Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 5892:42520df85ebb
SSL: simplified ssl_password_file error handling.
Instead of collecting a number of the possible SSL_CTX_use_PrivateKey_file()
error codes that becomes more and more difficult with the rising variety of
OpenSSL versions and its derivatives, just continue with the next password.
Multiple passwords in a single ssl_password_file feature was broken after
recent OpenSSL changes (commit 4aac102f75b517bdb56b1bcfd0a856052d559f6e).
Affected OpenSSL releases: 0.9.8zc, 1.0.0o, 1.0.1j and 1.0.2-beta3.
Reported by Piotr Sikora.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 24 Oct 2014 04:28:00 -0700 |
parents | ec81934727a1 |
children | b7a37f6a25ea |
comparison
equal
deleted
inserted
replaced
5891:87ada3ba1392 | 5892:42520df85ebb |
---|---|
402 { | 402 { |
403 break; | 403 break; |
404 } | 404 } |
405 | 405 |
406 if (--tries) { | 406 if (--tries) { |
407 n = ERR_peek_error(); | 407 ERR_clear_error(); |
408 | 408 SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd); |
409 #ifdef OPENSSL_IS_BORINGSSL | 409 continue; |
410 if (ERR_GET_LIB(n) == ERR_LIB_CIPHER | |
411 && ERR_GET_REASON(n) == CIPHER_R_BAD_DECRYPT) | |
412 #else | |
413 if (ERR_GET_LIB(n) == ERR_LIB_EVP | |
414 && ERR_GET_REASON(n) == EVP_R_BAD_DECRYPT) | |
415 #endif | |
416 { | |
417 ERR_clear_error(); | |
418 SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd); | |
419 continue; | |
420 } | |
421 } | 410 } |
422 | 411 |
423 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | 412 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, |
424 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", key->data); | 413 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", key->data); |
425 return NGX_ERROR; | 414 return NGX_ERROR; |