[PATCH] SSL: make ssl_password_file work with recent OpenSSL releases
Maxim Dounin
mdounin at mdounin.ru
Mon Oct 27 16:28:29 UTC 2014
Hello!
On Mon, Oct 27, 2014 at 04:55:28PM +0300, Sergey Kandaurov wrote:
> On Oct 24, 2014, at 3:29 PM, Piotr Sikora <piotr at cloudflare.com> wrote:
> > # HG changeset patch
> > # User Piotr Sikora <piotr at cloudflare.com>
> > # Date 1414150080 25200
> > # Fri Oct 24 04:28:00 2014 -0700
> > # Node ID f71b843694fc2be7eabb9313aa82fb87e83210d6
> > # Parent 973fded4f461f3a397779b3a1dc80881b1b34974
> > SSL: make ssl_password_file work with recent OpenSSL releases.
>
> I updated the patch to cover the pem file in PKCS#8 format
> that is matched with PEM_STRING_PKCS8.
>
> diff -r 973fded4f461 -r 8c59ef63e7c0 src/event/ngx_event_openssl.c
> --- a/src/event/ngx_event_openssl.c Wed Oct 15 22:57:23 2014 +0400
> +++ b/src/event/ngx_event_openssl.c Mon Oct 27 13:19:01 2014 +0300
> @@ -410,8 +410,12 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_
> if (ERR_GET_LIB(n) == ERR_LIB_CIPHER
> && ERR_GET_REASON(n) == CIPHER_R_BAD_DECRYPT)
> #else
> - if (ERR_GET_LIB(n) == ERR_LIB_EVP
> - && ERR_GET_REASON(n) == EVP_R_BAD_DECRYPT)
> + if ((ERR_GET_LIB(n) == ERR_LIB_PEM
> + && ERR_GET_REASON(n) == PEM_R_BAD_DECRYPT)
> + || (ERR_GET_LIB(n) == ERR_LIB_EVP
> + && ERR_GET_REASON(n) == EVP_R_BAD_DECRYPT)
> + || (ERR_GET_LIB(n) == ERR_LIB_PKCS12
> + && ERR_GET_REASON(n) == PKCS12_R_PKCS12_CIPHERFINAL_ERROR))
> #endif
> {
> ERR_clear_error();
Is OPENSSL_IS_BORINGSSL part also needs changes for PKCS12?
Also, indentation looks wrong for me.
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list