Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 7477:c74904a17021
SSL: support for parsing PEM certificates from memory.
This makes it possible to provide certificates directly via variables
in ssl_certificate / ssl_certificate_key directives, without using
intermediate files.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Sat, 09 Mar 2019 03:03:56 +0300 |
| parents | b6dc8a12c07a |
| children | 65074e13f171 |
comparison
equal
deleted
inserted
replaced
| 7476:b6dc8a12c07a | 7477:c74904a17021 |
|---|---|
| 609 { | 609 { |
| 610 BIO *bio; | 610 BIO *bio; |
| 611 X509 *x509, *temp; | 611 X509 *x509, *temp; |
| 612 u_long n; | 612 u_long n; |
| 613 | 613 |
| 614 if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, cert) | 614 if (ngx_strncmp(cert->data, "data:", sizeof("data:") - 1) == 0) { |
| 615 != NGX_OK) | 615 |
| 616 { | 616 bio = BIO_new_mem_buf(cert->data + sizeof("data:") - 1, |
| 617 *err = NULL; | 617 cert->len - (sizeof("data:") - 1)); |
| 618 return NULL; | 618 if (bio == NULL) { |
| 619 } | 619 *err = "BIO_new_mem_buf() failed"; |
| 620 | 620 return NULL; |
| 621 /* | 621 } |
| 622 * we can't use SSL_CTX_use_certificate_chain_file() as it doesn't | 622 |
| 623 * allow to access certificate later from SSL_CTX, so we reimplement | 623 } else { |
| 624 * it here | 624 |
| 625 */ | 625 if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, cert) |
| 626 | 626 != NGX_OK) |
| 627 bio = BIO_new_file((char *) cert->data, "r"); | 627 { |
| 628 if (bio == NULL) { | 628 *err = NULL; |
| 629 *err = "BIO_new_file() failed"; | 629 return NULL; |
| 630 return NULL; | 630 } |
| 631 | |
| 632 bio = BIO_new_file((char *) cert->data, "r"); | |
| 633 if (bio == NULL) { | |
| 634 *err = "BIO_new_file() failed"; | |
| 635 return NULL; | |
| 636 } | |
| 631 } | 637 } |
| 632 | 638 |
| 633 /* certificate itself */ | 639 /* certificate itself */ |
| 634 | 640 |
| 635 x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL); | 641 x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL); |
| 741 return NULL; | 747 return NULL; |
| 742 | 748 |
| 743 #endif | 749 #endif |
| 744 } | 750 } |
| 745 | 751 |
| 746 if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, key) | 752 if (ngx_strncmp(key->data, "data:", sizeof("data:") - 1) == 0) { |
| 747 != NGX_OK) | 753 |
| 748 { | 754 bio = BIO_new_mem_buf(key->data + sizeof("data:") - 1, |
| 749 *err = NULL; | 755 key->len - (sizeof("data:") - 1)); |
| 750 return NULL; | 756 if (bio == NULL) { |
| 751 } | 757 *err = "BIO_new_mem_buf() failed"; |
| 752 | 758 return NULL; |
| 753 bio = BIO_new_file((char *) key->data, "r"); | 759 } |
| 754 if (bio == NULL) { | 760 |
| 755 *err = "BIO_new_file() failed"; | 761 } else { |
| 756 return NULL; | 762 |
| 763 if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, key) | |
| 764 != NGX_OK) | |
| 765 { | |
| 766 *err = NULL; | |
| 767 return NULL; | |
| 768 } | |
| 769 | |
| 770 bio = BIO_new_file((char *) key->data, "r"); | |
| 771 if (bio == NULL) { | |
| 772 *err = "BIO_new_file() failed"; | |
| 773 return NULL; | |
| 774 } | |
| 757 } | 775 } |
| 758 | 776 |
| 759 if (passwords) { | 777 if (passwords) { |
| 760 tries = passwords->nelts; | 778 tries = passwords->nelts; |
| 761 pwd = passwords->elts; | 779 pwd = passwords->elts; |