isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use SSL_FILETYPE_PEM with SSL_CTX_use_PrivateKey_file, not X509_FILETYPE_PEM

Browse Source 
While they are defined to the same value in OpenSSL one should not
rely on this.
This commit is contained in:
Todd C. Miller
2021-10-24 14:47:49 -06:00
parent a808f8e7e5
commit 8a9c8794d0
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
logsrvd/tls_init.c
View File

@@ -324,7 +324,7 @@ init_tls_context(const char *ca_bundle_file, const char *cert_file,
/* No explicit key file set, try to use the cert file. */ /* No explicit key file set, try to use the cert file. */
key_file = cert_file; key_file = cert_file;
} }
if (!SSL_CTX_use_PrivateKey_file(ctx, key_file, X509_FILETYPE_PEM) || if (!SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) ||
!SSL_CTX_check_private_key(ctx)) { !SSL_CTX_check_private_key(ctx)) {
errstr = ERR_reason_error_string(ERR_get_error()); errstr = ERR_reason_error_string(ERR_get_error());
sudo_warnx(U_("%s: %s"), key_file, errstr); sudo_warnx(U_("%s: %s"), key_file, errstr);