# HG changeset patch # User Sergey Kandaurov # Date 1414150080 25200 # Node ID 42520df85ebbcab6566ec68f1e8ef809e0419eb5 # Parent 87ada3ba1392fadaf4d9193b5d345c248be32f77 SSL: simplified ssl_password_file error handling. Instead of collecting a number of the possible SSL_CTX_use_PrivateKey_file() error codes that becomes more and more difficult with the rising variety of OpenSSL versions and its derivatives, just continue with the next password. Multiple passwords in a single ssl_password_file feature was broken after recent OpenSSL changes (commit 4aac102f75b517bdb56b1bcfd0a856052d559f6e). Affected OpenSSL releases: 0.9.8zc, 1.0.0o, 1.0.1j and 1.0.2-beta3. Reported by Piotr Sikora. diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -404,20 +404,9 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ } if (--tries) { - n = ERR_peek_error(); - -#ifdef OPENSSL_IS_BORINGSSL - if (ERR_GET_LIB(n) == ERR_LIB_CIPHER - && ERR_GET_REASON(n) == CIPHER_R_BAD_DECRYPT) -#else - if (ERR_GET_LIB(n) == ERR_LIB_EVP - && ERR_GET_REASON(n) == EVP_R_BAD_DECRYPT) -#endif - { - ERR_clear_error(); - SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd); - continue; - } + ERR_clear_error(); + SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd); + continue; } ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,