Isaac Foraker wrote:
>
> Can anyone point me to documentation describing what a password callback
> should look like as set up by this function?
>
> void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
>
> I found this callback definition:
>
> int cbPasswd(char *buf, int size, int rwflag, void *userdata);
>
> What does each parameter do?
Here's some code that works for me... I don't use set_default_passwd_cb,
though.
- Dan
#include "errno.h"
#include "SSLContext.h"
#include <string.h>
// Callback function needed to pass passphrase to OpenSSL
// Assume passphrase passed in as app_context (last arg to PEM_read_bio...)
int getpassphrase_callback(char *buf, int buflen, int verify, void *app_context)
{
(void) verify;
const char *phrase = (const char *)app_context;
if (buflen < (int)strlen(phrase)+1)
return -1;
LOG_DEBUG_STATIC(("getpassphrase_callback: returning passphrase '%s' to
OpenSSL\n", phrase));
strcpy(buf, phrase);
return strlen(phrase);
}
/**
Set the given SSL_CTX's private key to the given PEM file, using the given
passphrase.
@param ctx The ssl context to modify.
@param file The name of the PEM file containing the desired private key.
@param passphrase The nul-terminated ASCII passphrase for the given private key file.
@return 0 on success, Unix error code on failure.
*/
int my_use_RSAPrivateKey_file(SSL_CTX * ctx, const char *file,
const char *passphrase)
{
int err;
int ret;
BIO *in;
RSA *rsa = NULL;
// Stolen straight from OpenSSL's code. Removed non-RSA code... should put it
back?
in = BIO_new(BIO_s_file_internal());
if (in == NULL) {
LOG_ERROR_STATIC(("SSLContext_use_RSAPrivateKey_file: can't creat bio\n"));
err = ENOMEM;
goto end;
}
if (BIO_read_filename(in, file) <= 0) {
LOG_ERROR_STATIC(("SSLContext_use_RSAPrivateKey_file: can't open file %s\n",
file));
err = errno;
goto end;
}
rsa = PEM_read_bio_RSAPrivateKey(in, NULL, getpassphrase_callback, (void
*)passphrase);
if (rsa == NULL) {
LOG_ERROR_STATIC(("SSLContext_use_RSAPrivateKey_file: can't read private key
from the file %s\n",
file));
goto end;
}
ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
RSA_free(rsa);
if (ret < 1)
err = EINVAL;
else
err = 0;
end:
if (in != NULL)
BIO_free(in);
return err;
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]