git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6412 e7ae566f-a301-0410-adde-c780ea21d3b5
James Yonan authored on 2010/08/29 14:24:15... | ... |
@@ -5680,6 +5680,12 @@ add_option (struct options *options, |
5680 | 5680 |
{ |
5681 | 5681 |
VERIFY_PERMISSION (OPT_P_GENERAL); |
5682 | 5682 |
options->pkcs12_file = p[1]; |
5683 |
+#if ENABLE_INLINE_FILES |
|
5684 |
+ if (streq (p[1], INLINE_FILE_TAG) && p[2]) |
|
5685 |
+ { |
|
5686 |
+ options->pkcs12_file_inline = p[2]; |
|
5687 |
+ } |
|
5688 |
+#endif |
|
5683 | 5689 |
} |
5684 | 5690 |
else if (streq (p[0], "askpass")) |
5685 | 5691 |
{ |
... | ... |
@@ -473,6 +473,7 @@ struct options |
473 | 473 |
const char *cert_file_inline; |
474 | 474 |
char *priv_key_file_inline; |
475 | 475 |
const char *dh_file_inline; |
476 |
+ const char *pkcs12_file_inline; /* contains the base64 encoding of pkcs12 file */ |
|
476 | 477 |
#endif |
477 | 478 |
|
478 | 479 |
int ns_cert_type; /* set to 0, NS_SSL_SERVER, or NS_SSL_CLIENT */ |
... | ... |
@@ -1514,23 +1514,41 @@ init_ssl (const struct options *options) |
1514 | 1514 |
|
1515 | 1515 |
if (options->pkcs12_file) |
1516 | 1516 |
{ |
1517 |
- /* Use PKCS #12 file for key, cert and CA certs */ |
|
1517 |
+ /* Use PKCS #12 file for key, cert and CA certs */ |
|
1518 | 1518 |
|
1519 | 1519 |
FILE *fp; |
1520 | 1520 |
EVP_PKEY *pkey; |
1521 | 1521 |
X509 *cert; |
1522 | 1522 |
STACK_OF(X509) *ca = NULL; |
1523 |
- PKCS12 *p12; |
|
1523 |
+ PKCS12 *p12=NULL; |
|
1524 | 1524 |
int i; |
1525 | 1525 |
char password[256]; |
1526 | 1526 |
|
1527 |
- /* Load the PKCS #12 file */ |
|
1528 |
- if (!(fp = fopen(options->pkcs12_file, "rb"))) |
|
1529 |
- msg (M_SSLERR, "Error opening file %s", options->pkcs12_file); |
|
1530 |
- p12 = d2i_PKCS12_fp(fp, NULL); |
|
1531 |
- fclose (fp); |
|
1532 |
- if (!p12) msg (M_SSLERR, "Error reading PKCS#12 file %s", options->pkcs12_file); |
|
1533 |
- |
|
1527 |
+#if ENABLE_INLINE_FILES |
|
1528 |
+ if (!strcmp (options->pkcs12_file, INLINE_FILE_TAG) && options->pkcs12_file_inline) |
|
1529 |
+ { |
|
1530 |
+ BIO *b64 = BIO_new (BIO_f_base64()); |
|
1531 |
+ BIO *bio = BIO_new_mem_buf ((void *)options->pkcs12_file_inline, (int)strlen(options->pkcs12_file_inline)); |
|
1532 |
+ ASSERT(b64 && bio); |
|
1533 |
+ BIO_push (b64, bio); |
|
1534 |
+ p12 = d2i_PKCS12_bio(b64, NULL); |
|
1535 |
+ if (!p12) |
|
1536 |
+ msg (M_SSLERR, "Error reading inline PKCS#12 file"); |
|
1537 |
+ BIO_free (b64); |
|
1538 |
+ BIO_free (bio); |
|
1539 |
+ } |
|
1540 |
+ else |
|
1541 |
+#endif |
|
1542 |
+ { |
|
1543 |
+ /* Load the PKCS #12 file */ |
|
1544 |
+ if (!(fp = fopen(options->pkcs12_file, "rb"))) |
|
1545 |
+ msg (M_SSLERR, "Error opening file %s", options->pkcs12_file); |
|
1546 |
+ p12 = d2i_PKCS12_fp(fp, NULL); |
|
1547 |
+ fclose (fp); |
|
1548 |
+ if (!p12) |
|
1549 |
+ msg (M_SSLERR, "Error reading PKCS#12 file %s", options->pkcs12_file); |
|
1550 |
+ } |
|
1551 |
+ |
|
1534 | 1552 |
/* Parse the PKCS #12 file */ |
1535 | 1553 |
if (!PKCS12_parse(p12, "", &pkey, &cert, &ca)) |
1536 | 1554 |
{ |
... | ... |
@@ -1539,8 +1557,12 @@ init_ssl (const struct options *options) |
1539 | 1539 |
ca = NULL; |
1540 | 1540 |
if (!PKCS12_parse(p12, password, &pkey, &cert, &ca)) |
1541 | 1541 |
{ |
1542 |
+#ifdef ENABLE_MANAGEMENT |
|
1543 |
+ if (management && (ERR_GET_REASON (ERR_peek_error()) == PKCS12_R_MAC_VERIFY_FAILURE)) |
|
1544 |
+ management_auth_failure (management, UP_TYPE_PRIVATE_KEY, NULL); |
|
1545 |
+#endif |
|
1542 | 1546 |
PKCS12_free(p12); |
1543 |
- msg (M_WARN|M_SSL, "Error parsing PKCS#12 file %s", options->pkcs12_file); |
|
1547 |
+ msg (M_INFO, "OpenSSL ERROR code: %d", (ERR_GET_REASON (ERR_peek_error()))); // fixme |
|
1544 | 1548 |
goto err; |
1545 | 1549 |
} |
1546 | 1550 |
} |