[PATCH] SSL: make ssl_password_file work with recent OpenSSL releases
Piotr Sikora
piotr at cloudflare.com
Mon Oct 27 23:51:37 UTC 2014
Hey Sergey,
> diff -r 973fded4f461 -r 8c59ef63e7c0 src/event/ngx_event_openssl.h
> --- a/src/event/ngx_event_openssl.h Wed Oct 15 22:57:23 2014 +0400
> +++ b/src/event/ngx_event_openssl.h Mon Oct 27 13:19:01 2014 +0300
> @@ -22,6 +22,7 @@
> #include <openssl/engine.h>
> #endif
> #include <openssl/evp.h>
> +#include <openssl/pkcs12.h>
> #ifndef OPENSSL_NO_OCSP
> #include <openssl/ocsp.h>
> #endif
This should be added after ocsp.h, ideally guarded for OpenSSL only, i.e.:
+#ifndef OPENSSL_IS_BORINGSSL
+#include <openssl/pkcs12.h>
+#endif
I've looked into BoringSSL and it supports PKCS#8 private keys with
encrypted with PKCS#12 compatible algorithms even now, without any
changes in nginx, because it reports bad passwords using the same
error code as for traditional private keys (i.e.
CIPHER_R_BAD_DECRYPT).
Best regards,
Piotr Sikora
More information about the nginx-devel
mailing list