Lines 1378-1383
Link Here
|
1378 |
#endif |
1378 |
#endif |
1379 |
} |
1379 |
} |
1380 |
|
1380 |
|
|
|
1381 |
/* SSL_CTX_use_PrivateKey_file() can fail either because the private |
1382 |
* key was encrypted, or due to a mismatch between an already-loaded |
1383 |
* cert and the key - a common misconfiguration - from calling |
1384 |
* X509_check_private_key(). This macro is passed the last error code |
1385 |
* off the OpenSSL stack and evaluates to true only for the first |
1386 |
* case. With OpenSSL < 3 the second case is identifiable by the |
1387 |
* function code, but function codes are not used from 3.0. */ |
1388 |
#if OPENSSL_VERSION_NUMBER < 0x30000000L |
1389 |
#define CHECK_PRIVKEY_ERROR(ec) (ERR_GET_FUNC(ec) != X509_F_X509_CHECK_PRIVATE_KEY) |
1390 |
#else |
1391 |
#define CHECK_PRIVKEY_ERROR(ec) (ERR_GET_LIB != ERR_LIB_X509 \ |
1392 |
|| (ERR_GET_REASON(ec) != X509_R_KEY_TYPE_MISMATCH \ |
1393 |
&& ERR_GET_REASON(ec) != X509_R_KEY_VALUES_MISMATCH \ |
1394 |
&& ERR_GET_REASON(ec) != X509_R_UNKNOWN_KEY_TYPE)) |
1395 |
#endif |
1396 |
|
1381 |
static apr_status_t ssl_init_server_certs(server_rec *s, |
1397 |
static apr_status_t ssl_init_server_certs(server_rec *s, |
1382 |
apr_pool_t *p, |
1398 |
apr_pool_t *p, |
1383 |
apr_pool_t *ptemp, |
1399 |
apr_pool_t *ptemp, |
Lines 1483-1490
Link Here
|
1483 |
} |
1499 |
} |
1484 |
else if ((SSL_CTX_use_PrivateKey_file(mctx->ssl_ctx, keyfile, |
1500 |
else if ((SSL_CTX_use_PrivateKey_file(mctx->ssl_ctx, keyfile, |
1485 |
SSL_FILETYPE_PEM) < 1) |
1501 |
SSL_FILETYPE_PEM) < 1) |
1486 |
&& (ERR_GET_FUNC(ERR_peek_last_error()) |
1502 |
&& CHECK_PRIVKEY_ERROR(ERR_peek_last_error())) { |
1487 |
!= X509_F_X509_CHECK_PRIVATE_KEY)) { |
|
|
1488 |
ssl_asn1_t *asn1; |
1503 |
ssl_asn1_t *asn1; |
1489 |
const unsigned char *ptr; |
1504 |
const unsigned char *ptr; |
1490 |
|
1505 |
|