From 85c3a03aecf12d552e3cc2356bb36385e783dc4a Mon Sep 17 00:00:00 2001
From: Jay Weisskopf <jay@jayschwa.net>
Date: Wed, 1 Feb 2012 23:57:33 -0600
Subject: [PATCH] Assume a private key is RSA if the header does not specify a
 type.

Auto-generated certificates are RSA, but the header does not indicate
this (e.g. BEGIN PRIVATE KEY). Since the type is not specified,
the certificate was not being parsed correctly, and attempts to
connect over HTTPS failed and caused web browser errors.

Fixes "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" in Chrome.
Fixes "ssl_error_no_cypher_overlap" in Firefox.
---
 libhttp/ssl.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/libhttp/ssl.c b/libhttp/ssl.c
index ceb2eb8..ba92133 100755
--- a/libhttp/ssl.c
+++ b/libhttp/ssl.c
@@ -489,7 +489,7 @@ static int sslSetCertificateFromFd(SSL_CTX *context, int fd) {
   const unsigned char *data    = sslSecureReadASCIIFileToMem(fd);
   check(!NOINTR(close(fd)));
   long dataSize                = (long)strlen((const char *)data);
-  long certSize, rsaSize, dsaSize, ecSize;
+  long certSize, rsaSize, dsaSize, ecSize, notypeSize;
   const unsigned char *record;
   const unsigned char *cert    = sslPEMtoASN1(data, "CERTIFICATE", &certSize,
                                               &record);
@@ -499,21 +499,26 @@ static int sslSetCertificateFromFd(SSL_CTX *context, int fd) {
                                               NULL);
   const unsigned char *ec      = sslPEMtoASN1(data, "EC PRIVATE KEY",  &ecSize,
                                               NULL);
+  const unsigned char *notype  = sslPEMtoASN1(data, "PRIVATE KEY", &notypeSize,
+                                              NULL);
   if (certSize && (rsaSize || dsaSize
 #ifdef EVP_PKEY_EC
                                       || ecSize
 #endif
-                                               ) &&
+                                                || notypeSize) &&
       SSL_CTX_use_certificate_ASN1(context, certSize, cert) &&
       (!rsaSize ||
        SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_RSA, context, rsa, rsaSize)) &&
       (!dsaSize ||
-       SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_DSA, context, dsa, dsaSize))
+       SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_DSA, context, dsa, dsaSize)) &&
 #ifdef EVP_PKEY_EC
-      &&
       (!ecSize ||
-       SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_EC, context, ec, ecSize))
+       SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_EC, context, ec, ecSize)) &&
 #endif
+      // Assume a private key is RSA if the header does not specify a type.
+      // (e.g. BEGIN PRIVATE KEY)
+      (!notypeSize ||
+       SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_RSA, context, notype, notypeSize))
       ) {
     memset((char *)cert, 0, certSize);
     free((char *)cert);
@@ -549,6 +554,8 @@ static int sslSetCertificateFromFd(SSL_CTX *context, int fd) {
   free((char *)dsa);
   memset((char *)ec, 0, ecSize);
   free((char *)ec);
+  memset((char *)notype, 0, notypeSize);
+  free((char *)notype);
   return rc;
 }