Mercurial > dovecot > original-hg > dovecot-1.2
diff src/login-common/ssl-proxy-openssl.c @ 3889:c7462001227b HEAD
Added support for password protected SSL private keys. The password can be
given in dovecot.conf, or when dovecot is started with -p parameter.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sun, 15 Jan 2006 15:16:53 +0200 |
parents | 650701d41cdf |
children | aeb424e64f24 |
line wrap: on
line diff
--- a/src/login-common/ssl-proxy-openssl.c Sun Jan 15 14:35:01 2006 +0200 +++ b/src/login-common/ssl-proxy-openssl.c Sun Jan 15 15:16:53 2006 +0200 @@ -588,9 +588,25 @@ return 1; } +static int +pem_password_callback(char *buf, int size, int rwflag __attr_unused__, + void *userdata) +{ + if (userdata == NULL) { + i_error("SSL private key file is password protected, " + "but password isn't given"); + return 0; + } + + if (strocpy(buf, userdata, size) < 0) + return 0; + return strlen(buf); +} + void ssl_proxy_init(void) { const char *cafile, *certfile, *keyfile, *cipher_list; + char *password; unsigned char buf; memset(&ssl_params, 0, sizeof(ssl_params)); @@ -599,6 +615,7 @@ certfile = getenv("SSL_CERT_FILE"); keyfile = getenv("SSL_KEY_FILE"); ssl_params.fname = getenv("SSL_PARAM_FILE"); + password = getenv("SSL_KEY_PASSWORD"); if (certfile == NULL || keyfile == NULL || ssl_params.fname == NULL) { /* SSL support is disabled */ @@ -635,6 +652,8 @@ certfile, ssl_last_error()); } + SSL_CTX_set_default_passwd_cb(ssl_ctx, pem_password_callback); + SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, password); if (SSL_CTX_use_PrivateKey_file(ssl_ctx, keyfile, SSL_FILETYPE_PEM) != 1) { i_fatal("Can't load private key file %s: %s",