From 3cb208f7c443fcd0eef67ff2346c4eb33fb1a7c8 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Dec 16 2020 16:36:50 +0000
Subject: import librepo-1.12.0-3.el8


---

diff --git a/SOURCES/0002-Add-support-for-pkcs11-certificate-and-key-for-repos.patch b/SOURCES/0002-Add-support-for-pkcs11-certificate-and-key-for-repos.patch
new file mode 100644
index 0000000..d4ab6f5
--- /dev/null
+++ b/SOURCES/0002-Add-support-for-pkcs11-certificate-and-key-for-repos.patch
@@ -0,0 +1,40 @@
+From 1e7673d07308081f13e7bb1829cfed2ccd865ea0 Mon Sep 17 00:00:00 2001
+From: Masahiro Matsuya <mmatsuya@redhat.com>
+Date: Fri, 13 Nov 2020 17:37:59 +0100
+Subject: [PATCH] Add support for pkcs11 certificate and key for repository
+ authorization
+
+msg: Add support for pkcs11 certificate and key for repository authorization
+type: enhancement
+resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1859495
+---
+ librepo/handle.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/librepo/handle.c b/librepo/handle.c
+index d8728c4..33edf5d 100644
+--- a/librepo/handle.c
++++ b/librepo/handle.c
+@@ -649,6 +649,9 @@ lr_handle_setopt(LrHandle *handle,
+             lr_free(handle->sslclientcert);
+         handle->sslclientcert = g_strdup(va_arg(arg, char *));
+         c_rc = curl_easy_setopt(c_h, CURLOPT_SSLCERT, handle->sslclientcert);
++        if (c_rc == CURLE_OK && handle->sslclientcert && !strncasecmp(handle->sslclientcert, "pkcs11:", 7)) {
++            c_rc = curl_easy_setopt(c_h, CURLOPT_SSLCERTTYPE, "ENG");
++        }
+         break;
+ 
+     case LRO_SSLCLIENTKEY:
+@@ -656,6 +659,9 @@ lr_handle_setopt(LrHandle *handle,
+             lr_free(handle->sslclientkey);
+         handle->sslclientkey = g_strdup(va_arg(arg, char *));
+         c_rc = curl_easy_setopt(c_h, CURLOPT_SSLKEY, handle->sslclientkey);
++        if (c_rc == CURLE_OK && handle->sslclientkey && !strncasecmp(handle->sslclientkey, "pkcs11:", 7)) {
++            c_rc = curl_easy_setopt(c_h, CURLOPT_SSLKEYTYPE, "ENG");
++        }
+         break;
+ 
+     case LRO_SSLCACERT:
+-- 
+2.26.2
+
diff --git a/SPECS/librepo.spec b/SPECS/librepo.spec
index fc8c142..4ed5503 100644
--- a/SPECS/librepo.spec
+++ b/SPECS/librepo.spec
@@ -27,7 +27,7 @@
 
 Name:           librepo
 Version:        1.12.0
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Repodata downloading library
 
 License:        LGPLv2+
@@ -35,6 +35,7 @@ URL:            https://github.com/rpm-software-management/librepo
 Source0:        %{url}/archive/%{version}/%{name}-%{version}.tar.gz
 
 Patch1:         0001-Validate-path-read-from-repomd.xml-RhBug-1866498.patch
+Patch2:         0002-Add-support-for-pkcs11-certificate-and-key-for-repos.patch
 
 BuildRequires:  cmake
 BuildRequires:  gcc
@@ -192,6 +193,9 @@ popd
 %endif
 
 %changelog
+* Tue Dec 15 2020 Marek Blaha <mblaha@redhat.com> - 1.12.0-3
+- Add support for pkcs11 certificate and key for repository authorization (RhBug:1859495)
+
 * Mon Aug 17 2020 Ales Matej <amatej@redhat.com> - 1.12.0-2
 - Validate paths read from repomd.xml (RhBug:1866505)