refrain from putting password in cache key

2025-04-23 00:41:02 +00:00 · 2020-01-20 14:06:26 +00:00 · 2020-01-20 14:06:26 +00:00 · 4549f56bc6
commit 4549f56bc6
parent 788595363f
2 changed files with 9 additions and 3 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+2020-01-20  Richard Frith-Macdonald <rfm@gnu.org>
+
+	* Source/GSTLS.m: remove certificate key password from hash key of
+	credentials since it's unnecessary there and we don't want it to be
+	logged when debug is on (for security, passwords shouldn't appear
+	in logs).
+
 2020-01-12  Fred Kiefer <fredkiefer@gmx.de>

 	* Source/NSPredicate.m: Add support for NSDate constants.
--- a/Source/GSTLS.m
+++ b/Source/GSTLS.m
@ -1117,7 +1117,8 @@ static NSMutableDictionary      *credentialsCache = nil;
  NSMutableString       *k;

  /* Build a unique key for the credentials based on all the
-   * information (file names and password) used to build them.
+   * information used to build them (apart from password used
+   * to load the key).
   */
  k = [NSMutableString stringWithCapacity: 1024];
  ca = standardizedPath(ca);
@ -1133,8 +1134,6 @@ static NSMutableDictionary      *credentialsCache = nil;
  if (nil != cf) [k appendString: cf];
  [k appendString: @":"];
  if (nil != ck) [k appendString: ck];
-  [k appendString: @":"];
-  if (nil != cp) [k appendString: cp];

  [credentialsLock lock];
  c = [credentialsCache objectForKey: k];