From 69e884a96a308a2bfdd91c7de3a9b301838031c8 Mon Sep 17 00:00:00 2001
From: Mark Thomas
Date: Thu, 25 Mar 2021 20:31:51 +0000
Subject: [PATCH] Fix BZ 65181 Improve support for using OpenSSL Engines
Improve support for using OpenSSL Engines that use proprietary key
formats. Patch provided by Edin Hodizc.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65181
---
native/include/ssl_private.h | 1 +
native/src/sslcontext.c | 8 +++++++-
xdocs/miscellaneous/changelog.xml | 6 ++++++
3 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h
index b50bf246d..f6b2840a8 100644
--- a/native/include/ssl_private.h
+++ b/native/include/ssl_private.h
@@ -51,6 +51,7 @@
*/
#ifndef OPENSSL_NO_ENGINE
#include
+extern ENGINE *tcn_ssl_engine;
#endif
#ifndef RAND_MAX
diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c
index f10b55e9f..5d08a781b 100644
--- a/native/src/sslcontext.c
+++ b/native/src/sslcontext.c
@@ -1034,7 +1034,13 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificate)(TCN_STDARGS, jlong ctx,
}
}
else {
- if ((c->keys[idx] = load_pem_key(c, key_file)) == NULL) {
+ if ((c->keys[idx] = load_pem_key(c, key_file)) == NULL
+#ifndef OPENSSL_NO_ENGINE
+ && tcn_ssl_engine != NULL &&
+ (c->keys[idx] = ENGINE_load_private_key(tcn_ssl_engine, key_file,
+ NULL, NULL)) == NULL
+#endif
+ ) {
ERR_error_string(SSL_ERR_get(), err);
tcn_Throw(e, "Unable to load certificate key %s (%s)",
key_file, err);
diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml
index 5a4379fb3..f9874cce4 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -35,6 +35,12 @@
+
+
+ 65181: Improve support for using OpenSSL Engines that use
+ proprietary key formats. Patch provided by Edin Hodizc. (markt)
+
+