]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d2ccc19) | patch
BUG/MINOR: ssl: Encrypted keys could not be loaded when given alongside certificate
authorRemi Tricot-Le Breton <rlebreton@haproxy.com>
Mon, 26 Jan 2026 10:54:45 +0000 (11:54 +0100)
committerWilliam Lallemand <wlallemand@haproxy.com>
Mon, 26 Jan 2026 13:09:13 +0000 (14:09 +0100)
commit9b1faee4c972cbe74919fe01ac77b00225f46c43
tree10e2ba6d1c3e48af6830d34fae11ca553eef4f00tree | snapshot
parentd2ccc19fde2ce9af5379d4ab796e5b1307efaccacommit | diff
BUG/MINOR: ssl: Encrypted keys could not be loaded when given alongside certificate

The SSL passphrase callback function was only called when loading
private keys from a dedicated file (separate from the corresponding
certificate) but not when both the certificate and the key were in the
same file.
We can now load them properly, regardless of how they are provided.
A flas had to be added in the 'passphrase_cb_data' structure because in
the 'ssl_sock_load_pem_into_ckch' function, when calling
'PEM_read_bio_PrivateKey' there might be no private key in the PEM file
which would mean that the callback never gets called (and cannot set the
'passphrase_idx' to -1).

This patch can be backported to 3.3.
include/haproxy/ssl_sock-t.h diff | blob | blame | history
src/ssl_ckch.c diff | blob | blame | history
src/ssl_sock.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git