Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 5934:2c33ed82cde1
SSL: loading certificate keys via ENGINE_load_private_key().
author | Dmitrii Pichulin |
---|---|
date | Mon, 04 Aug 2014 11:03:20 +0400 |
parents | b7a37f6a25ea |
children | ee941e49bd88 |
comparison
equal
deleted
inserted
replaced
5933:0eaa65af0d21 | 5934:2c33ed82cde1 |
---|---|
373 return NGX_ERROR; | 373 return NGX_ERROR; |
374 } | 374 } |
375 } | 375 } |
376 | 376 |
377 BIO_free(bio); | 377 BIO_free(bio); |
378 | |
379 if (ngx_strncmp(key->data, "engine:", sizeof("engine:") - 1) == 0) { | |
380 | |
381 #ifndef OPENSSL_NO_ENGINE | |
382 | |
383 u_char *p, *last; | |
384 ENGINE *engine; | |
385 EVP_PKEY *pkey; | |
386 | |
387 p = key->data + sizeof("engine:") - 1; | |
388 last = (u_char *) ngx_strchr(p, ':'); | |
389 | |
390 if (last == NULL) { | |
391 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
392 "invalid syntax in \"%V\"", key); | |
393 return NGX_ERROR; | |
394 } | |
395 | |
396 *last = '\0'; | |
397 | |
398 engine = ENGINE_by_id((char *) p); | |
399 | |
400 if (engine == NULL) { | |
401 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
402 "ENGINE_by_id(\"%s\") failed", p); | |
403 return NGX_ERROR; | |
404 } | |
405 | |
406 *last++ = ':'; | |
407 | |
408 pkey = ENGINE_load_private_key(engine, (char *) last, 0, 0); | |
409 | |
410 if (pkey == NULL) { | |
411 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
412 "ENGINE_load_private_key(\"%s\") failed", last); | |
413 ENGINE_free(engine); | |
414 return NGX_ERROR; | |
415 } | |
416 | |
417 ENGINE_free(engine); | |
418 | |
419 if (SSL_CTX_use_PrivateKey(ssl->ctx, pkey) == 0) { | |
420 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
421 "SSL_CTX_use_PrivateKey(\"%s\") failed", last); | |
422 EVP_PKEY_free(pkey); | |
423 return NGX_ERROR; | |
424 } | |
425 | |
426 EVP_PKEY_free(pkey); | |
427 | |
428 return NGX_OK; | |
429 | |
430 #else | |
431 | |
432 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
433 "loading \"engine:...\" certificate keys " | |
434 "is not supported"); | |
435 return NGX_ERROR; | |
436 | |
437 #endif | |
438 } | |
378 | 439 |
379 if (ngx_conf_full_name(cf->cycle, key, 1) != NGX_OK) { | 440 if (ngx_conf_full_name(cf->cycle, key, 1) != NGX_OK) { |
380 return NGX_ERROR; | 441 return NGX_ERROR; |
381 } | 442 } |
382 | 443 |