|
Lines 1378-1383
Link Here
|
| 1378 |
#endif |
1378 |
#endif |
| 1379 |
} |
1379 |
} |
| 1380 |
|
1380 |
|
|
|
1381 |
/* SSL_CTX_use_PrivateKey_file() can fail either because the private |
| 1382 |
* key was encrypted, or due to a mismatch between an already-loaded |
| 1383 |
* cert and the key - a common misconfiguration - from calling |
| 1384 |
* X509_check_private_key(). This macro is passed the last error code |
| 1385 |
* off the OpenSSL stack and evaluates to true only for the first |
| 1386 |
* case. With OpenSSL < 3 the second case is identifiable by the |
| 1387 |
* function code, but function codes are not used from 3.0. */ |
| 1388 |
#if OPENSSL_VERSION_NUMBER < 0x30000000L |
| 1389 |
#define CHECK_PRIVKEY_ERROR(ec) (ERR_GET_FUNC(ec) != X509_F_X509_CHECK_PRIVATE_KEY) |
| 1390 |
#else |
| 1391 |
#define CHECK_PRIVKEY_ERROR(ec) (ERR_GET_LIB != ERR_LIB_X509 \ |
| 1392 |
|| (ERR_GET_REASON(ec) != X509_R_KEY_TYPE_MISMATCH \ |
| 1393 |
&& ERR_GET_REASON(ec) != X509_R_KEY_VALUES_MISMATCH \ |
| 1394 |
&& ERR_GET_REASON(ec) != X509_R_UNKNOWN_KEY_TYPE)) |
| 1395 |
#endif |
| 1396 |
|
| 1381 |
static apr_status_t ssl_init_server_certs(server_rec *s, |
1397 |
static apr_status_t ssl_init_server_certs(server_rec *s, |
| 1382 |
apr_pool_t *p, |
1398 |
apr_pool_t *p, |
| 1383 |
apr_pool_t *ptemp, |
1399 |
apr_pool_t *ptemp, |
|
Lines 1483-1490
Link Here
|
| 1483 |
} |
1499 |
} |
| 1484 |
else if ((SSL_CTX_use_PrivateKey_file(mctx->ssl_ctx, keyfile, |
1500 |
else if ((SSL_CTX_use_PrivateKey_file(mctx->ssl_ctx, keyfile, |
| 1485 |
SSL_FILETYPE_PEM) < 1) |
1501 |
SSL_FILETYPE_PEM) < 1) |
| 1486 |
&& (ERR_GET_FUNC(ERR_peek_last_error()) |
1502 |
&& CHECK_PRIVKEY_ERROR(ERR_peek_last_error())) { |
| 1487 |
!= X509_F_X509_CHECK_PRIVATE_KEY)) { |
|
|
| 1488 |
ssl_asn1_t *asn1; |
1503 |
ssl_asn1_t *asn1; |
| 1489 |
const unsigned char *ptr; |
1504 |
const unsigned char *ptr; |
| 1490 |
|
1505 |
|
