TLS: Add a debug information on unsupported private key format

Provide easier to understand reason for failure to use the old
OpenSSL encrypted private key format.

Signed-hostap: Jouni Malinen <j@w1.fi>

diff --git a/src/tls/tlsv1_cred.c b/src/tls/tlsv1_cred.c
index 3e07245ec6aae195169cc356eca3b37013e4fca7..d84648097e93c073347f33d5c356d0ee64f20b9f 100644 (file)
--- a/src/tls/tlsv1_cred.c
+++ b/src/tls/tlsv1_cred.c
@@ -244,10 +244,17 @@ static struct crypto_private_key * tlsv1_set_key_pem(const u8 *key, size_t len)
                if (!end)
                        return NULL;
        } else {
+               const u8 *pos2;
                pos += os_strlen(pem_key_begin);
                end = search_tag(pem_key_end, pos, key + len - pos);
                if (!end)
                        return NULL;
+               pos2 = search_tag("Proc-Type: 4,ENCRYPTED", pos, end - pos);
+               if (pos2) {
+                       wpa_printf(MSG_DEBUG, "TLSv1: Unsupported private key "
+                                  "format (Proc-Type/DEK-Info)");
+                       return NULL;
+               }
        }
 
        der = base64_decode(pos, end - pos, &der_len);