c | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/src/gsupplicant_interface.c b/src/gsupplicant_interface.c
index a01d88c..caa34af 100644
--- a/src/gsupplicant_interface.c
+++ b/src/gsupplicant_interface.c
@@ -520,6 +520,8 @@ gsupplicant_interface_add_network_args_security_eap(
         gsupplicant_check_blob_or_abs_path(np->ca_cert_file, blobs);
     const char* client_cert =
         gsupplicant_check_blob_or_abs_path(np->client_cert_file, blobs);
+    const char* private_key =
+        gsupplicant_check_blob_or_abs_path(np->private_key_file, blobs);
     const char* method = gsupplicant_eap_method_name(np->eap, &found);
     GASSERT(found == np->eap); /* Only one method should be specified */
     gsupplicant_dict_add_string_ne(builder, "eap", method);
@@ -543,22 +545,19 @@ gsupplicant_interface_add_network_args_security_eap(
     gsupplicant_dict_add_string_ne(builder, "password", np->passphrase);
     gsupplicant_dict_add_string0(builder, "ca_cert", ca_cert);
     if (client_cert) {
-        if (np->private_key_file && np->private_key_file[0]) {
-            const char* private_key =
-                gsupplicant_check_blob_or_abs_path(np->private_key_file,
-                    blobs);
-            if (private_key) {
-                gsupplicant_dict_add_string(builder, "client_cert",
-                    client_cert);
-                gsupplicant_dict_add_string(builder, "private_key",
-                    private_key);
-                gsupplicant_dict_add_string_ne(builder, "private_key_passwd",
-                    np->private_key_passphrase);
-            }
+        if (private_key) {
+            gsupplicant_dict_add_string(builder, "client_cert",
+                client_cert);
         } else {
             GWARN("Missing private key");
         }
     }
+    if (private_key) {
+        gsupplicant_dict_add_string(builder, "private_key",
+            private_key);
+        gsupplicant_dict_add_string_ne(builder, "private_key_passwd",
+            np->private_key_passphrase);
+    }
     gsupplicant_dict_add_string_ne(builder, "domain_match",
         np->domain_match);
     gsupplicant_dict_add_string_ne(builder, "subject_match",