[dovecot-cvs] dovecot/src/login-common ssl-proxy-openssl.c, 1.33,
1.34
cras at dovecot.org
cras at dovecot.org
Sun Jan 15 15:16:55 EET 2006
- Previous message: [dovecot-cvs] dovecot/src/master master-settings.c, 1.99,
1.100 ssl-init-openssl.c, 1.5, 1.6 ssl-init.c, 1.14, 1.15
- Next message: [dovecot-cvs] dovecot/src/master Makefile.am, 1.17, 1.18 common.h,
1.24, 1.25 login-process.c, 1.69, 1.70 main.c, 1.70,
1.71 master-settings.c, 1.100, 1.101 master-settings.h, 1.66, 1.67
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /var/lib/cvs/dovecot/src/login-common
In directory talvi:/tmp/cvs-serv13625/src/login-common
Modified Files:
ssl-proxy-openssl.c
Log Message:
Added support for password protected SSL private keys. The password can be
given in dovecot.conf, or when dovecot is started with -p parameter.
Index: ssl-proxy-openssl.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/login-common/ssl-proxy-openssl.c,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -d -r1.33 -r1.34
--- ssl-proxy-openssl.c 15 Jan 2006 12:35:01 -0000 1.33
+++ ssl-proxy-openssl.c 15 Jan 2006 13:16:53 -0000 1.34
@@ -588,9 +588,25 @@
return 1;
}
+static int
+pem_password_callback(char *buf, int size, int rwflag __attr_unused__,
+ void *userdata)
+{
+ if (userdata == NULL) {
+ i_error("SSL private key file is password protected, "
+ "but password isn't given");
+ return 0;
+ }
+
+ if (strocpy(buf, userdata, size) < 0)
+ return 0;
+ return strlen(buf);
+}
+
void ssl_proxy_init(void)
{
const char *cafile, *certfile, *keyfile, *cipher_list;
+ char *password;
unsigned char buf;
memset(&ssl_params, 0, sizeof(ssl_params));
@@ -599,6 +615,7 @@
certfile = getenv("SSL_CERT_FILE");
keyfile = getenv("SSL_KEY_FILE");
ssl_params.fname = getenv("SSL_PARAM_FILE");
+ password = getenv("SSL_KEY_PASSWORD");
if (certfile == NULL || keyfile == NULL || ssl_params.fname == NULL) {
/* SSL support is disabled */
@@ -635,6 +652,8 @@
certfile, ssl_last_error());
}
+ SSL_CTX_set_default_passwd_cb(ssl_ctx, pem_password_callback);
+ SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, password);
if (SSL_CTX_use_PrivateKey_file(ssl_ctx, keyfile,
SSL_FILETYPE_PEM) != 1) {
i_fatal("Can't load private key file %s: %s",
- Previous message: [dovecot-cvs] dovecot/src/master master-settings.c, 1.99,
1.100 ssl-init-openssl.c, 1.5, 1.6 ssl-init.c, 1.14, 1.15
- Next message: [dovecot-cvs] dovecot/src/master Makefile.am, 1.17, 1.18 common.h,
1.24, 1.25 login-process.c, 1.69, 1.70 main.c, 1.70,
1.71 master-settings.c, 1.100, 1.101 master-settings.h, 1.66, 1.67
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the dovecot-cvs
mailing list