/
900-box_certificate.patch
46 lines (43 loc) · 1.58 KB
/
900-box_certificate.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
--- src/ctx.c
+++ src/ctx.c
@@ -803,16 +803,38 @@
return 0; /* OK */
}
+#include <privatekeypassword/privatekeypassword.h>
+
+NOEXPORT int fritzbox_passwd_get_cb(char *buf, int size, int rwflag, __attribute__((unused)) void *userdata) {
+ return getPrivateKeyPassword_OpenSSL_Callback(buf, size, rwflag, NULL);
+}
+
+NOEXPORT int is_fritzbox_key(const char *file_name) {
+ struct stat sb;
+
+ if (stat(file_name, &sb))
+ return 0;
+ /* if it's a character device, assume it's the Fritz!OS private key file from TFFS */
+ return S_ISCHR(sb.st_mode);
+}
+
NOEXPORT int load_key_file(SERVICE_OPTIONS *section) {
- int i, success;
+ int i, success, fritzbox_key;
+
+ fritzbox_key=is_fritzbox_key(section->key);
- s_log(LOG_INFO, "Loading private key from file: %s", section->key);
- if(file_permissions(section->key))
+ s_log(LOG_INFO, "Loading private%s key from file: %s", (fritzbox_key ? " FRITZ!Box" : ""), section->key);
+ if(!fritzbox_key && file_permissions(section->key))
return 1; /* FAILED */
- /* try the cached value first */
set_prompt(section->key);
- SSL_CTX_set_default_passwd_cb(section->ctx, cache_passwd_get_cb);
+ if (fritzbox_key) {
+ /* read the Fritz!Box key */
+ SSL_CTX_set_default_passwd_cb(section->ctx, fritzbox_passwd_get_cb);
+ } else {
+ /* try the cached value first */
+ SSL_CTX_set_default_passwd_cb(section->ctx, cache_passwd_get_cb);
+ }
success=SSL_CTX_use_PrivateKey_file(section->ctx, section->key,
SSL_FILETYPE_PEM);
/* invoke the UI on subsequent calls */