[PATCH 1 of 6] SSL: refactoring of ngx_ssl_certificate method.

Filipe DA SILVA fdasilva at ingima.com
Thu Apr 9 09:58:27 UTC 2015


Hi, 

This is the cleaned and up to date version of 'Multiple server certificate support ' patches.

Reviews and comments are welcome.

Regards,
Filipe da Silva
Ingima

---
# HG changeset patch
# User Filipe da Silva <fdasilva at ingima.com>
# Date 1428509598 -7200
#      Wed Apr 08 18:13:18 2015 +0200
# Node ID b7b77cad040db2e8ba542e59183d45072b48a6be
# Parent  a70af6f10942d7d21d140049b432081e8c76ba35
SSL: refactoring of ngx_ssl_certificate method.
Split it in two parts to prepare 'Multiple SSL certificate' support.

diff -r a70af6f10942 -r b7b77cad040d src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c	Tue Apr 07 18:35:33 2015 +0300
+++ b/src/event/ngx_event_openssl.c	Wed Apr 08 18:13:18 2015 +0200
@@ -18,6 +18,10 @@ typedef struct {
 } ngx_openssl_conf_t;
 
 
+static ngx_int_t ngx_ssl_server_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
+    ngx_str_t *cert);
+static ngx_int_t ngx_ssl_private_key(ngx_conf_t *cf, ngx_ssl_t *ssl,
+    ngx_str_t *key, ngx_array_t *passwords);
 static int ngx_ssl_password_callback(char *buf, int size, int rwflag,
     void *userdata);
 static int ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store);
@@ -301,11 +305,26 @@ ngx_int_t
 ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
     ngx_str_t *key, ngx_array_t *passwords)
 {
+    /* load server certificate */
+    if (ngx_ssl_server_certificate(cf, ssl, cert) != NGX_OK)
+    {
+        return NGX_ERROR;
+    }
+    /* load private key */
+    if (ngx_ssl_private_key(cf, ssl, key, passwords) != NGX_OK)
+    {
+        return NGX_ERROR;
+    }
+    return NGX_OK;
+}
+
+
+ngx_int_t
+ngx_ssl_server_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert)
+{
     BIO         *bio;
     X509        *x509;
     u_long       n;
-    ngx_str_t   *pwd;
-    ngx_uint_t   tries;
 
     if (ngx_conf_full_name(cf->cycle, cert, 1) != NGX_OK) {
         return NGX_ERROR;
@@ -388,6 +407,17 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_
 
     BIO_free(bio);
 
+    return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_ssl_private_key(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *key,
+    ngx_array_t *passwords)
+{
+    ngx_str_t   *pwd;
+    ngx_uint_t   tries;
+
     if (ngx_strncmp(key->data, "engine:", sizeof("engine:") - 1) == 0) {
 
 #ifndef OPENSSL_NO_ENGINE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nginx_MultiCert_096.patch
Type: application/octet-stream
Size: 2125 bytes
Desc: nginx_MultiCert_096.patch
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20150409/7ee83c8d/attachment-0001.obj>


More information about the nginx-devel mailing list