You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by mt...@apache.org on 2007/03/18 08:28:20 UTC
svn commit: r519568 - /tomcat/connectors/trunk/jni/native/src/sslcontext.c
Author: mturk
Date: Sun Mar 18 00:28:19 2007
New Revision: 519568
URL: http://svn.apache.org/viewvc?view=rev&rev=519568
Log:
Ask 3 times for passwords before giving up.
Modified:
tomcat/connectors/trunk/jni/native/src/sslcontext.c
Modified: tomcat/connectors/trunk/jni/native/src/sslcontext.c
URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jni/native/src/sslcontext.c?view=diff&rev=519568&r1=519567&r2=519568
==============================================================================
--- tomcat/connectors/trunk/jni/native/src/sslcontext.c (original)
+++ tomcat/connectors/trunk/jni/native/src/sslcontext.c Sun Mar 18 00:28:19 2007
@@ -438,7 +438,8 @@
{
BIO *bio = NULL;
EVP_PKEY *key = NULL;
- void *cb_data = c->cb_data;
+ tcn_pass_cb_t *cb_data = c->cb_data;
+ int i;
if ((bio = BIO_new(BIO_s_file())) == NULL) {
return NULL;
@@ -449,17 +450,25 @@
}
if (!cb_data)
cb_data = &tcn_password_callback;
- key = PEM_read_bio_PrivateKey(bio, NULL,
- (pem_password_cb *)SSL_password_callback,
- cb_data);
+ for (i = 0; i < 3; i++) {
+ key = PEM_read_bio_PrivateKey(bio, NULL,
+ (pem_password_cb *)SSL_password_callback,
+ (void *)cb_data);
+ if (key)
+ break;
+ cb_data->password[0] = '\0';
+ BIO_ctrl(bio, BIO_CTRL_RESET, 0, NULL);
+ }
BIO_free(bio);
return key;
}
-static X509 *load_pem_cert(const char *file)
+static X509 *load_pem_cert(tcn_ssl_ctxt_t *c, const char *file)
{
BIO *bio = NULL;
X509 *cert = NULL;
+ tcn_pass_cb_t *cb_data = c->cb_data;
+ int i;
if ((bio = BIO_new(BIO_s_file())) == NULL) {
return NULL;
@@ -468,9 +477,15 @@
BIO_free(bio);
return NULL;
}
- cert = PEM_read_bio_X509_AUX(bio, NULL,
- (pem_password_cb *)SSL_password_callback,
- NULL);
+ for (i = 0; i < 3; i++) {
+ cert = PEM_read_bio_X509_AUX(bio, NULL,
+ (pem_password_cb *)SSL_password_callback,
+ (void *)cb_data);
+ if (cert)
+ break;
+ cb_data->password[0] = '\0';
+ BIO_ctrl(bio, BIO_CTRL_RESET, 0, NULL);
+ }
BIO_free(bio);
return cert;
}
@@ -530,7 +545,7 @@
rv = JNI_FALSE;
goto cleanup;
}
- if ((c->certs[idx] = load_pem_cert(cert_file)) == NULL) {
+ if ((c->certs[idx] = load_pem_cert(c, cert_file)) == NULL) {
ERR_error_string(ERR_get_error(), err);
tcn_Throw(e, "Unable to load certificate %s (%s)",
cert_file, err);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org