Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 5934:2c33ed82cde1
SSL: loading certificate keys via ENGINE_load_private_key().
| author | Dmitrii Pichulin |
|---|---|
| date | Mon, 04 Aug 2014 11:03:20 +0400 |
| parents | b7a37f6a25ea |
| children | ee941e49bd88 |
comparison
equal
deleted
inserted
replaced
| 5933:0eaa65af0d21 | 5934:2c33ed82cde1 |
|---|---|
| 373 return NGX_ERROR; | 373 return NGX_ERROR; |
| 374 } | 374 } |
| 375 } | 375 } |
| 376 | 376 |
| 377 BIO_free(bio); | 377 BIO_free(bio); |
| 378 | |
| 379 if (ngx_strncmp(key->data, "engine:", sizeof("engine:") - 1) == 0) { | |
| 380 | |
| 381 #ifndef OPENSSL_NO_ENGINE | |
| 382 | |
| 383 u_char *p, *last; | |
| 384 ENGINE *engine; | |
| 385 EVP_PKEY *pkey; | |
| 386 | |
| 387 p = key->data + sizeof("engine:") - 1; | |
| 388 last = (u_char *) ngx_strchr(p, ':'); | |
| 389 | |
| 390 if (last == NULL) { | |
| 391 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
| 392 "invalid syntax in \"%V\"", key); | |
| 393 return NGX_ERROR; | |
| 394 } | |
| 395 | |
| 396 *last = '\0'; | |
| 397 | |
| 398 engine = ENGINE_by_id((char *) p); | |
| 399 | |
| 400 if (engine == NULL) { | |
| 401 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
| 402 "ENGINE_by_id(\"%s\") failed", p); | |
| 403 return NGX_ERROR; | |
| 404 } | |
| 405 | |
| 406 *last++ = ':'; | |
| 407 | |
| 408 pkey = ENGINE_load_private_key(engine, (char *) last, 0, 0); | |
| 409 | |
| 410 if (pkey == NULL) { | |
| 411 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
| 412 "ENGINE_load_private_key(\"%s\") failed", last); | |
| 413 ENGINE_free(engine); | |
| 414 return NGX_ERROR; | |
| 415 } | |
| 416 | |
| 417 ENGINE_free(engine); | |
| 418 | |
| 419 if (SSL_CTX_use_PrivateKey(ssl->ctx, pkey) == 0) { | |
| 420 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
| 421 "SSL_CTX_use_PrivateKey(\"%s\") failed", last); | |
| 422 EVP_PKEY_free(pkey); | |
| 423 return NGX_ERROR; | |
| 424 } | |
| 425 | |
| 426 EVP_PKEY_free(pkey); | |
| 427 | |
| 428 return NGX_OK; | |
| 429 | |
| 430 #else | |
| 431 | |
| 432 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
| 433 "loading \"engine:...\" certificate keys " | |
| 434 "is not supported"); | |
| 435 return NGX_ERROR; | |
| 436 | |
| 437 #endif | |
| 438 } | |
| 378 | 439 |
| 379 if (ngx_conf_full_name(cf->cycle, key, 1) != NGX_OK) { | 440 if (ngx_conf_full_name(cf->cycle, key, 1) != NGX_OK) { |
| 380 return NGX_ERROR; | 441 return NGX_ERROR; |
| 381 } | 442 } |
| 382 | 443 |