From 69e884a96a308a2bfdd91c7de3a9b301838031c8 Mon Sep 17 00:00:00 2001 From: Mark Thomas Date: Thu, 25 Mar 2021 20:31:51 +0000 Subject: [PATCH] Fix BZ 65181 Improve support for using OpenSSL Engines Improve support for using OpenSSL Engines that use proprietary key formats. Patch provided by Edin Hodizc. https://bz.apache.org/bugzilla/show_bug.cgi?id=65181 --- native/include/ssl_private.h | 1 + native/src/sslcontext.c | 8 +++++++- xdocs/miscellaneous/changelog.xml | 6 ++++++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h index b50bf246d..f6b2840a8 100644 --- a/native/include/ssl_private.h +++ b/native/include/ssl_private.h @@ -51,6 +51,7 @@ */ #ifndef OPENSSL_NO_ENGINE #include +extern ENGINE *tcn_ssl_engine; #endif #ifndef RAND_MAX diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c index f10b55e9f..5d08a781b 100644 --- a/native/src/sslcontext.c +++ b/native/src/sslcontext.c @@ -1034,7 +1034,13 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificate)(TCN_STDARGS, jlong ctx, } } else { - if ((c->keys[idx] = load_pem_key(c, key_file)) == NULL) { + if ((c->keys[idx] = load_pem_key(c, key_file)) == NULL +#ifndef OPENSSL_NO_ENGINE + && tcn_ssl_engine != NULL && + (c->keys[idx] = ENGINE_load_private_key(tcn_ssl_engine, key_file, + NULL, NULL)) == NULL +#endif + ) { ERR_error_string(SSL_ERR_get(), err); tcn_Throw(e, "Unable to load certificate key %s (%s)", key_file, err); diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 5a4379fb3..f9874cce4 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -35,6 +35,12 @@

+ + + 65181: Improve support for using OpenSSL Engines that use + proprietary key formats. Patch provided by Edin Hodizc. (markt) + +