BUG/MINOR: ssl: Do not look for key in extra files if already in pem
A bug was introduced by commit 9bf3a1f67e
"BUG/MINOR: ssl: Fix crash when no private key is found in pem".
If a private key is already contained in a pem file, we will still look
for a .key file and load its private key if it exists when we should
not.
This patch should be backported to all branches where the original fix
was backported (all the way to 2.2).
This commit is contained in:
parent
d543ae0e68
commit
1bad7db4a1
|
@ -356,37 +356,39 @@ int ssl_sock_load_files_into_ckch(const char *path, struct cert_key_and_chain *c
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* If no private key was found yet and we cannot look for it in extra
|
if (ckch->key == NULL) {
|
||||||
* files, raise an error.
|
/* If no private key was found yet and we cannot look for it in extra
|
||||||
*/
|
* files, raise an error.
|
||||||
if ((ckch->key == NULL) && !(global_ssl.extra_files & SSL_GF_KEY)) {
|
*/
|
||||||
memprintf(err, "%sNo Private Key found in '%s'.\n", err && *err ? *err : "", fp->area);
|
if (!(global_ssl.extra_files & SSL_GF_KEY)) {
|
||||||
goto end;
|
memprintf(err, "%sNo Private Key found in '%s'.\n", err && *err ? *err : "", fp->area);
|
||||||
}
|
|
||||||
|
|
||||||
/* try to load an external private key if it wasn't in the PEM */
|
|
||||||
if (!chunk_strcat(fp, ".key") || (b_data(fp) > MAXPATHLEN)) {
|
|
||||||
memprintf(err, "%s '%s' filename too long'.\n",
|
|
||||||
err && *err ? *err : "", fp->area);
|
|
||||||
ret = 1;
|
|
||||||
goto end;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (stat(fp->area, &st) == 0) {
|
|
||||||
if (ssl_sock_load_key_into_ckch(fp->area, NULL, ckch, err)) {
|
|
||||||
memprintf(err, "%s '%s' is present but cannot be read or parsed'.\n",
|
|
||||||
err && *err ? *err : "", fp->area);
|
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if (ckch->key == NULL) {
|
/* try to load an external private key if it wasn't in the PEM */
|
||||||
memprintf(err, "%sNo Private Key found in '%s'.\n", err && *err ? *err : "", fp->area);
|
if (!chunk_strcat(fp, ".key") || (b_data(fp) > MAXPATHLEN)) {
|
||||||
goto end;
|
memprintf(err, "%s '%s' filename too long'.\n",
|
||||||
|
err && *err ? *err : "", fp->area);
|
||||||
|
ret = 1;
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (stat(fp->area, &st) == 0) {
|
||||||
|
if (ssl_sock_load_key_into_ckch(fp->area, NULL, ckch, err)) {
|
||||||
|
memprintf(err, "%s '%s' is present but cannot be read or parsed'.\n",
|
||||||
|
err && *err ? *err : "", fp->area);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (ckch->key == NULL) {
|
||||||
|
memprintf(err, "%sNo Private Key found in '%s'.\n", err && *err ? *err : "", fp->area);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
/* remove the added extension */
|
||||||
|
*(fp->area + fp->data - strlen(".key")) = '\0';
|
||||||
|
b_sub(fp, strlen(".key"));
|
||||||
}
|
}
|
||||||
/* remove the added extension */
|
|
||||||
*(fp->area + fp->data - strlen(".key")) = '\0';
|
|
||||||
b_sub(fp, strlen(".key"));
|
|
||||||
|
|
||||||
|
|
||||||
if (!X509_check_private_key(ckch->cert, ckch->key)) {
|
if (!X509_check_private_key(ckch->cert, ckch->key)) {
|
||||||
|
|
Loading…
Reference in New Issue