On Fri, Mar 05, 1999, [EMAIL PROTECTED] wrote:
> "Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
> [snip]
> > Ok, ok, when I understand you correctly, you want that mod_ssl can read any
> > combination.... Let's see what I can do.
>
> Much appreciated! Though I don't think every combination is required. At
> least not by us. DER Base64 encoding of PKCS#5/8 keys, and DER Base64
> encoding of raw X.509 certs would be a nice start.
Ok, with the appended patch I was at least able to load PEM, DER+Base64 and
plain DER server.crt and server.key files. Please try it out with your
cert/keys and give me feedback, please.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Index: ssl_engine_pphrase.c
===================================================================
RCS file: /e/apache/SSL/REPOS/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_pphrase.c,v
retrieving revision 1.28
diff -u -r1.28 ssl_engine_pphrase.c
--- ssl_engine_pphrase.c 1999/03/04 09:25:47 1.28
+++ ssl_engine_pphrase.c 1999/03/05 21:49:53
@@ -136,8 +136,7 @@
"Init: Can't open server certificate file %s", szPath);
ssl_die();
}
- pX509Cert = X509_new();
- if (!PEM_read_X509(fp, &pX509Cert, NULL)) {
+ if ((pX509Cert = SSL_read_X509(fp, NULL, NULL)) == NULL) {
ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
"Init: Unable to read server certificate from file %s", szPath);
ssl_die();
@@ -194,7 +193,6 @@
myCtxVarSet(mc, 8, &nPassPhraseDialogCur);
myCtxVarSet(mc, 9, &bPassPhraseDialogOnce);
- pRSAKey = RSA_new();
nPassPhraseCur = 0;
nPassPhraseRetry = 0;
nPassPhraseDialogCur = 0;
@@ -212,8 +210,8 @@
ssl_die();
}
cpPassPhraseCur = NULL;
- bReadable = (PEM_read_RSAPrivateKey(fp, &pRSAKey,
- ssl_pphrase_Handle_CB) ? TRUE : FALSE);
+ bReadable = ((pRSAKey = SSL_read_RSAPrivateKey(fp, NULL,
+ ssl_pphrase_Handle_CB)) != NULL ? TRUE : FALSE);
ap_pfclose(p, fp);
/*
Index: ssl_util_ssl.c
===================================================================
RCS file: /e/apache/SSL/REPOS/mod_ssl/pkg.apache/src/modules/ssl/ssl_util_ssl.c,v
retrieving revision 1.3
diff -u -r1.3 ssl_util_ssl.c
--- ssl_util_ssl.c 1999/03/04 09:25:47 1.3
+++ ssl_util_ssl.c 1999/03/05 21:42:01
@@ -92,3 +92,85 @@
return;
}
+/* _________________________________________________________________
+**
+** High-Level Certificate / Private Key Loading
+** _________________________________________________________________
+*/
+
+X509 *SSL_read_X509(FILE *fp, X509 **x509, int (*cb)())
+{
+ X509 *rc;
+ BIO *bioS;
+ BIO *bioF;
+
+ /* 1. try PEM (= DER+Base64+headers) */
+ rc = PEM_read_X509(fp, x509, cb);
+ if (rc == NULL) {
+ /* 2. try DER+Base64 */
+ fseek(fp, 0L, SEEK_SET);
+ if ((bioS = BIO_new(BIO_s_fd())) == NULL)
+ return NULL;
+ BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);
+ if ((bioF = BIO_new(BIO_f_base64())) == NULL)
+ return NULL;
+ bioS = BIO_push(bioF, bioS);
+ rc = d2i_X509_bio(bioS, NULL);
+ BIO_free(bioF);
+ BIO_free(bioS);
+ if (rc == NULL) {
+ /* 3. try plain DER */
+ fseek(fp, 0L, SEEK_SET);
+ if ((bioS = BIO_new(BIO_s_fd())) == NULL)
+ return NULL;
+ BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);
+ rc = d2i_X509_bio(bioS, NULL);
+ BIO_free(bioS);
+ }
+ }
+ if (rc != NULL && x509 != NULL) {
+ if (*x509 != NULL)
+ X509_free(*x509);
+ *x509 = rc;
+ }
+ return rc;
+}
+
+RSA *SSL_read_RSAPrivateKey(FILE *fp, RSA **rsa, int (*cb)())
+{
+ RSA *rc;
+ BIO *bioS;
+ BIO *bioF;
+
+ /* 1. try PEM (= DER+Base64+headers) */
+ rc = PEM_read_RSAPrivateKey(fp, rsa, cb);
+ if (rc == NULL) {
+ /* 2. try DER+Base64 */
+ fseek(fp, 0L, SEEK_SET);
+ if ((bioS = BIO_new(BIO_s_fd())) == NULL)
+ return NULL;
+ BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);
+ if ((bioF = BIO_new(BIO_f_base64())) == NULL)
+ return NULL;
+ bioS = BIO_push(bioF, bioS);
+ rc = d2i_RSAPrivateKey_bio(bioS, NULL);
+ BIO_free(bioF);
+ BIO_free(bioS);
+ if (rc == NULL) {
+ /* 3. try plain DER */
+ fseek(fp, 0L, SEEK_SET);
+ if ((bioS = BIO_new(BIO_s_fd())) == NULL)
+ return NULL;
+ BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);
+ rc = d2i_RSAPrivateKey_bio(bioS, NULL);
+ BIO_free(bioS);
+ }
+ }
+ if (rc != NULL && rsa != NULL) {
+ if (*rsa != NULL)
+ RSA_free(*rsa);
+ *rsa = rc;
+ }
+ return rc;
+}
+
Index: ssl_util_ssl.h
===================================================================
RCS file: /e/apache/SSL/REPOS/mod_ssl/pkg.apache/src/modules/ssl/ssl_util_ssl.h,v
retrieving revision 1.4
diff -u -r1.4 ssl_util_ssl.h
--- ssl_util_ssl.h 1999/03/04 09:25:47 1.4
+++ ssl_util_ssl.h 1999/03/05 20:28:06
@@ -100,5 +100,7 @@
int SSL_get_app_data2_idx(void);
void *SSL_get_app_data2(SSL *);
void SSL_set_app_data2(SSL *, void *);
+X509 *SSL_read_X509(FILE *, X509 **, int (*)());
+RSA *SSL_read_RSAPrivateKey(FILE *, RSA **, int (*)());
#endif /* SSL_UTIL_SSL_H */
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]