This fixes one case in which an unencrypted private key file was not recognized at all, and two cases where an unnecessary password prompt showed up and forced the user to submit an empty password to proceed. As a side effect of harmonizing the OpenSSL and GnuTLS load_pkcs12_certificate password loops, OpenSSL builds are less noisy than before when reporting bad PKCS#12 passwords. I can change this back if it is a problem. I still see a minor inconsistency between PEM and PKCS#12 handling on OpenSSL. Not sure if it's worth fixing: 1) PEM cert requires a password, but the user just hits enter and is_pem_password_error() gives up: Using client certificate '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=somegroup/CN=test' Enter PEM pass phrase: 140006881695456:error:0907B068:PEM routines:PEM_READ_BIO_PRIVATEKEY:bad password read:pem_pkey.c:109: Loading private key failed (see above errors) Loading certificate failed. Aborting. Failed to open HTTPS connection to asa <aborts> 2) PEM cert requires a password, but the user enters the wrong password so OpenSSL keeps asking: Using client certificate '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=somegroup/CN=test' Enter PEM pass phrase: 139850861938400:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:539: Loading private key failed (wrong passphrase?) Enter PEM pass phrase: 139850861938400:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:539: Loading private key failed (wrong passphrase?) Enter PEM pass phrase: 139850861938400:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:539: Loading private key failed (wrong passphrase?) Enter PEM pass phrase: <keeps prompting forever> 3) PKCS#12 cert requires a password; user hits enter OR types the wrong password. OpenSSL keeps asking: Enter PKCS#12 pass phrase: Failed to decrypt PKCS#12 certificate file Enter PKCS#12 pass phrase: Failed to decrypt PKCS#12 certificate file Enter PKCS#12 pass phrase: Failed to decrypt PKCS#12 certificate file Enter PKCS#12 pass phrase: <keeps prompting forever> Kevin Cernekee (3): gnutls: Handle empty (but not NULL) passwords on PKCS#12 certs openssl: Skip password prompt on unencrypted PKCS#12 files openssl: Support unencrypted PKCS#8 private keys gnutls.c | 10 +++++++++- openssl.c | 24 +++++++++++++----------- 2 files changed, 22 insertions(+), 12 deletions(-) -- 1.7.9.5