Mercurial > hg > nginx-quic
changeset 5892:42520df85ebb
SSL: simplified ssl_password_file error handling.
Instead of collecting a number of the possible SSL_CTX_use_PrivateKey_file()
error codes that becomes more and more difficult with the rising variety of
OpenSSL versions and its derivatives, just continue with the next password.
Multiple passwords in a single ssl_password_file feature was broken after
recent OpenSSL changes (commit 4aac102f75b517bdb56b1bcfd0a856052d559f6e).
Affected OpenSSL releases: 0.9.8zc, 1.0.0o, 1.0.1j and 1.0.2-beta3.
Reported by Piotr Sikora.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 24 Oct 2014 04:28:00 -0700 |
parents | 87ada3ba1392 |
children | fa4161fe8254 |
files | src/event/ngx_event_openssl.c |
diffstat | 1 files changed, 3 insertions(+), 14 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -404,20 +404,9 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ } if (--tries) { - n = ERR_peek_error(); - -#ifdef OPENSSL_IS_BORINGSSL - if (ERR_GET_LIB(n) == ERR_LIB_CIPHER - && ERR_GET_REASON(n) == CIPHER_R_BAD_DECRYPT) -#else - if (ERR_GET_LIB(n) == ERR_LIB_EVP - && ERR_GET_REASON(n) == EVP_R_BAD_DECRYPT) -#endif - { - ERR_clear_error(); - SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd); - continue; - } + ERR_clear_error(); + SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd); + continue; } ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,