opensslv1.1.patch 1.5 KB

1234567891011121314151617181920212223242526272829303132333435363738394041
  1. Since OpenSSL version 1.1.0f, SSL_use_PrivateKey_file() uses the
  2. callback from the SSL object instead of the one from the CTX, so let's
  3. set the callback on both SSL and CTX. Note that
  4. SSL_set_default_passwd_cb*() is available only in 1.1.0.
  5. ---
  6. src/crypto/tls_openssl.c | 12 ++++++++++++
  7. 1 file changed, 12 insertions(+)
  8. diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
  9. index 07c6119..7b7dc50 100644
  10. --- a/src/crypto/tls_openssl.c
  11. +++ b/src/crypto/tls_openssl.c
  12. @@ -2796,6 +2796,15 @@ static int tls_connection_private_key(struct tls_data *data,
  13. } else
  14. passwd = NULL;
  15. +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
  16. + /*
  17. + * In OpenSSL >= 1.1.0f SSL_use_PrivateKey_file() uses the callback
  18. + * from the SSL object. See OpenSSL commit d61461a75253.
  19. + */
  20. + SSL_set_default_passwd_cb(conn->ssl, tls_passwd_cb);
  21. + SSL_set_default_passwd_cb_userdata(conn->ssl, passwd);
  22. +#endif /* >= 1.1.0f && !LibreSSL */
  23. + /* Keep these for OpenSSL < 1.1.0f */
  24. SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
  25. SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
  26. @@ -2886,6 +2895,9 @@ static int tls_connection_private_key(struct tls_data *data,
  27. return -1;
  28. }
  29. ERR_clear_error();
  30. +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
  31. + SSL_set_default_passwd_cb(conn->ssl, NULL);
  32. +#endif /* >= 1.1.0f && !LibreSSL */
  33. SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
  34. os_free(passwd);
  35. --
  36. 2.9.3