]> granicus.if.org Git - apache/commitdiff
projects / apache / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 258491d)
Extend check for encrypted private keys: with OpenSSL versions prior to 1.0.0,
authorKaspar Brand <kbrand@apache.org>
Sat, 13 Apr 2013 11:14:55 +0000 (11:14 +0000)
committerKaspar Brand <kbrand@apache.org>
Sat, 13 Apr 2013 11:14:55 +0000 (11:14 +0000)
inf->x_pkey->dec_pkey is always non-NULL, so also look at inf->enc_data.

PR 54698.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1467593 13f79535-47bb-0310-9956-ffa450edef68

modules/ssl/ssl_engine_init.c patch | blob | history

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 1e851d737b849e13877426c80fe85c310511fa1c..e8b6f1a9c1f9f35ac75046c2833faa41a02c9e3d 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1356,7 +1356,8 @@ static void ssl_init_proxy_certs(server_rec *s,
     for (n = 0; n < ncerts; n++) {
         X509_INFO *inf = sk_X509_INFO_value(sk, n);
 
-        if (!inf->x509 || !inf->x_pkey || !inf->x_pkey->dec_pkey) {
+        if (!inf->x509 || !inf->x_pkey || !inf->x_pkey->dec_pkey ||
+            inf->enc_data) {
             sk_X509_INFO_free(sk);
             ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, APLOGNO(02252)
                          "incomplete client cert configured for SSL proxy "
Unnamed repository; edit this file 'description' to name the repository.