[PATCH 2 of 4] SSL: return temporary RSA key only when the key length matches
Piotr Sikora
piotr at cloudflare.com
Sun Jul 6 23:50:49 UTC 2014
# HG changeset patch
# User Piotr Sikora <piotr at cloudflare.com>
# Date 1404690073 25200
# Sun Jul 06 16:41:13 2014 -0700
# Node ID 2ca8a17cedfd35da799b258d5d17427d7bee62b2
# Parent 8c3e64571adf1ff45fa40559f761ea317e29d474
SSL: return temporary RSA key only when the key length matches.
This change is mostly cosmetic, because in practice this callback
is used only for 512-bit RSA keys.
Signed-off-by: Piotr Sikora <piotr at cloudflare.com>
diff -r 8c3e64571adf -r 2ca8a17cedfd src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Sun Jul 06 16:41:13 2014 -0700
+++ b/src/event/ngx_event_openssl.c Sun Jul 06 16:41:13 2014 -0700
@@ -652,10 +652,12 @@ ngx_ssl_rsa512_key_callback(ngx_ssl_conn
{
static RSA *key;
- if (key_length == 512) {
- if (key == NULL) {
- key = RSA_generate_key(512, RSA_F4, NULL, NULL);
- }
+ if (key_length != 512) {
+ return NULL;
+ }
+
+ if (key == NULL) {
+ key = RSA_generate_key(512, RSA_F4, NULL, NULL);
}
return key;
More information about the nginx-devel
mailing list