Fix regression with password protected private keys (polarssl)

Between versions 1.2.7 and 1.2.8, polarssl changed the errors
returned by the X509 parsing functions, which broke the OpenVPN
implementation for password protected private keys in polarssl
builds. This patch fixes that by checking for the new errors in
OpenVPN.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <5432E951.6020405@fox-it.com>
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c
index e3e3017650e44cdce86279fbc34b534ff2927859..aba405be88a989c4d13af235833f0c93d311fe14 100644 (file)
--- a/src/openvpn/ssl_polarssl.c
+++ b/src/openvpn/ssl_polarssl.c
@@ -273,7 +273,7 @@ tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file,
       status = x509parse_key(ctx->priv_key,
          priv_key_file_inline, strlen(priv_key_file_inline),
          NULL, 0);
-      if (POLARSSL_ERR_PEM_PASSWORD_REQUIRED == status)
+      if (POLARSSL_ERR_X509_PASSWORD_REQUIRED == status)
        {
          char passbuf[512] = {0};
          pem_password_callback(passbuf, 512, 0, NULL);
@@ -285,7 +285,7 @@ tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file,
   else
     {
       status = x509parse_keyfile(ctx->priv_key, priv_key_file, NULL);
-      if (POLARSSL_ERR_PEM_PASSWORD_REQUIRED == status)
+      if (POLARSSL_ERR_X509_PASSWORD_REQUIRED == status)
        {
          char passbuf[512] = {0};
          pem_password_callback(passbuf, 512, 0, NULL);
@@ -295,7 +295,7 @@ tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file,
   if (0 != status)
     {
 #ifdef ENABLE_MANAGEMENT
-      if (management && (POLARSSL_ERR_PEM_PASSWORD_MISMATCH == status))
+      if (management && (POLARSSL_ERR_X509_PASSWORD_MISMATCH == status))
          management_auth_failure (management, UP_TYPE_PRIVATE_KEY, NULL);
 #endif
       msg (M_WARN, "Cannot load private key file %s", priv_key_file);