Followup fix for r1553824:

also pass the file name to ssl_load_encrypted_pkey, to make sure that we
retry with the same filename we used for SSL_CTX_use_PrivateKey_file first

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1563417 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 6ecde6a216177c9540b1369ec26a818007ed2501..d8dd8c2229a76bcb6de62d1e2f03ef8dcbc1e405 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -928,8 +928,10 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
             EVP_PKEY *pkey;
             const unsigned char *ptr;
 
+            ERR_clear_error();
+
             /* perhaps it's an encrypted private key, so try again */
-            ssl_load_encrypted_pkey(s, ptemp, i, &pphrases);
+            ssl_load_encrypted_pkey(s, ptemp, i, keyfile, &pphrases);
 
             if (!(asn1 = ssl_asn1_table_get(mc->tPrivateKey, key_id)) ||
                 !(ptr = asn1->cpData) ||

diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c
index d5546dd5e56df4f49719fa9ebcfd36251533fc98..4cbf785a8ab52db7888b718e5564767d598b40ba 100644 (file)
--- a/modules/ssl/ssl_engine_pphrase.c
+++ b/modules/ssl/ssl_engine_pphrase.c
@@ -129,6 +129,7 @@ static char *pphrase_array_get(apr_array_header_t *arr, int idx)
 }
 
 apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx,
+                                     const char *pkey_file,
                                      apr_array_header_t **pphrases)
 {
     SSLModConfigRec *mc = myModConfig(s);
@@ -145,19 +146,15 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx,
     apr_status_t rv;
     pphrase_cb_arg_t ppcb_arg;
 
-    ppcb_arg.pkey_file = APR_ARRAY_IDX(sc->server->pks->key_files, idx,
-                                       const char *);
-
-    if (!ppcb_arg.pkey_file) {
+    if (!pkey_file) {
          ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02573)
                       "Init: No private key specified for %s", key_id);
          return ssl_die(s);
     }
-    else if ((rv = exists_and_readable(ppcb_arg.pkey_file, p,
-                                       &pkey_mtime)) != APR_SUCCESS ) {
+    else if ((rv = exists_and_readable(pkey_file, p, &pkey_mtime))
+             != APR_SUCCESS ) {
          ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, APLOGNO(02574)
-                      "Init: Can't open server private key file %s",
-                      ppcb_arg.pkey_file);
+                      "Init: Can't open server private key file %s", pkey_file);
          return ssl_die(s);
     }
 
@@ -170,6 +167,7 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx,
     ppcb_arg.nPassPhraseDialogCur  = 0;
     ppcb_arg.bPassPhraseDialogOnce = TRUE;
     ppcb_arg.key_id                = key_id;
+    ppcb_arg.pkey_file             = pkey_file;
 
     /*
      * if the private key is encrypted and SSLPassPhraseDialog

diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index 87b178a37b40c1a27223c965a0990c7b332c4063..f6d465346cd92227e2433e2c0726d205f81e4538 100644 (file)
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -841,7 +841,7 @@ int          ssl_init_ssl_connection(conn_rec *c, request_rec *r);
 
 /**  Pass Phrase Support  */
 apr_status_t ssl_load_encrypted_pkey(server_rec *, apr_pool_t *, int,
-                                     apr_array_header_t **);
+                                     const char *, apr_array_header_t **);
 
 /**  Diffie-Hellman Parameter Support  */
 DH           *ssl_dh_GetParamFromFile(const char *);