[PATCH] SSL: make ssl_password_file work with recent OpenSSL releases

Fri Oct 24 11:29:27 UTC 2014

# HG changeset patch
# User Piotr Sikora <piotr at cloudflare.com>
# Date 1414150080 25200
#      Fri Oct 24 04:28:00 2014 -0700
# Node ID f71b843694fc2be7eabb9313aa82fb87e83210d6
# Parent  973fded4f461f3a397779b3a1dc80881b1b34974
SSL: make ssl_password_file work with recent OpenSSL releases.

Multiple passwords in a single ssl_password_file feature was broken after
recent OpenSSL changes (commit 4aac102f75b517bdb56b1bcfd0a856052d559f6e).

Affected OpenSSL releases: 0.9.8zc, 1.0.0o, 1.0.1j and 1.0.2-beta3.

Signed-off-by: Piotr Sikora <piotr at cloudflare.com>

diff -r 973fded4f461 -r f71b843694fc src/event/ngx_event_openssl.c

--- a/src/event/ngx_event_openssl.c	Wed Oct 15 22:57:23 2014 +0400
+++ b/src/event/ngx_event_openssl.c	Fri Oct 24 04:28:00 2014 -0700
@@ -410,8 +410,10 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_
             if (ERR_GET_LIB(n) == ERR_LIB_CIPHER
                 && ERR_GET_REASON(n) == CIPHER_R_BAD_DECRYPT)
 #else
-            if (ERR_GET_LIB(n) == ERR_LIB_EVP
-                && ERR_GET_REASON(n) == EVP_R_BAD_DECRYPT)
+            if ((ERR_GET_LIB(n) == ERR_LIB_PEM
+                 && ERR_GET_REASON(n) == PEM_R_BAD_DECRYPT)
+                || (ERR_GET_LIB(n) == ERR_LIB_EVP
+                    && ERR_GET_REASON(n) == EVP_R_BAD_DECRYPT))
 #endif
             {
                 ERR_clear_error();

