From b83efdbb996cffa340f7ee75514f043d6cbba1f7 Mon Sep 17 00:00:00 2001 From: Kaspar Brand Date: Sat, 1 Feb 2014 13:57:06 +0000 Subject: [PATCH] Followup fix for r1553824: also pass the file name to ssl_load_encrypted_pkey, to make sure that we retry with the same filename we used for SSL_CTX_use_PrivateKey_file first git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1563417 13f79535-47bb-0310-9956-ffa450edef68 --- modules/ssl/ssl_engine_init.c | 4 +++- modules/ssl/ssl_engine_pphrase.c | 14 ++++++-------- modules/ssl/ssl_private.h | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index 6ecde6a216..d8dd8c2229 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -928,8 +928,10 @@ static apr_status_t ssl_init_server_certs(server_rec *s, EVP_PKEY *pkey; const unsigned char *ptr; + ERR_clear_error(); + /* perhaps it's an encrypted private key, so try again */ - ssl_load_encrypted_pkey(s, ptemp, i, &pphrases); + ssl_load_encrypted_pkey(s, ptemp, i, keyfile, &pphrases); if (!(asn1 = ssl_asn1_table_get(mc->tPrivateKey, key_id)) || !(ptr = asn1->cpData) || diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c index d5546dd5e5..4cbf785a8a 100644 --- a/modules/ssl/ssl_engine_pphrase.c +++ b/modules/ssl/ssl_engine_pphrase.c @@ -129,6 +129,7 @@ static char *pphrase_array_get(apr_array_header_t *arr, int idx) } apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx, + const char *pkey_file, apr_array_header_t **pphrases) { SSLModConfigRec *mc = myModConfig(s); @@ -145,19 +146,15 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx, apr_status_t rv; pphrase_cb_arg_t ppcb_arg; - ppcb_arg.pkey_file = APR_ARRAY_IDX(sc->server->pks->key_files, idx, - const char *); - - if (!ppcb_arg.pkey_file) { + if (!pkey_file) { ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02573) "Init: No private key specified for %s", key_id); return ssl_die(s); } - else if ((rv = exists_and_readable(ppcb_arg.pkey_file, p, - &pkey_mtime)) != APR_SUCCESS ) { + else if ((rv = exists_and_readable(pkey_file, p, &pkey_mtime)) + != APR_SUCCESS ) { ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, APLOGNO(02574) - "Init: Can't open server private key file %s", - ppcb_arg.pkey_file); + "Init: Can't open server private key file %s", pkey_file); return ssl_die(s); } @@ -170,6 +167,7 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx, ppcb_arg.nPassPhraseDialogCur = 0; ppcb_arg.bPassPhraseDialogOnce = TRUE; ppcb_arg.key_id = key_id; + ppcb_arg.pkey_file = pkey_file; /* * if the private key is encrypted and SSLPassPhraseDialog diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h index 87b178a37b..f6d465346c 100644 --- a/modules/ssl/ssl_private.h +++ b/modules/ssl/ssl_private.h @@ -841,7 +841,7 @@ int ssl_init_ssl_connection(conn_rec *c, request_rec *r); /** Pass Phrase Support */ apr_status_t ssl_load_encrypted_pkey(server_rec *, apr_pool_t *, int, - apr_array_header_t **); + const char *, apr_array_header_t **); /** Diffie-Hellman Parameter Support */ DH *ssl_dh_GetParamFromFile(const char *); -- 2.50.1