Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 5892:42520df85ebb
SSL: simplified ssl_password_file error handling.
Instead of collecting a number of the possible SSL_CTX_use_PrivateKey_file()
error codes that becomes more and more difficult with the rising variety of
OpenSSL versions and its derivatives, just continue with the next password.
Multiple passwords in a single ssl_password_file feature was broken after
recent OpenSSL changes (commit 4aac102f75b517bdb56b1bcfd0a856052d559f6e).
Affected OpenSSL releases: 0.9.8zc, 1.0.0o, 1.0.1j and 1.0.2-beta3.
Reported by Piotr Sikora.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Fri, 24 Oct 2014 04:28:00 -0700 |
| parents | ec81934727a1 |
| children | b7a37f6a25ea |
comparison
equal
deleted
inserted
replaced
| 5891:87ada3ba1392 | 5892:42520df85ebb |
|---|---|
| 402 { | 402 { |
| 403 break; | 403 break; |
| 404 } | 404 } |
| 405 | 405 |
| 406 if (--tries) { | 406 if (--tries) { |
| 407 n = ERR_peek_error(); | 407 ERR_clear_error(); |
| 408 | 408 SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd); |
| 409 #ifdef OPENSSL_IS_BORINGSSL | 409 continue; |
| 410 if (ERR_GET_LIB(n) == ERR_LIB_CIPHER | |
| 411 && ERR_GET_REASON(n) == CIPHER_R_BAD_DECRYPT) | |
| 412 #else | |
| 413 if (ERR_GET_LIB(n) == ERR_LIB_EVP | |
| 414 && ERR_GET_REASON(n) == EVP_R_BAD_DECRYPT) | |
| 415 #endif | |
| 416 { | |
| 417 ERR_clear_error(); | |
| 418 SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd); | |
| 419 continue; | |
| 420 } | |
| 421 } | 410 } |
| 422 | 411 |
| 423 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | 412 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, |
| 424 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", key->data); | 413 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", key->data); |
| 425 return NGX_ERROR; | 414 return NGX_ERROR; |