Fix PKCS#12 use with OpenSSL 1.0.0
Add 40-bit RC2 CBC explicitly since OpenSSL 1.0.0 does not seem to that anymore with PKCS12_PBE_add(). Furthermore, at least 1.0.0-beta4 crashes if the needed cipher is not registered when parsing the PKCS#12 data (this crashing part should be fixed in newer 1.0.0 versions) Following bug reports are related to the issue: https://bugzilla.redhat.com/show_bug.cgi?id=541924 https://bugzilla.redhat.com/show_bug.cgi?id=538851 http://rt.openssl.org/Ticket/Display.html?id=2127 http://rt.openssl.org/Ticket/Display.html?id=2128
This commit is contained in:
parent
d97572a40f
commit
1056dad796
1 changed files with 9 additions and 0 deletions
|
@ -695,6 +695,15 @@ void * tls_init(const struct tls_config *conf)
|
|||
* be added here. */
|
||||
|
||||
#ifdef PKCS12_FUNCS
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
/*
|
||||
* 40-bit RC2 is commonly used in PKCS#12 files, so enable it.
|
||||
* This is enabled by PKCS12_PBE_add() in OpenSSL 0.9.8
|
||||
* versions, but it looks like OpenSSL 1.0.0 does not do that
|
||||
* anymore.
|
||||
*/
|
||||
EVP_add_cipher(EVP_rc2_40_cbc());
|
||||
#endif /* OPENSSL_NO_RC2 */
|
||||
PKCS12_PBE_add();
|
||||
#endif /* PKCS12_FUNCS */
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue