From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Tue, 21 Feb 2012 16:49:23 +0000 (+0200)
Subject: Bug fix: sslpassword_program for ssl-bump http ports
X-Git-Tag: BumpSslServerFirst.take05~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=780b55eea61b2743e11433d58d8e83d242495c62;p=thirdparty%2Fsquid.git

Bug fix: sslpassword_program for ssl-bump http ports

Currently the sslpassword_program configuration parameter does not work
for encrypted certificate keys on ssl-bump enabled http ports, and user
always asked to give the SSL key password.

This patch fixes this problem.

This is a Measurement Factory project.
---

diff --git a/src/ssl/gadgets.cc b/src/ssl/gadgets.cc
index 7be9cb0702..fd7427e62b 100644
--- a/src/ssl/gadgets.cc
+++ b/src/ssl/gadgets.cc
@@ -355,7 +355,7 @@ static X509 * readSslX509Certificate(char const * certFilename)
     return certificate;
 }
 
-EVP_PKEY * Ssl::readSslPrivateKey(char const * keyFilename)
+EVP_PKEY * Ssl::readSslPrivateKey(char const * keyFilename, pem_password_cb *passwd_callback)
 {
     if (!keyFilename)
         return NULL;
@@ -364,7 +364,7 @@ EVP_PKEY * Ssl::readSslPrivateKey(char const * keyFilename)
         return NULL;
     if (!BIO_read_filename(bio.get(), keyFilename))
         return NULL;
-    EVP_PKEY *pkey = PEM_read_bio_PrivateKey(bio.get(), NULL, NULL, NULL);
+    EVP_PKEY *pkey = PEM_read_bio_PrivateKey(bio.get(), NULL, passwd_callback, NULL);
     return pkey;
 }
 
diff --git a/src/ssl/gadgets.h b/src/ssl/gadgets.h
index 5d7f032cc5..f041796b6c 100644
--- a/src/ssl/gadgets.h
+++ b/src/ssl/gadgets.h
@@ -231,7 +231,7 @@ bool generateSslCertificate(X509_Pointer & cert, EVP_PKEY_Pointer & pkey, Certif
  \ingroup SslCrtdSslAPI
  * Read private key from file. Make sure that this is not encrypted file.
  */
-EVP_PKEY * readSslPrivateKey(char const * keyFilename);
+EVP_PKEY * readSslPrivateKey(char const * keyFilename, pem_password_cb *passwd_callback = NULL);
 
 /**
  \ingroup SslCrtdSslAPI
diff --git a/src/ssl/support.cc b/src/ssl/support.cc
index 32f78038ae..e17119ccd0 100644
--- a/src/ssl/support.cc
+++ b/src/ssl/support.cc
@@ -1373,7 +1373,7 @@ void Ssl::readCertChainAndPrivateKeyFromFiles(X509_Pointer & cert, EVP_PKEY_Poin
         chain.reset(sk_X509_new_null());
     if (!chain)
         debugs(83, DBG_IMPORTANT, "WARNING: unable to allocate memory for cert chain");
-    pkey.reset(readSslPrivateKey(keyFilename));
+    pkey.reset(readSslPrivateKey(keyFilename, ssl_ask_password_cb));
     cert.reset(readSslX509CertificatesChain(certFilename, chain.get()));
     if (!pkey || !cert || !X509_check_private_key(cert.get(), pkey.get())) {
         pkey.reset(NULL);