On 02/12/17 00:08, David Benjamin wrote: > Hi folks, > > I've attached two patches that I think tidy up the logic around > OpenSSL private key loading and passwords. > > The first just removes an unnecessary strdup. That parameter isn't > mutated or anything, it's just a generic data argument to the same > callback that you pass in. > > The second avoids using the SSL(_CTX) default password callback > altogether. Since you all use it for one-off calls anyway, it ends up > being a little cumbersome as you must set and unset them. Further, you > end up mutating the SSL_CTX after SSLs have been created, which isn't > generally safe. Rather, I think it's cleaner to just pass the password > into the PEM_read_bio_PrivateKey call yourself. The SSL-level > functions are merely convenience routines on top of this. This also > allows abstracting away the DER/PEM fallback code. (It also avoids a > mess of OpenSSL version variability.) Thanks, I was dealing with issues around this a week ago or so in Debian's wpa-supplicant package, and I will ship your patch instead of whatever I'm currently shipping now that Jouni has applied this upstream. -- Cheers, Andrew _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
