johanels/rclone
1
0
Fork 0
mirror of https://github.com/rclone/rclone.git synced 2025-12-11 22:14:05 +01:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

fs: tls: add --client-pass support for encrypted --client-key files

Browse Source 
This also widens the supported types

- Unencrypted PKCS#1 ("BEGIN RSA PRIVATE KEY")
- Unencrypted PKCS#8 ("BEGIN PRIVATE KEY")
- Encrypted PKCS#8 ("BEGIN ENCRYPTED PRIVATE KEY")
- Legacy PEM encryption (e.g., DEK-Info headers), which are automatically detected.
This commit is contained in:
Nick Craig-Wood
2025-08-20 16:27:42 +01:00
parent e7a2b322ec
commit cfd0d28742
4 changed files with 303 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docs/content/docs.md
View File

@@ -3000,6 +3000,20 @@ The `--client-key` flag is required too when using this.
This loads the PEM encoded client side private key used for mutual TLS
authentication. Used in conjunction with `--client-cert`.
Supported types are:
- Unencrypted PKCS#1 ("BEGIN RSA PRIVATE KEY")
- Unencrypted PKCS#8 ("BEGIN PRIVATE KEY")
- Encrypted PKCS#8 ("BEGIN ENCRYPTED PRIVATE KEY")
- Legacy PEM encryption (e.g., DEK-Info headers), which are automatically detected.
### --client-pass string
This can be used to supply an optional password to decrypt the client key file.
**NB** the password should be obscured so it should be the output of
`rclone obscure YOURPASSWORD`.
### --no-check-certificate
`--no-check-certificate` controls whether a client verifies the