You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by mt...@apache.org on 2011/06/30 06:26:36 UTC
svn commit: r1141392 - in /tomcat/native/branches/1.1.x:
native/src/sslcontext.c xdocs/miscellaneous/changelog.xml
Author: mturk
Date: Thu Jun 30 04:26:36 2011
New Revision: 1141392
URL: http://svn.apache.org/viewvc?rev=1141392&view=rev
Log:
Fix BZ51437 by trying to load the DER cerificate if pem load error was PEM_R_NO_START_LINE
Modified:
tomcat/native/branches/1.1.x/native/src/sslcontext.c
tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml
Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1141392&r1=1141391&r2=1141392&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Thu Jun 30 04:26:36 2011
@@ -447,7 +447,6 @@ static EVP_PKEY *load_pem_key(tcn_ssl_ct
BIO *bio = NULL;
EVP_PKEY *key = NULL;
tcn_pass_cb_t *cb_data = c->cb_data;
- int i;
if ((bio = BIO_new(BIO_s_file())) == NULL) {
return NULL;
@@ -458,14 +457,14 @@ static EVP_PKEY *load_pem_key(tcn_ssl_ct
}
if (!cb_data)
cb_data = &tcn_password_callback;
- for (i = 0; i < 3; i++) {
- key = PEM_read_bio_PrivateKey(bio, NULL,
- (pem_password_cb *)SSL_password_callback,
- (void *)cb_data);
- if (key)
- break;
- cb_data->password[0] = '\0';
+ cert = PEM_read_bio_X509_AUX(bio, NULL,
+ (pem_password_cb *)SSL_password_callback,
+ (void *)cb_data);
+ if (cert == NULL &&
+ (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE)) {
+ ERR_clear_error();
BIO_ctrl(bio, BIO_CTRL_RESET, 0, NULL);
+ cert = d2i_X509_bio(bio, NULL);
}
BIO_free(bio);
return key;
Modified: tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml?rev=1141392&r1=1141391&r2=1141392&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml Thu Jun 30 04:26:36 2011
@@ -39,6 +39,9 @@
<section name="Changes between 1.1.20 and 1.1.21">
<changelog>
<fix>
+ <bug>51437</bug>: Try loading certificate in DER format if PEM was invalid. (mturk)
+ </fix>
+ <fix>
<bug>49557</bug>: index erro in the loop to get the env info in the proc.create function. (kkolinko, jfclere)
</fix>
<fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1141392 - in /tomcat/native/branches/1.1.x: native/src/sslcontext.c
xdocs/miscellaneous/changelog.xml
Posted by Rainer Jung <ra...@kippdata.de>.
> I was checking trunk and 1.1.x for differences and I think this backport
> of 1141388 is wrong.
>
> In trunk you patched the function load_pem_cert(), in 1.1.x the function
> load_pem_key(), therefore replacing "key" with "cert" etc. I guess you
> want to revert the change to load_pem_key() and instead apply the patch
> to load_pem_cert().
I reverted it in 1144899 and hopefully applied the correct backport in
1144900. It would be nice, if you could check it.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1141392 - in /tomcat/native/branches/1.1.x: native/src/sslcontext.c
xdocs/miscellaneous/changelog.xml
Posted by Rainer Jung <ra...@kippdata.de>.
Hi Mladen,
On 30.06.2011 06:26, mturk@apache.org wrote:
> Author: mturk
> Date: Thu Jun 30 04:26:36 2011
> New Revision: 1141392
>
> URL: http://svn.apache.org/viewvc?rev=1141392&view=rev
> Log:
> Fix BZ51437 by trying to load the DER cerificate if pem load error was PEM_R_NO_START_LINE
>
> Modified:
> tomcat/native/branches/1.1.x/native/src/sslcontext.c
> tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml
>
> Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c
> URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1141392&r1=1141391&r2=1141392&view=diff
> ==============================================================================
> --- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original)
> +++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Thu Jun 30 04:26:36 2011
> @@ -447,7 +447,6 @@ static EVP_PKEY *load_pem_key(tcn_ssl_ct
> BIO *bio = NULL;
> EVP_PKEY *key = NULL;
> tcn_pass_cb_t *cb_data = c->cb_data;
> - int i;
>
> if ((bio = BIO_new(BIO_s_file())) == NULL) {
> return NULL;
> @@ -458,14 +457,14 @@ static EVP_PKEY *load_pem_key(tcn_ssl_ct
> }
> if (!cb_data)
> cb_data = &tcn_password_callback;
> - for (i = 0; i < 3; i++) {
> - key = PEM_read_bio_PrivateKey(bio, NULL,
> - (pem_password_cb *)SSL_password_callback,
> - (void *)cb_data);
> - if (key)
> - break;
> - cb_data->password[0] = '\0';
> + cert = PEM_read_bio_X509_AUX(bio, NULL,
> + (pem_password_cb *)SSL_password_callback,
> + (void *)cb_data);
> + if (cert == NULL &&
> + (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE)) {
> + ERR_clear_error();
> BIO_ctrl(bio, BIO_CTRL_RESET, 0, NULL);
> + cert = d2i_X509_bio(bio, NULL);
> }
> BIO_free(bio);
> return key;
>
I was checking turnk and 1.1.x for differences and I think this backport
of 1141388 is wrong.
In trunk you patched the function load_pem_cert(), in 1.1.x the function
load_pem_key(), therefore replacing "key" with "cert" etc. I guess you
want to revert the change to load_pem_key() and instead apply the patch
to load_pem_cert().
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org