Fix BZ 65181 Improve support for using OpenSSL Engines

Improve support for using OpenSSL Engines that use proprietary key formats. Patch provided by Edin Hodizc. https://bz.apache.org/bugzilla/show_bug.cgi?id=65181
apache · Mar 25, 2021 · 69e884a · 69e884a
1 parent 9f984b5
commit 69e884a
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 1 deletion.
diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h
@@ -51,6 +51,7 @@
  */
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
+extern ENGINE *tcn_ssl_engine;
 #endif
 
 #ifndef RAND_MAX

diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c
@@ -1034,7 +1034,13 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificate)(TCN_STDARGS, jlong ctx,
         }
     }
     else {
-        if ((c->keys[idx] = load_pem_key(c, key_file)) == NULL) {
+        if ((c->keys[idx] = load_pem_key(c, key_file)) == NULL
+#ifndef OPENSSL_NO_ENGINE
+                && tcn_ssl_engine != NULL &&
+                (c->keys[idx] = ENGINE_load_private_key(tcn_ssl_engine, key_file,
+                                                        NULL, NULL)) == NULL
+#endif
+                ) {
             ERR_error_string(SSL_ERR_get(), err);
             tcn_Throw(e, "Unable to load certificate key %s (%s)",
                       key_file, err);

diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml
@@ -35,6 +35,12 @@
   </p>
 </section>
 <section name="Changes in 1.2.27">
+  <changelog>
+    <add>
+      <bug>65181</bug>: Improve support for using OpenSSL Engines that use
+      proprietary key formats. Patch provided by Edin Hodizc. (markt)
+    </add>
+  </changelog>
 </section>
 <section name="Changes in 1.2.26">
   <changelog>