From f94e341a0314bc956726e11dfb435e09b7ee696f Mon Sep 17 00:00:00 2001
From: Shauren <shauren.trinity@gmail.com>
Date: Wed, 26 Jul 2023 20:59:15 +0200
Subject: Core/Bnet: Support password protected private keys

---
 src/server/bnetserver/Server/SslContext.cpp | 11 ++++++++---
 src/server/bnetserver/bnetserver.conf.dist  |  7 +++++++
 2 files changed, 15 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/server/bnetserver/Server/SslContext.cpp b/src/server/bnetserver/Server/SslContext.cpp
index d40698ef9f6..69cb1b1f8db 100644
--- a/src/server/bnetserver/Server/SslContext.cpp
+++ b/src/server/bnetserver/Server/SslContext.cpp
@@ -16,8 +16,8 @@
  */
 
 #include "SslContext.h"
-#include "Log.h"
 #include "Config.h"
+#include "Log.h"
 
 bool Battlenet::SslContext::Initialize()
 {
@@ -33,7 +33,12 @@ bool Battlenet::SslContext::Initialize()
     std::string certificateChainFile = sConfigMgr->GetStringDefault("CertificatesFile", "./bnetserver.cert.pem");
     std::string privateKeyFile = sConfigMgr->GetStringDefault("PrivateKeyFile", "./bnetserver.key.pem");
 
-    LOAD_CHECK(instance().set_options(boost::asio::ssl::context::no_sslv3, err));
+    auto passwordCallback = [](std::size_t /*max_length*/, boost::asio::ssl::context::password_purpose /*purpose*/) -> std::string
+    {
+        return sConfigMgr->GetStringDefault("PrivateKeyPassword", "");
+    };
+
+    LOAD_CHECK(instance().set_password_callback(passwordCallback, err));
     LOAD_CHECK(instance().use_certificate_chain_file(certificateChainFile, err));
     LOAD_CHECK(instance().use_private_key_file(privateKeyFile, boost::asio::ssl::context::pem, err));
 
@@ -44,6 +49,6 @@ bool Battlenet::SslContext::Initialize()
 
 boost::asio::ssl::context& Battlenet::SslContext::instance()
 {
-    static boost::asio::ssl::context context(boost::asio::ssl::context::sslv23);
+    static boost::asio::ssl::context context(boost::asio::ssl::context::tls);
     return context;
 }
diff --git a/src/server/bnetserver/bnetserver.conf.dist b/src/server/bnetserver/bnetserver.conf.dist
index 9aecb28297b..bd74ad5ab90 100644
--- a/src/server/bnetserver/bnetserver.conf.dist
+++ b/src/server/bnetserver/bnetserver.conf.dist
@@ -111,6 +111,13 @@ CertificatesFile = "./bnetserver.cert.pem"
 
 PrivateKeyFile = "./bnetserver.key.pem"
 
+#
+#    PrivateKeyPassword
+#        Description: Password used to encrypt private key.
+#        Default:     ""
+
+PrivateKeyPassword = ""
+
 #
 #    UseProcessors
 #        Description: Processors mask for Windows and Linux based multi-processor systems.
-- 
cgit v1.2.3