mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-07-20 19:27:29 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SSL: Add SSL_CTX_check_private_key in ngx_ssl_certificate.

Browse Source 
to resolve the issue which the config test passes unexpectedly
in case of the key and cert is different the classes
(RSA/DSA/ECDSA) in each.
This commit is contained in:
u5surf 2025-02-24 15:49:24 +09:00
parent d25139db01
commit 66d19c1a47
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/event/ngx_event_openssl.c
View File

@ -553,6 +553,12 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
EVP_PKEY_free(pkey);
return NGX_ERROR;
}
if (SSL_CTX_check_private_key(ssl->ctx) == 0) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"SSL_CTX_check_private_key(\"%s\") failed", key->data);
EVP_PKEY_free(pkey);
return NGX_ERROR;
}
EVP_PKEY_free(pkey);