[tomcat-native] branch master updated: Fix BZ 65181 Improve support for using OpenSSL Engines

Thu, 25 Mar 2021 13:32:15 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/master by this push:
     new 69e884a  Fix BZ 65181 Improve support for using OpenSSL Engines
69e884a is described below

commit 69e884a96a308a2bfdd91c7de3a9b301838031c8
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Mar 25 20:31:51 2021 +0000

    Fix BZ 65181 Improve support for using OpenSSL Engines
    
    Improve support for using OpenSSL Engines that use proprietary key
    formats. Patch provided by Edin Hodizc.
    
    https://bz.apache.org/bugzilla/show_bug.cgi?id=65181
---
 native/include/ssl_private.h      | 1 +
 native/src/sslcontext.c           | 8 +++++++-
 xdocs/miscellaneous/changelog.xml | 6 ++++++
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h
index b50bf24..f6b2840 100644
--- a/native/include/ssl_private.h
+++ b/native/include/ssl_private.h
@@ -51,6 +51,7 @@
  */
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
+extern ENGINE *tcn_ssl_engine;
 #endif
 
 #ifndef RAND_MAX
diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c
index f10b55e..5d08a78 100644
--- a/native/src/sslcontext.c
+++ b/native/src/sslcontext.c
@@ -1034,7 +1034,13 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, 
setCertificate)(TCN_STDARGS, jlong ctx,
         }
     }
     else {
-        if ((c->keys[idx] = load_pem_key(c, key_file)) == NULL) {
+        if ((c->keys[idx] = load_pem_key(c, key_file)) == NULL
+#ifndef OPENSSL_NO_ENGINE
+                && tcn_ssl_engine != NULL &&
+                (c->keys[idx] = ENGINE_load_private_key(tcn_ssl_engine, 
key_file,
+                                                        NULL, NULL)) == NULL
+#endif
+                ) {
             ERR_error_string(SSL_ERR_get(), err);
             tcn_Throw(e, "Unable to load certificate key %s (%s)",
                       key_file, err);
diff --git a/xdocs/miscellaneous/changelog.xml 
b/xdocs/miscellaneous/changelog.xml
index 5a4379f..f9874cc 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -35,6 +35,12 @@
   </p>
 </section>
 <section name="Changes in 1.2.27">
+  <changelog>
+    <add>
+      <bug>65181</bug>: Improve support for using OpenSSL Engines that use
+      proprietary key formats. Patch provided by Edin Hodizc. (markt)
+    </add>
+  </changelog>
 </section>
 <section name="Changes in 1.2.26">
   <changelog>

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to