[PATCH 1 of 6] SSL: refactoring of ngx_ssl_certificate method.
Filipe DA SILVA
fdasilva at ingima.com
Thu Apr 9 09:58:27 UTC 2015
Hi,
This is the cleaned and up to date version of 'Multiple server certificate support ' patches.
Reviews and comments are welcome.
Regards,
Filipe da Silva
Ingima
---
# HG changeset patch
# User Filipe da Silva <fdasilva at ingima.com>
# Date 1428509598 -7200
# Wed Apr 08 18:13:18 2015 +0200
# Node ID b7b77cad040db2e8ba542e59183d45072b48a6be
# Parent a70af6f10942d7d21d140049b432081e8c76ba35
SSL: refactoring of ngx_ssl_certificate method.
Split it in two parts to prepare 'Multiple SSL certificate' support.
diff -r a70af6f10942 -r b7b77cad040d src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Tue Apr 07 18:35:33 2015 +0300
+++ b/src/event/ngx_event_openssl.c Wed Apr 08 18:13:18 2015 +0200
@@ -18,6 +18,10 @@ typedef struct {
} ngx_openssl_conf_t;
+static ngx_int_t ngx_ssl_server_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
+ ngx_str_t *cert);
+static ngx_int_t ngx_ssl_private_key(ngx_conf_t *cf, ngx_ssl_t *ssl,
+ ngx_str_t *key, ngx_array_t *passwords);
static int ngx_ssl_password_callback(char *buf, int size, int rwflag,
void *userdata);
static int ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store);
@@ -301,11 +305,26 @@ ngx_int_t
ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
ngx_str_t *key, ngx_array_t *passwords)
{
+ /* load server certificate */
+ if (ngx_ssl_server_certificate(cf, ssl, cert) != NGX_OK)
+ {
+ return NGX_ERROR;
+ }
+ /* load private key */
+ if (ngx_ssl_private_key(cf, ssl, key, passwords) != NGX_OK)
+ {
+ return NGX_ERROR;
+ }
+ return NGX_OK;
+}
+
+
+ngx_int_t
+ngx_ssl_server_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert)
+{
BIO *bio;
X509 *x509;
u_long n;
- ngx_str_t *pwd;
- ngx_uint_t tries;
if (ngx_conf_full_name(cf->cycle, cert, 1) != NGX_OK) {
return NGX_ERROR;
@@ -388,6 +407,17 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_
BIO_free(bio);
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_ssl_private_key(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *key,
+ ngx_array_t *passwords)
+{
+ ngx_str_t *pwd;
+ ngx_uint_t tries;
+
if (ngx_strncmp(key->data, "engine:", sizeof("engine:") - 1) == 0) {
#ifndef OPENSSL_NO_ENGINE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nginx_MultiCert_096.patch
Type: application/octet-stream
Size: 2125 bytes
Desc: nginx_MultiCert_096.patch
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20150409/7ee83c8d/attachment-0001.obj>
More information about the nginx-devel
mailing list