You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by mt...@apache.org on 2011/06/30 06:18:37 UTC
svn commit: r1141388 - /tomcat/native/trunk/native/src/sslcontext.c
Author: mturk
Date: Thu Jun 30 04:18:36 2011
New Revision: 1141388
URL: http://svn.apache.org/viewvc?rev=1141388&view=rev
Log:
Fix BZ51437 by trying to load the DER cerificate if pem load error was PEM_R_NO_START_LINE
Modified:
tomcat/native/trunk/native/src/sslcontext.c
Modified: tomcat/native/trunk/native/src/sslcontext.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=1141388&r1=1141387&r2=1141388&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslcontext.c (original)
+++ tomcat/native/trunk/native/src/sslcontext.c Thu Jun 30 04:18:36 2011
@@ -474,7 +474,6 @@ static X509 *load_pem_cert(tcn_ssl_ctxt_
BIO *bio = NULL;
X509 *cert = NULL;
tcn_pass_cb_t *cb_data = c->cb_data;
- int i;
if ((bio = BIO_new(BIO_s_file())) == NULL) {
return NULL;
@@ -483,14 +482,14 @@ static X509 *load_pem_cert(tcn_ssl_ctxt_
BIO_free(bio);
return NULL;
}
- for (i = 0; i < 3; i++) {
- cert = PEM_read_bio_X509_AUX(bio, NULL,
- (pem_password_cb *)SSL_password_callback,
- (void *)cb_data);
- if (cert)
- break;
- cb_data->password[0] = '\0';
+ cert = PEM_read_bio_X509_AUX(bio, NULL,
+ (pem_password_cb *)SSL_password_callback,
+ (void *)cb_data);
+ if (cert == NULL &&
+ (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE)) {
+ ERR_clear_error();
BIO_ctrl(bio, BIO_CTRL_RESET, 0, NULL);
+ cert = d2i_X509_bio(bio, NULL);
}
BIO_free(bio);
return cert;
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1141388 - /tomcat/native/trunk/native/src/sslcontext.c
Posted by Mladen Turk <mt...@apache.org>.
On 06/30/2011 08:43 AM, Konstantin Kolinko wrote:
> 2011/6/30<mt...@apache.org>:
>> Author: mturk
>> Date: Thu Jun 30 04:18:36 2011
>> New Revision: 1141388
>>
>> URL: http://svn.apache.org/viewvc?rev=1141388&view=rev
>> Log:
>> Fix BZ51437 by trying to load the DER cerificate if pem load error was PEM_R_NO_START_LINE
>>
>> Modified:
>> tomcat/native/trunk/native/src/sslcontext.c
>>
>
>> - cb_data->password[0] = '\0';
>
> The above line inside the loop in the old code - I guess it was retrying
> without a password. With your change that retry is gone.
>
> Is that OK?
>
Password callback is usable only in non service modes
since in service mode there's no gui. User is suppose to
enter the correct password first time.
In case the cert is invalid, retry will cause JVM core,
so it's either one or other. I vote for no core behavior :)
Regards
--
^TM
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1141388 - /tomcat/native/trunk/native/src/sslcontext.c
Posted by Konstantin Kolinko <kn...@gmail.com>.
2011/6/30 <mt...@apache.org>:
> Author: mturk
> Date: Thu Jun 30 04:18:36 2011
> New Revision: 1141388
>
> URL: http://svn.apache.org/viewvc?rev=1141388&view=rev
> Log:
> Fix BZ51437 by trying to load the DER cerificate if pem load error was PEM_R_NO_START_LINE
>
> Modified:
> tomcat/native/trunk/native/src/sslcontext.c
>
> - cb_data->password[0] = '\0';
The above line inside the loop in the old code - I guess it was retrying
without a password. With your change that retry is gone.
Is that OK?
(Just guessing, I do not know much of that code).
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org