From 4b9eaa1ee40648f101deb4ebf07a04cd5b5400e9 Mon Sep 17 00:00:00 2001 From: Steffan Karger Date: Fri, 19 Sep 2014 06:19:13 +0200 Subject: [PATCH] Fix regression with password protected private keys (polarssl) Between versions 1.2 and 1.3, polarssl changed the errors returned by the X509 parsing functions, which broke the OpenVPN implementation for password protected private keys in polarssl builds. This patch fixes that by checking for the new errors in OpenVPN. Signed-off-by: Steffan Karger Acked-by: Gert Doering Message-Id: <5432E951.6020405@fox-it.com> Signed-off-by: Gert Doering --- src/openvpn/ssl_polarssl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c index 62c110b4d..387e63697 100644 --- a/src/openvpn/ssl_polarssl.c +++ b/src/openvpn/ssl_polarssl.c @@ -298,7 +298,7 @@ tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file, (const unsigned char *) priv_key_inline, strlen(priv_key_inline), NULL, 0); - if (POLARSSL_ERR_PEM_PASSWORD_REQUIRED == status) + if (POLARSSL_ERR_PK_PASSWORD_REQUIRED == status) { char passbuf[512] = {0}; pem_password_callback(passbuf, 512, 0, NULL); @@ -310,7 +310,7 @@ tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file, else { status = pk_parse_keyfile(ctx->priv_key, priv_key_file, NULL); - if (POLARSSL_ERR_PEM_PASSWORD_REQUIRED == status) + if (POLARSSL_ERR_PK_PASSWORD_REQUIRED == status) { char passbuf[512] = {0}; pem_password_callback(passbuf, 512, 0, NULL); @@ -320,7 +320,7 @@ tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file, if (0 != status) { #ifdef ENABLE_MANAGEMENT - if (management && (POLARSSL_ERR_PEM_PASSWORD_MISMATCH == status)) + if (management && (POLARSSL_ERR_PK_PASSWORD_MISMATCH == status)) management_auth_failure (management, UP_TYPE_PRIVATE_KEY, NULL); #endif msg (M_WARN, "Cannot load private key file %s", priv_key_file); -- 2.47.2