mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-07 17:52:38 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

SSL: support for parsing PEM certificates from memory.

Browse Source 
This makes it possible to provide certificates directly via variables
in ssl_certificate / ssl_certificate_key directives, without using
intermediate files.
This commit is contained in:
Maxim Dounin 2019-03-09 03:03:56 +03:00
parent 762d98abed
commit 59c34b6795
1 changed files with 43 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
src/event/ngx_event_openssl.c
View File

@ -611,23 +611,29 @@ ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert,
X509 *x509, *temp; X509 *x509, *temp;
u_long n; u_long n;
if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, cert) if (ngx_strncmp(cert->data, "data:", sizeof("data:") - 1) == 0) {
!= NGX_OK)
{
*err = NULL;
return NULL;
}
/* bio = BIO_new_mem_buf(cert->data + sizeof("data:") - 1,
* we can't use SSL_CTX_use_certificate_chain_file() as it doesn't cert->len - (sizeof("data:") - 1));
* allow to access certificate later from SSL_CTX, so we reimplement if (bio == NULL) {
* it here *err = "BIO_new_mem_buf() failed";
*/ return NULL;
}
bio = BIO_new_file((char *) cert->data, "r"); } else {
if (bio == NULL) {
*err = "BIO_new_file() failed"; if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, cert)
return NULL; != NGX_OK)
{
*err = NULL;
return NULL;
}
bio = BIO_new_file((char *) cert->data, "r");
if (bio == NULL) {
*err = "BIO_new_file() failed";
return NULL;
}
} }
/* certificate itself */ /* certificate itself */
@ -743,17 +749,29 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
#endif #endif
} }
if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, key) if (ngx_strncmp(key->data, "data:", sizeof("data:") - 1) == 0) {
!= NGX_OK)
{
*err = NULL;
return NULL;
}
bio = BIO_new_file((char *) key->data, "r"); bio = BIO_new_mem_buf(key->data + sizeof("data:") - 1,
if (bio == NULL) { key->len - (sizeof("data:") - 1));
*err = "BIO_new_file() failed"; if (bio == NULL) {
return NULL; *err = "BIO_new_mem_buf() failed";
return NULL;
}
} else {
if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, key)
!= NGX_OK)
{
*err = NULL;
return NULL;
}
bio = BIO_new_file((char *) key->data, "r");
if (bio == NULL) {
*err = "BIO_new_file() failed";
return NULL;
}
} }
if (passwords) { if (passwords) {