[PATCH] SSL: Set engine passed in ssl_certificate_key as default

Anderson Sasaki ansasaki at redhat.com
Mon Apr 30 10:05:56 UTC 2018 

Hello,

Following there are two patches, one adding the call to set the engine as default for all methods and the other restricting the engine to be the default only for PKEY methods.
For me makes sense to have the engine as default only for PKEY methods.

Best Regards,
Anderson

# HG changeset patch
# User Anderson Toshiyuki Sasaki <ansasaki at redhat.com>
# Date 1525082320 -7200
#      Mon Apr 30 11:58:40 2018 +0200
# Node ID 07278e8f9b731a7b78b62c6f1826f71967d31fd7
# Parent  46c0c7ef4913011f3f1e073f9ac880b07b1a8154
SSL: Set engine passed in ssl_certificate_key as default
Set the engine as the default OpenSSL engine.

diff -r 46c0c7ef4913 -r 07278e8f9b73 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c     Wed Apr 25 14:57:24 2018 +0300
+++ b/src/event/ngx_event_openssl.c     Mon Apr 30 11:58:40 2018 +0200
@@ -527,6 +527,14 @@
             return NGX_ERROR;
         }
 
+        if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) {
+            ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+                          "ENGINE_set_default(engine, ENGINE_METHOD_ALL) "
+                          "failed");
+            ENGINE_free(engine);
+            return NGX_ERROR;
+        }
+
         *last++ = ':';
 
         pkey = ENGINE_load_private_key(engine, (char *) last, 0, 0);
# HG changeset patch
# User Anderson Toshiyuki Sasaki <ansasaki at redhat.com>
# Date 1525082330 -7200
#      Mon Apr 30 11:58:50 2018 +0200
# Node ID 5573a6df976204207445f78ee1e0d047a60f6511
# Parent  07278e8f9b731a7b78b62c6f1826f71967d31fd7
SSL: Set default engine only for PKEY methods
Set the engine passed in ssl_certificate_key directive as default only
for PKEY methods.

diff -r 07278e8f9b73 -r 5573a6df9762 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c     Mon Apr 30 11:58:40 2018 +0200
+++ b/src/event/ngx_event_openssl.c     Mon Apr 30 11:58:50 2018 +0200
@@ -527,10 +527,10 @@
             return NGX_ERROR;
         }
 
-        if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) {
+        if (ENGINE_set_default(engine, ENGINE_METHOD_PKEY_METHS) == 0) {
             ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
-                          "ENGINE_set_default(engine, ENGINE_METHOD_ALL) "
-                          "failed");
+                          "ENGINE_set_default(engine, ENGINE_METHOD_PKEY_METHS)"
+                          " failed");
             ENGINE_free(engine);
             return NGX_ERROR;
         }

More information about the nginx-devel mailing list