#
-# $Id: cf.data.pre,v 1.354 2004/08/14 21:15:15 hno Exp $
+# $Id: cf.data.pre,v 1.355 2004/09/25 15:46:44 hno Exp $
#
#
# SQUID Web Proxy Cache http://www.squid-cache.org/
to OpenSSL.
DOC_END
+NAME: sslpassword_program
+IFDEF: USE_SSL
+DEFAULT: none
+LOC: Config.Program.ssl_password
+TYPE: string
+DOC_START
+ Specify a program used for entering SSL key passphrases
+ when using encrypted SSL certificate keys. If not specified
+ keys must either be unencrypted, or Squid started with the -N
+ option to allow it to query interactively for the passphrase.
+DOC_END
+
NAME: icp_port udp_port
TYPE: ushort
DEFAULT: 0
/*
- * $Id: ssl_support.cc,v 1.15 2003/04/19 22:19:45 hno Exp $
+ * $Id: ssl_support.cc,v 1.16 2004/09/25 15:46:44 hno Exp $
*
* AUTHOR: Benno Rice
* DEBUG: section 83 SSL accelerator support
#include "squid.h"
#include "fde.h"
+static int
+ssl_ask_password_cb(char *buf, int size, int rwflag, void *userdata)
+{
+ FILE *in;
+ int len = 0;
+ char cmdline[1024];
+
+ snprintf(cmdline, sizeof(cmdline), "\"%s\" \"%s\"", Config.Program.ssl_password, (const char *)userdata);
+ in = popen(cmdline, "r");
+
+ if (fgets(buf, size, in))
+
+ len = strlen(buf);
+
+ while (len > 0 && (buf[len - 1] == '\n' || buf[len - 1] == '\r'))
+
+ len--;
+
+ buf[len] = '\0';
+
+ pclose(in);
+
+ return len;
+}
+
+static void
+ssl_ask_password(SSL_CTX * context, const char * prompt)
+{
+ if (Config.Program.ssl_password) {
+ SSL_CTX_set_default_passwd_cb(context, ssl_ask_password_cb);
+ SSL_CTX_set_default_passwd_cb_userdata(context, (void *)prompt);
+ }
+}
+
static RSA *
ssl_temp_rsa_cb(SSL * ssl, int anInt, int keylen)
{
}
debug(83, 1) ("Using private key in %s\n", keyfile);
+ ssl_ask_password(sslContext, keyfile);
if (!SSL_CTX_use_PrivateKey_file(sslContext, keyfile, SSL_FILETYPE_PEM)) {
ssl_error = ERR_get_error();
}
debug(83, 1) ("Using private key in %s\n", keyfile);
+ ssl_ask_password(sslContext, keyfile);
if (!SSL_CTX_use_PrivateKey_file(sslContext, keyfile, SSL_FILETYPE_PEM)) {
ssl_error = ERR_get_error();