From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Mon, 20 Feb 2012 18:07:29 +0000 (+0200)
Subject: Bug fix: sslpassword_program for ssl-bump http ports
X-Git-Tag: BumpSslServerFirst.take05~12^2~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3227b30211d145832088a223ab542b6ea9ccfd1f;p=thirdparty%2Fsquid.git

Bug fix: sslpassword_program for ssl-bump http ports

Currently the sslpassword_program configuration parameter does not work
for encrypted certificate keys on ssl-bump enabled http ports, and user
always asked to give the SSL key password.

This patch fixes this problem.


This is a Measurement Factory project.
---

diff --git a/src/ssl/gadgets.cc b/src/ssl/gadgets.cc
index 5b7709a32b..248be51343 100644
--- a/src/ssl/gadgets.cc
+++ b/src/ssl/gadgets.cc
@@ -236,7 +236,7 @@ static X509 * readSslX509Certificate(char const * certFilename)
     return certificate;
 }
 
-EVP_PKEY * Ssl::readSslPrivateKey(char const * keyFilename)
+EVP_PKEY * Ssl::readSslPrivateKey(char const * keyFilename, pem_password_cb *passwd_callback)
 {
     if (!keyFilename)
         return NULL;
@@ -245,7 +245,7 @@ EVP_PKEY * Ssl::readSslPrivateKey(char const * keyFilename)
         return NULL;
     if (!BIO_read_filename(bio.get(), keyFilename))
         return NULL;
-    EVP_PKEY *pkey = PEM_read_bio_PrivateKey(bio.get(), NULL, NULL, NULL);
+    EVP_PKEY *pkey = PEM_read_bio_PrivateKey(bio.get(), NULL, passwd_callback, NULL);
     return pkey;
 }
 
diff --git a/src/ssl/gadgets.h b/src/ssl/gadgets.h
index f19a2170a3..7e82f56fca 100644
--- a/src/ssl/gadgets.h
+++ b/src/ssl/gadgets.h
@@ -123,7 +123,7 @@ bool generateSslCertificateAndPrivateKey(char const *host, X509_Pointer const &
  \ingroup SslCrtdSslAPI
  * Read private key from file. Make sure that this is not encrypted file.
  */
-EVP_PKEY * readSslPrivateKey(char const * keyFilename);
+EVP_PKEY * readSslPrivateKey(char const * keyFilename, pem_password_cb *passwd_callback = NULL);
 
 /**
  \ingroup SslCrtdSslAPI
diff --git a/src/ssl/support.cc b/src/ssl/support.cc
index b01888a9b0..e075480c8d 100644
--- a/src/ssl/support.cc
+++ b/src/ssl/support.cc
@@ -1318,7 +1318,7 @@ void Ssl::readCertChainAndPrivateKeyFromFiles(X509_Pointer & cert, EVP_PKEY_Poin
         chain.reset(sk_X509_new_null());
     if (!chain)
         debugs(83, DBG_IMPORTANT, "WARNING: unable to allocate memory for cert chain");
-    pkey.reset(readSslPrivateKey(keyFilename));
+    pkey.reset(readSslPrivateKey(keyFilename, ssl_ask_password_cb));
     cert.reset(readSslX509CertificatesChain(certFilename, chain.get()));
     if (!pkey || !cert || !X509_check_private_key(cert.get(), pkey.get())) {
         pkey.reset(NULL);