Mercurial > dovecot > original-hg > dovecot-1.2

diff src/login-common/ssl-proxy-openssl.c @ 3889:c7462001227b HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added support for password protected SSL private keys. The password can be given in dovecot.conf, or when dovecot is started with -p parameter.
author Timo Sirainen <tss@iki.fi>
date Sun, 15 Jan 2006 15:16:53 +0200
parents 650701d41cdf
children aeb424e64f24
line wrap: on
line diff
--- a/src/login-common/ssl-proxy-openssl.c	Sun Jan 15 14:35:01 2006 +0200
+++ b/src/login-common/ssl-proxy-openssl.c	Sun Jan 15 15:16:53 2006 +0200
@@ -588,9 +588,25 @@
 	return 1;
 }
 
+static int
+pem_password_callback(char *buf, int size, int rwflag __attr_unused__,
+		      void *userdata)
+{
+	if (userdata == NULL) {
+		i_error("SSL private key file is password protected, "
+			"but password isn't given");
+		return 0;
+	}
+
+	if (strocpy(buf, userdata, size) < 0)
+		return 0;
+	return strlen(buf);
+}
+
 void ssl_proxy_init(void)
 {
 	const char *cafile, *certfile, *keyfile, *cipher_list;
+	char *password;
 	unsigned char buf;
 
 	memset(&ssl_params, 0, sizeof(ssl_params));
@@ -599,6 +615,7 @@
 	certfile = getenv("SSL_CERT_FILE");
 	keyfile = getenv("SSL_KEY_FILE");
 	ssl_params.fname = getenv("SSL_PARAM_FILE");
+	password = getenv("SSL_KEY_PASSWORD");
 
 	if (certfile == NULL || keyfile == NULL || ssl_params.fname == NULL) {
 		/* SSL support is disabled */
@@ -635,6 +652,8 @@
 			certfile, ssl_last_error());
 	}
 
+        SSL_CTX_set_default_passwd_cb(ssl_ctx, pem_password_callback);
+        SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, password);
 	if (SSL_CTX_use_PrivateKey_file(ssl_ctx, keyfile,
 					SSL_FILETYPE_PEM) != 1) {
 		i_fatal("Can't load private key file %s: %s",