commit | 12731158c75c8760a8bea06350eeb3e763fe1a07 | [log] [tgz] |
---|---|---|
author | Damien Miller <djm@mindrot.org> | Thu Oct 11 10:29:29 2018 +1100 |
committer | Damien Miller <djm@mindrot.org> | Thu Oct 11 10:29:29 2018 +1100 |
tree | c15f50b311052db4212680b829f40fe0298c0dde | |
parent | d1d301a1dd5d6cc3a9ed93ab7ab09dda4cb456e0 [diff] |
supply callback to PEM_read_bio_PrivateKey OpenSSL 1.1.0i has changed the behaviour of their PEM APIs, so that empty passphrases are interpreted differently. This probabalistically breaks loading some keys, because the PEM format is terrible and doesn't include a proper MAC. Avoid this by providing a basic callback to avoid passing empty passphrases to OpenSSL in cases where one is required. Based on patch from Jakub Jelen in bz#2913; ok dtucker@