diff options
| author | Anthony Neal <aneal@zeroc.com> | 2002-04-17 21:16:00 +0000 |
|---|---|---|
| committer | Anthony Neal <aneal@zeroc.com> | 2002-04-17 21:16:00 +0000 |
| commit | 93c63dbc7c80264262bf354b988e0911e1c7ee2e (patch) | |
| tree | 7112c202757d9a471d9d39f5374e9034bd7e371c /cpp/src/Ice/ContextOpenSSL.cpp | |
| parent | test script now halt in case of an error (diff) | |
| download | ice-93c63dbc7c80264262bf354b988e0911e1c7ee2e.tar.bz2 ice-93c63dbc7c80264262bf354b988e0911e1c7ee2e.tar.xz ice-93c63dbc7c80264262bf354b988e0911e1c7ee2e.zip | |
Added passphrase retry capability.
Diffstat (limited to 'cpp/src/Ice/ContextOpenSSL.cpp')
| -rw-r--r-- | cpp/src/Ice/ContextOpenSSL.cpp | 48 |
1 files changed, 46 insertions, 2 deletions
diff --git a/cpp/src/Ice/ContextOpenSSL.cpp b/cpp/src/Ice/ContextOpenSSL.cpp index e0885f456b3..7c9565ba103 100644 --- a/cpp/src/Ice/ContextOpenSSL.cpp +++ b/cpp/src/Ice/ContextOpenSSL.cpp @@ -113,6 +113,13 @@ IceSSL::OpenSSL::Context::configure(const GeneralConfig& generalConfig, // Set the certificate verify depth SSL_CTX_set_verify_depth(_sslContext, generalConfig.getVerifyDepth()); + // Determine the number of retries the user gets on passphrase entry. + std::string passphraseRetries = _properties->getPropertyWithDefault(_passphraseRetriesProperty, + _maxPassphraseRetriesDefault); + int retries = atoi(passphraseRetries.c_str()); + retries = (retries < 0 ? 0 : retries); + _maxPassphraseTries = retries + 1; + // Process the RSA Certificate setKeyCert(baseCertificates.getRSACert(), _rsaPrivateKeyProperty, _rsaPublicKeyProperty); @@ -141,6 +148,8 @@ IceSSL::OpenSSL::Context::Context(const IceInternal::InstancePtr& instance) : _certificateVerifier = new DefaultCertificateVerifier(instance); _sslContext = 0; + + _maxPassphraseRetriesDefault = "4"; } SSL_METHOD* @@ -392,8 +401,43 @@ IceSSL::OpenSSL::Context::addKeyCert(const CertificateFile& privateKey, const Ce privKeyFileType = publicEncoding; } - // Set which Private Key file to use. - if (SSL_CTX_use_PrivateKey_file(_sslContext, privKeyFile, privKeyFileType) <= 0) + int retryCount = 0; + int pkLoadResult; + int errCode = 0; + + while (retryCount != _maxPassphraseTries) + { + // We ignore the errors and remove them from the stack. + std::string errorString = sslGetErrors(); + + // Set which Private Key file to use. + pkLoadResult = SSL_CTX_use_PrivateKey_file(_sslContext, privKeyFile, privKeyFileType); + + if (pkLoadResult <= 0) + { + errCode = ERR_GET_REASON(ERR_peek_error()); + } + else + { + // The load went fine - continue on. + break; + } + + // PEM errors, most likely related to a bad passphrase. + if (errCode != PEM_R_BAD_PASSWORD_READ && + errCode != PEM_R_BAD_DECRYPT && + errCode != PEM_R_BAD_BASE64_DECODE) + { + // Other errors get dealt with below. + break; + } + + std::cout << "Passphrase error!" << std::endl; + + retryCount++; + } + + if (pkLoadResult <= 0) { int errCode = ERR_GET_REASON(ERR_peek_error()); |