mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-09 02:42:48 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

SSL: loading certificate keys via ENGINE_load_private_key().

Browse Source
This commit is contained in:
Dmitrii Pichulin 2014-08-04 11:03:20 +04:00
parent 811281ec36
commit cf5013dd3f
1 changed files with 61 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
src/event/ngx_event_openssl.c
View File

@ -376,6 +376,67 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
BIO_free(bio); BIO_free(bio);
if (ngx_strncmp(key->data, "engine:", sizeof("engine:") - 1) == 0) {
#ifndef OPENSSL_NO_ENGINE
u_char *p, *last;
ENGINE *engine;
EVP_PKEY *pkey;
p = key->data + sizeof("engine:") - 1;
last = (u_char *) ngx_strchr(p, ':');
if (last == NULL) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid syntax in \"%V\"", key);
return NGX_ERROR;
}
*last = '\0';
engine = ENGINE_by_id((char *) p);
if (engine == NULL) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"ENGINE_by_id(\"%s\") failed", p);
return NGX_ERROR;
}
*last++ = ':';
pkey = ENGINE_load_private_key(engine, (char *) last, 0, 0);
if (pkey == NULL) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"ENGINE_load_private_key(\"%s\") failed", last);
ENGINE_free(engine);
return NGX_ERROR;
}
ENGINE_free(engine);
if (SSL_CTX_use_PrivateKey(ssl->ctx, pkey) == 0) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"SSL_CTX_use_PrivateKey(\"%s\") failed", last);
EVP_PKEY_free(pkey);
return NGX_ERROR;
}
EVP_PKEY_free(pkey);
return NGX_OK;
#else
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"loading \"engine:...\" certificate keys "
"is not supported");
return NGX_ERROR;
#endif
}
if (ngx_conf_full_name(cf->cycle, key, 1) != NGX_OK) { if (ngx_conf_full_name(cf->cycle, key, 1) != NGX_OK) {
return NGX_ERROR; return NGX_ERROR;
} }