diff options
| author | Joe Orton <jorton@apache.org> | 2018-05-04 19:56:32 +0200 |
|---|---|---|
| committer | Joe Orton <jorton@apache.org> | 2018-05-04 19:56:32 +0200 |
| commit | 9e4ad2f685bfde0cdb47c7a9cd95edec40c2e35b (patch) | |
| tree | 9ccf6fdf0791feb9fb7aa2fcec11be81c284edcb /modules/ssl/ssl_engine_pphrase.c | |
| parent | * modules/ssl/ssl_util_ssl.c (modssl_read_privatekey): Remove unused (diff) | |
| download | apache2-9e4ad2f685bfde0cdb47c7a9cd95edec40c2e35b.tar.xz apache2-9e4ad2f685bfde0cdb47c7a9cd95edec40c2e35b.zip | |
Simplify the ssl_asn1_table API, remove abstraction (it is used only
to cache serialized EVP_PKEYs not any char * blobs), and document.
* modules/ssl/ssl_util.c (ssl_asn1_table_set): Take the EVP_PKEY and
serialize internally. Use ap_realloc. Return the ssl_asn1_t *
pointer. Don't call apr_hash_set() for unchanged pointer case.
* modules/ssl/ssl_engine_pphrase.c (ssl_load_encrypted_pkey):
Adjust for the above.
* modules/ssl/ssl_private.h: Adjust as above, add docs.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830927 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/ssl/ssl_engine_pphrase.c')
| -rw-r--r-- | modules/ssl/ssl_engine_pphrase.c | 15 |
1 files changed, 3 insertions, 12 deletions
diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c index 193f3f9e89..4b74cc589e 100644 --- a/modules/ssl/ssl_engine_pphrase.c +++ b/modules/ssl/ssl_engine_pphrase.c @@ -137,8 +137,6 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx, const char *key_id = asn1_table_vhost_key(mc, p, sc->vhost_id, idx); EVP_PKEY *pPrivateKey = NULL; ssl_asn1_t *asn1; - unsigned char *ucp; - long int length; int nPassPhrase = (*pphrases)->nelts; int nPassPhraseRetry = 0; apr_time_t pkey_mtime = 0; @@ -345,19 +343,12 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx, nPassPhrase++; } - /* - * Insert private key into the global module configuration - * (we convert it to a stand-alone DER byte sequence - * because the SSL library uses static variables inside a - * RSA structure which do not survive DSO reloads!) - */ - length = i2d_PrivateKey(pPrivateKey, NULL); - ucp = ssl_asn1_table_set(mc->tPrivateKey, key_id, length); - (void)i2d_PrivateKey(pPrivateKey, &ucp); /* 2nd arg increments */ + /* Cache the private key in the global module configuration so it + * can be used after subsequent reloads. */ + asn1 = ssl_asn1_table_set(mc->tPrivateKey, key_id, pPrivateKey); if (ppcb_arg.nPassPhraseDialogCur != 0) { /* remember mtime of encrypted keys */ - asn1 = ssl_asn1_table_get(mc->tPrivateKey, key_id); asn1->source_mtime = pkey_mtime; } |