Created
August 25, 2011 18:34
-
-
Save andj/1171400 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- /tmp/removed123.txt 2011-08-25 20:33:49.899831556 +0200 | |
+++ /tmp/added123.txt 2011-08-25 20:33:49.919841556 +0200 | |
@@ -1,4 +1,25 @@ | |
--- a/ssl.c | |
+++ b/ssl.c | |
+ if (0 != tls_ctx_load_priv_file(new_ctx, options->priv_key_file, options->priv_key_file_inline)) | |
+++ b/ssl_backend.h | |
+ * Load private key file into the given TLS context. | |
+ * | |
+ * @param ctx TLS context to use | |
+ * @param priv_key_file The file name to load the private key from, or | |
+ * "[[INLINE]]" in the case of inline files. | |
+ * @param priv_key_file_inline A string containing the private key | |
+ * | |
+ * @return 1 if an error occurred, 0 if parsing was | |
+ * successful. | |
+ */ | |
+int tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file | |
+#if ENABLE_INLINE_FILES | |
+ , const char *priv_key_file_inline | |
+#endif | |
+ ); | |
+ | |
+/** | |
+++ b/ssl_openssl.c | |
+#if ENABLE_INLINE_FILES | |
static int | |
use_inline_PrivateKey_file (SSL_CTX *ctx, const char *key_string) | |
{ | |
@@ -26,19 +47,28 @@ | |
BIO_free (in); | |
return ret; | |
} | |
+#endif /* ENABLE_INLINE_FILES */ | |
+ | |
+int | |
+tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file | |
+#if ENABLE_INLINE_FILES | |
+ , const char *priv_key_file_inline | |
+#endif | |
+ ) | |
+{ | |
+ ASSERT(NULL != ctx); | |
- /* Use seperate PEM files for key, cert and CA certs */ | |
int status; | |
#if ENABLE_INLINE_FILES | |
- if (!strcmp (options->priv_key_file, INLINE_FILE_TAG) && options->priv_key_file_inline) | |
+ if (!strcmp (priv_key_file, INLINE_FILE_TAG) && priv_key_file_inline) | |
{ | |
- status = use_inline_PrivateKey_file (ctx, options->priv_key_file_inline); | |
+ status = use_inline_PrivateKey_file (ctx->ctx, priv_key_file_inline); | |
} | |
else | |
-#endif | |
+#endif /* ENABLE_INLINE_FILES */ | |
{ | |
- status = SSL_CTX_use_PrivateKey_file (ctx, options->priv_key_file, SSL_FILETYPE_PEM); | |
+ status = SSL_CTX_use_PrivateKey_file (ctx->ctx, priv_key_file, SSL_FILETYPE_PEM); | |
} | |
if (!status) | |
{ | |
@@ -46,12 +76,15 @@ | |
if (management && (ERR_GET_REASON (ERR_peek_error()) == EVP_R_BAD_DECRYPT)) | |
management_auth_failure (management, UP_TYPE_PRIVATE_KEY, NULL); | |
#endif | |
- msg (M_WARN|M_SSL, "Cannot load private key file %s", options->priv_key_file); | |
- warn_if_group_others_accessible (options->priv_key_file); | |
+ msg (M_WARN|M_SSL, "Cannot load private key file %s", priv_key_file); | |
+ return 1; | |
+ } | |
+ warn_if_group_others_accessible (priv_key_file); | |
/* Check Private Key */ | |
- if (!SSL_CTX_check_private_key (ctx)) | |
+ if (!SSL_CTX_check_private_key (ctx->ctx)) | |
msg (M_SSLERR, "Private key does not match the certificate"); | |
+ return 0; | |
+ | |
} | |
--- a/ssl_backend.h | |
--- a/ssl_openssl.c | |
+ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment