From 0ad17741d8780e08ee6ddf321ce0361e18344f81 Mon Sep 17 00:00:00 2001 From: Kaspar Brand Date: Sat, 13 Apr 2013 11:14:55 +0000 Subject: [PATCH] Extend check for encrypted private keys: with OpenSSL versions prior to 1.0.0, inf->x_pkey->dec_pkey is always non-NULL, so also look at inf->enc_data. PR 54698. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1467593 13f79535-47bb-0310-9956-ffa450edef68 --- modules/ssl/ssl_engine_init.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index 1e851d737b..e8b6f1a9c1 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -1356,7 +1356,8 @@ static void ssl_init_proxy_certs(server_rec *s, for (n = 0; n < ncerts; n++) { X509_INFO *inf = sk_X509_INFO_value(sk, n); - if (!inf->x509 || !inf->x_pkey || !inf->x_pkey->dec_pkey) { + if (!inf->x509 || !inf->x_pkey || !inf->x_pkey->dec_pkey || + inf->enc_data) { sk_X509_INFO_free(sk); ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, APLOGNO(02252) "incomplete client cert configured for SSL proxy " -- 2.40.0