Add support for ssl_key_file (as required for client certificate auth)

[jmguzmanc]

This patch allows the client to pass the SSL key file (along with the already provided SSL certificate file) to the LWP client, so that we can use a custom SSL certificate, as required by the server when client certificate authentication is required.

[g-bougard]

Hi @jmguzmanc

have you tried to merge your key file in PEM format into the file set on SSL_cert_file ?
If I remember well, IO::Socket::SSL will try to read key file from it as final chance to get it when ssl_key_file is not set.

Anyway, I agree having the option should be a good thing as this could permit to set dedicated rights on related file.

[g-bougard]

Hi @jmguzmanc

thank you for your suggestion.

Can you check my suggestion on the little mistake for the "die" missing file condition ?

Can you also update concerned scripts under bin folder so the configuration could also be used as option ? Don't worry anyway, I'll do it myself if you don't feel easy enough with that changes.

[g-bougard]

I see there a little mistake: the text is just not correct as a copy/paste of the previous test even if it doesn't include the same file value:

Suggested change

	die "non-existing client certificate file $ssl_key_file"
	die "non-existing client private key file $ssl_key_file"

[jmguzmanc]

Nice catch! fixing

[jmguzmanc]

@g-bougard, I confirm that combining private and cert in the same file, works... but it was impossible to me to know it.

So, keeping the suggestion fro this patch, I added some extra documentation, and the options in the script.

[g-bougard]

Here, I'm okay, but you also have to set ssl_key_file in the caller which for glpî-agent happens from lib/GLPI/Agent/HTTP/Client.pm around line 541. You should there insert a line at l.545 with:

                ssl_key_file => $self->{ssl_key_file},

This case is only for older environments... so no body should be concerned, but who knows ? ;-)