Re: svn commit: r1141392 - in /tomcat/native/branches/1.1.x: native/src/sslcontext.c xdocs/miscellaneous/changelog.xml

Sun, 10 Jul 2011 09:17:01 -0700 

Hi Mladen,

On 30.06.2011 06:26, mt...@apache.org wrote:
> Author: mturk
> Date: Thu Jun 30 04:26:36 2011
> New Revision: 1141392
> 
> URL: http://svn.apache.org/viewvc?rev=1141392&view=rev
> Log:
> Fix BZ51437 by trying to load the DER cerificate if pem load error was 
> PEM_R_NO_START_LINE
> 
> Modified:
>     tomcat/native/branches/1.1.x/native/src/sslcontext.c
>     tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml
> 
> Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c
> URL: 
> http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1141392&r1=1141391&r2=1141392&view=diff
> ==============================================================================
> --- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original)
> +++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Thu Jun 30 04:26:36 
> 2011
> @@ -447,7 +447,6 @@ static EVP_PKEY *load_pem_key(tcn_ssl_ct
>      BIO *bio = NULL;
>      EVP_PKEY *key = NULL;
>      tcn_pass_cb_t *cb_data = c->cb_data;
> -    int i;
>  
>      if ((bio = BIO_new(BIO_s_file())) == NULL) {
>          return NULL;
> @@ -458,14 +457,14 @@ static EVP_PKEY *load_pem_key(tcn_ssl_ct
>      }
>      if (!cb_data)
>          cb_data = &tcn_password_callback;
> -    for (i = 0; i < 3; i++) {
> -        key = PEM_read_bio_PrivateKey(bio, NULL,
> -                    (pem_password_cb *)SSL_password_callback,
> -                    (void *)cb_data);
> -        if (key)
> -            break;
> -        cb_data->password[0] = '\0';
> +    cert = PEM_read_bio_X509_AUX(bio, NULL,
> +                (pem_password_cb *)SSL_password_callback,
> +                (void *)cb_data);
> +    if (cert == NULL &&
> +       (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE)) {
> +        ERR_clear_error();
>          BIO_ctrl(bio, BIO_CTRL_RESET, 0, NULL);
> +        cert = d2i_X509_bio(bio, NULL);
>      }
>      BIO_free(bio);
>      return key;
> 
I was checking turnk and 1.1.x for differences and I think this backport
of 1141388 is wrong.

In trunk you patched the function load_pem_cert(), in 1.1.x the function
load_pem_key(), therefore replacing "key" with "cert" etc. I guess you
want to revert the change to load_pem_key() and instead apply the patch
to load_pem_cert().

Regards,

Rainer


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to