trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shinr...@apache.org
Subject [trafficserver] branch master updated: Recognize openssl engines for key loading.
Date Tue, 03 Jul 2018 14:56:09 GMT
This is an automated email from the ASF dual-hosted git repository.

shinrich pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
     new 8e97714  Recognize openssl engines for key loading.
8e97714 is described below

commit 8e97714f49a30d7ba7575c6a78d3111fd73b80f9
Author: Susan Hinrichs <shinrich@oath.com>
AuthorDate: Fri Jun 29 16:11:59 2018 +0000

    Recognize openssl engines for key loading.
---
 iocore/net/SSLUtils.cc | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index e383c26..c6405ff 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1340,7 +1340,13 @@ SSLDefaultServerContext()
 static bool
 SSLPrivateKeyHandler(SSL_CTX *ctx, const SSLConfigParams *params, const ats_scoped_str &completeServerCertPath,
const char *keyPath)
 {
-  if (!keyPath) {
+  ENGINE *e = ENGINE_get_default_RSA();
+  if (e != nullptr) {
+    const char *argkey = (keyPath == nullptr || keyPath[0] == '\0') ? completeServerCertPath
: keyPath;
+    if (!SSL_CTX_use_PrivateKey(ctx, ENGINE_load_private_key(e, argkey, nullptr, nullptr)))
{
+      SSLError("failed to load server private key from engine");
+    }
+  } else if (!keyPath) {
     // assume private key is contained in cert obtained from multicert file.
     if (!SSL_CTX_use_PrivateKey_file(ctx, completeServerCertPath, SSL_FILETYPE_PEM)) {
       SSLError("failed to load server private key from %s", (const char *)completeServerCertPath);
@@ -1360,7 +1366,7 @@ SSLPrivateKeyHandler(SSL_CTX *ctx, const SSLConfigParams *params, const
ats_scop
     return false;
   }
 
-  if (!SSL_CTX_check_private_key(ctx)) {
+  if (e == nullptr && !SSL_CTX_check_private_key(ctx)) {
     SSLError("server private key does not match the certificate public key");
     return false;
   }


Mime
View raw message