From: Steffan Karger Date: Fri, 19 Sep 2014 04:19:13 +0000 (+0200) Subject: Fix regression with password protected private keys (polarssl) X-Git-Tag: v2.4_alpha1~369 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4b9eaa1ee40648f101deb4ebf07a04cd5b5400e9;p=thirdparty%2Fopenvpn.git Fix regression with password protected private keys (polarssl) Between versions 1.2 and 1.3, polarssl changed the errors returned by the X509 parsing functions, which broke the OpenVPN implementation for password protected private keys in polarssl builds. This patch fixes that by checking for the new errors in OpenVPN. Signed-off-by: Steffan Karger Acked-by: Gert Doering Message-Id: <5432E951.6020405@fox-it.com> Signed-off-by: Gert Doering --- diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c index 62c110b4d..387e63697 100644 --- a/src/openvpn/ssl_polarssl.c +++ b/src/openvpn/ssl_polarssl.c @@ -298,7 +298,7 @@ tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file, (const unsigned char *) priv_key_inline, strlen(priv_key_inline), NULL, 0); - if (POLARSSL_ERR_PEM_PASSWORD_REQUIRED == status) + if (POLARSSL_ERR_PK_PASSWORD_REQUIRED == status) { char passbuf[512] = {0}; pem_password_callback(passbuf, 512, 0, NULL); @@ -310,7 +310,7 @@ tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file, else { status = pk_parse_keyfile(ctx->priv_key, priv_key_file, NULL); - if (POLARSSL_ERR_PEM_PASSWORD_REQUIRED == status) + if (POLARSSL_ERR_PK_PASSWORD_REQUIRED == status) { char passbuf[512] = {0}; pem_password_callback(passbuf, 512, 0, NULL); @@ -320,7 +320,7 @@ tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file, if (0 != status) { #ifdef ENABLE_MANAGEMENT - if (management && (POLARSSL_ERR_PEM_PASSWORD_MISMATCH == status)) + if (management && (POLARSSL_ERR_PK_PASSWORD_MISMATCH == status)) management_auth_failure (management, UP_TYPE_PRIVATE_KEY, NULL); #endif msg (M_WARN, "Cannot load private key file %s", priv_key_file);