Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[openvpn] Fix OpenSSL private key passphrase notices. Fixes JB#47348
- Loading branch information
Showing
2 changed files
with
48 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
commit 174c85fb469384f1c28b77cdd5a81946c0f19202 | ||
Author: Santtu Lakkala <santtu.lakkala@jolla.com> | ||
Date: Thu Oct 17 10:42:41 2019 +0300 | ||
|
||
Fix OpenSSL private key passphrase notices | ||
|
||
Clear error stack on successful certificate loading in | ||
tls_ctx_load_cert_file_and_copy() and handle errors also for | ||
PEM_read_bio_PrivateKey() call in tls_ctx_load_priv_file(). | ||
|
||
Due to certificate loading possibly leaking non-fatal errors on OpenSSL | ||
error stack, and some slight oversights in error handling, the | ||
|
||
>PASSWORD:Verification Failed: 'Private Key' | ||
|
||
line was never produced on the management channel for PEM formatted keys. | ||
|
||
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c | ||
index f23d2461..c8973992 100644 | ||
--- a/src/openvpn/ssl_openssl.c | ||
+++ b/src/openvpn/ssl_openssl.c | ||
@@ -857,6 +857,10 @@ end: | ||
crypto_msg(M_FATAL, "Cannot load certificate file %s", cert_file); | ||
} | ||
} | ||
+ else | ||
+ { | ||
+ crypto_print_openssl_errors(M_DEBUG); | ||
+ } | ||
|
||
if (in != NULL) | ||
{ | ||
@@ -910,12 +914,7 @@ tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, | ||
pkey = PEM_read_bio_PrivateKey(in, NULL, | ||
SSL_CTX_get_default_passwd_cb(ctx->ctx), | ||
SSL_CTX_get_default_passwd_cb_userdata(ctx->ctx)); | ||
- if (!pkey) | ||
- { | ||
- goto end; | ||
- } | ||
- | ||
- if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey)) | ||
+ if (!pkey || !SSL_CTX_use_PrivateKey(ssl_ctx, pkey)) | ||
{ | ||
#ifdef ENABLE_MANAGEMENT | ||
if (management && (ERR_GET_REASON(ERR_peek_error()) == EVP_R_BAD_DECRYPT)) |