mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-08 02:02:38 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

SSL: simplified ssl_password_file error handling.

Browse Source 
Instead of collecting a number of the possible SSL_CTX_use_PrivateKey_file()
error codes that becomes more and more difficult with the rising variety of
OpenSSL versions and its derivatives, just continue with the next password.

Multiple passwords in a single ssl_password_file feature was broken after
recent OpenSSL changes (commit 4aac102f75b517bdb56b1bcfd0a856052d559f6e).

Affected OpenSSL releases: 0.9.8zc, 1.0.0o, 1.0.1j and 1.0.2-beta3.

Reported by Piotr Sikora.
This commit is contained in:
Sergey Kandaurov 2014-10-24 04:28:00 -07:00
parent 54606d4625
commit 33f5555940
1 changed files with 3 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/event/ngx_event_openssl.c
View File

@ -404,21 +404,10 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
} }
if (--tries) { if (--tries) {
n = ERR_peek_error();
#ifdef OPENSSL_IS_BORINGSSL
if (ERR_GET_LIB(n) == ERR_LIB_CIPHER
&& ERR_GET_REASON(n) == CIPHER_R_BAD_DECRYPT)
#else
if (ERR_GET_LIB(n) == ERR_LIB_EVP
&& ERR_GET_REASON(n) == EVP_R_BAD_DECRYPT)
#endif
{
ERR_clear_error(); ERR_clear_error();
SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd); SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd);
continue; continue;
} }
}
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"SSL_CTX_use_PrivateKey_file(\"%s\") failed", key->data); "SSL_CTX_use_PrivateKey_file(\"%s\") failed", key->data);