From: Daan De Meyer Date: Wed, 6 Nov 2024 17:07:11 +0000 (+0100) Subject: openssl-util: Set expected object type to private keys X-Git-Tag: v257-rc2~60^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5619a61829fa50063f53fe3d406683faf8f43900;p=thirdparty%2Fsystemd.git openssl-util: Set expected object type to private keys Configures the store to only try to fetch private keys and nothing else. --- diff --git a/src/shared/openssl-util.c b/src/shared/openssl-util.c index 5688d541141..914f30989bb 100644 --- a/src/shared/openssl-util.c +++ b/src/shared/openssl-util.c @@ -1340,6 +1340,9 @@ static int load_key_from_provider( if (!store) return log_openssl_errors("Failed to open OpenSSL store via '%s'", private_key_uri); + if (OSSL_STORE_expect(store, OSSL_STORE_INFO_PKEY) == 0) + return log_openssl_errors("Failed to filter store by private keys"); + _cleanup_(OSSL_STORE_INFO_freep) OSSL_STORE_INFO *info = OSSL_STORE_load(store); if (!info) return log_openssl_errors("Failed to load OpenSSL store via '%s'", private_key_uri);