OpenSSL: Fix private key password handling with OpenSSL >= 1.1.0f

author Beniamino Galvani <bgalvani@redhat.com>

Sun, 9 Jul 2017 09:14:10 +0000 (11:14 +0200)

committer Jouni Malinen <j@w1.fi>

Mon, 17 Jul 2017 08:57:16 +0000 (11:57 +0300)
author Beniamino Galvani <bgalvani@redhat.com>
Sun, 9 Jul 2017 09:14:10 +0000 (11:14 +0200)
committer Jouni Malinen <j@w1.fi>
Mon, 17 Jul 2017 08:57:16 +0000 (11:57 +0300)
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c

index fd94eaf4642238cef2e381661e596b7472bd9e4f..c790b53eac427473791653634646fee0d25b6067 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2796,6 +2796,15 @@ static int tls_connection_private_key(struct tls_data *data,
         } else
                 passwd = NULL;
  
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+       /*
+        * In OpenSSL >= 1.1.0f SSL_use_PrivateKey_file() uses the callback
+        * from the SSL object. See OpenSSL commit d61461a75253.
+        */
+       SSL_set_default_passwd_cb(conn->ssl, tls_passwd_cb);
+       SSL_set_default_passwd_cb_userdata(conn->ssl, passwd);
+#endif /* >= 1.1.0f && !LibreSSL */
+       /* Keep these for OpenSSL < 1.1.0f */
         SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
         SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
  
@@ -2886,6 +2895,9 @@ static int tls_connection_private_key(struct tls_data *data,
                 return -1;
         }
         ERR_clear_error();
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+       SSL_set_default_passwd_cb(conn->ssl, NULL);
+#endif /* >= 1.1.0f && !LibreSSL */
         SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
         os_free(passwd);
author	Beniamino Galvani <bgalvani@redhat.com>
	Sun, 9 Jul 2017 09:14:10 +0000 (11:14 +0200)
committer	Jouni Malinen <j@w1.fi>
	Mon, 17 Jul 2017 08:57:16 +0000 (11:57 +0300)