httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kbr...@apache.org
Subject svn commit: r1563417 - in /httpd/httpd/trunk/modules/ssl: ssl_engine_init.c ssl_engine_pphrase.c ssl_private.h
Date Sat, 01 Feb 2014 13:57:06 GMT
Author: kbrand
Date: Sat Feb  1 13:57:06 2014
New Revision: 1563417

URL: http://svn.apache.org/r1563417
Log:
Followup fix for r1553824:

also pass the file name to ssl_load_encrypted_pkey, to make sure that we
retry with the same filename we used for SSL_CTX_use_PrivateKey_file first

Modified:
    httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
    httpd/httpd/trunk/modules/ssl/ssl_engine_pphrase.c
    httpd/httpd/trunk/modules/ssl/ssl_private.h

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1563417&r1=1563416&r2=1563417&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Sat Feb  1 13:57:06 2014
@@ -928,8 +928,10 @@ static apr_status_t ssl_init_server_cert
             EVP_PKEY *pkey;
             const unsigned char *ptr;
 
+            ERR_clear_error();
+
             /* perhaps it's an encrypted private key, so try again */
-            ssl_load_encrypted_pkey(s, ptemp, i, &pphrases);
+            ssl_load_encrypted_pkey(s, ptemp, i, keyfile, &pphrases);
 
             if (!(asn1 = ssl_asn1_table_get(mc->tPrivateKey, key_id)) ||
                 !(ptr = asn1->cpData) ||

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_pphrase.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_pphrase.c?rev=1563417&r1=1563416&r2=1563417&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_pphrase.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_pphrase.c Sat Feb  1 13:57:06 2014
@@ -129,6 +129,7 @@ static char *pphrase_array_get(apr_array
 }
 
 apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx,
+                                     const char *pkey_file,
                                      apr_array_header_t **pphrases)
 {
     SSLModConfigRec *mc = myModConfig(s);
@@ -145,19 +146,15 @@ apr_status_t ssl_load_encrypted_pkey(ser
     apr_status_t rv;
     pphrase_cb_arg_t ppcb_arg;
 
-    ppcb_arg.pkey_file = APR_ARRAY_IDX(sc->server->pks->key_files, idx,
-                                       const char *);
-
-    if (!ppcb_arg.pkey_file) {
+    if (!pkey_file) {
          ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02573)
                       "Init: No private key specified for %s", key_id);
          return ssl_die(s);
     }
-    else if ((rv = exists_and_readable(ppcb_arg.pkey_file, p,
-                                       &pkey_mtime)) != APR_SUCCESS ) {
+    else if ((rv = exists_and_readable(pkey_file, p, &pkey_mtime))
+             != APR_SUCCESS ) {
          ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, APLOGNO(02574)
-                      "Init: Can't open server private key file %s",
-                      ppcb_arg.pkey_file);
+                      "Init: Can't open server private key file %s", pkey_file);
          return ssl_die(s);
     }
 
@@ -170,6 +167,7 @@ apr_status_t ssl_load_encrypted_pkey(ser
     ppcb_arg.nPassPhraseDialogCur  = 0;
     ppcb_arg.bPassPhraseDialogOnce = TRUE;
     ppcb_arg.key_id                = key_id;
+    ppcb_arg.pkey_file             = pkey_file;
 
     /*
      * if the private key is encrypted and SSLPassPhraseDialog

Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=1563417&r1=1563416&r2=1563417&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_private.h Sat Feb  1 13:57:06 2014
@@ -841,7 +841,7 @@ int          ssl_init_ssl_connection(con
 
 /**  Pass Phrase Support  */
 apr_status_t ssl_load_encrypted_pkey(server_rec *, apr_pool_t *, int,
-                                     apr_array_header_t **);
+                                     const char *, apr_array_header_t **);
 
 /**  Diffie-Hellman Parameter Support  */
 DH           *ssl_dh_GetParamFromFile(const char *);



Mime
View raw message