Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 7477:c74904a17021
SSL: support for parsing PEM certificates from memory.
This makes it possible to provide certificates directly via variables
in ssl_certificate / ssl_certificate_key directives, without using
intermediate files.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Sat, 09 Mar 2019 03:03:56 +0300 |
parents | b6dc8a12c07a |
children | 65074e13f171 |
comparison
equal
deleted
inserted
replaced
7476:b6dc8a12c07a | 7477:c74904a17021 |
---|---|
609 { | 609 { |
610 BIO *bio; | 610 BIO *bio; |
611 X509 *x509, *temp; | 611 X509 *x509, *temp; |
612 u_long n; | 612 u_long n; |
613 | 613 |
614 if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, cert) | 614 if (ngx_strncmp(cert->data, "data:", sizeof("data:") - 1) == 0) { |
615 != NGX_OK) | 615 |
616 { | 616 bio = BIO_new_mem_buf(cert->data + sizeof("data:") - 1, |
617 *err = NULL; | 617 cert->len - (sizeof("data:") - 1)); |
618 return NULL; | 618 if (bio == NULL) { |
619 } | 619 *err = "BIO_new_mem_buf() failed"; |
620 | 620 return NULL; |
621 /* | 621 } |
622 * we can't use SSL_CTX_use_certificate_chain_file() as it doesn't | 622 |
623 * allow to access certificate later from SSL_CTX, so we reimplement | 623 } else { |
624 * it here | 624 |
625 */ | 625 if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, cert) |
626 | 626 != NGX_OK) |
627 bio = BIO_new_file((char *) cert->data, "r"); | 627 { |
628 if (bio == NULL) { | 628 *err = NULL; |
629 *err = "BIO_new_file() failed"; | 629 return NULL; |
630 return NULL; | 630 } |
631 | |
632 bio = BIO_new_file((char *) cert->data, "r"); | |
633 if (bio == NULL) { | |
634 *err = "BIO_new_file() failed"; | |
635 return NULL; | |
636 } | |
631 } | 637 } |
632 | 638 |
633 /* certificate itself */ | 639 /* certificate itself */ |
634 | 640 |
635 x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL); | 641 x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL); |
741 return NULL; | 747 return NULL; |
742 | 748 |
743 #endif | 749 #endif |
744 } | 750 } |
745 | 751 |
746 if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, key) | 752 if (ngx_strncmp(key->data, "data:", sizeof("data:") - 1) == 0) { |
747 != NGX_OK) | 753 |
748 { | 754 bio = BIO_new_mem_buf(key->data + sizeof("data:") - 1, |
749 *err = NULL; | 755 key->len - (sizeof("data:") - 1)); |
750 return NULL; | 756 if (bio == NULL) { |
751 } | 757 *err = "BIO_new_mem_buf() failed"; |
752 | 758 return NULL; |
753 bio = BIO_new_file((char *) key->data, "r"); | 759 } |
754 if (bio == NULL) { | 760 |
755 *err = "BIO_new_file() failed"; | 761 } else { |
756 return NULL; | 762 |
763 if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, key) | |
764 != NGX_OK) | |
765 { | |
766 *err = NULL; | |
767 return NULL; | |
768 } | |
769 | |
770 bio = BIO_new_file((char *) key->data, "r"); | |
771 if (bio == NULL) { | |
772 *err = "BIO_new_file() failed"; | |
773 return NULL; | |
774 } | |
757 } | 775 } |
758 | 776 |
759 if (passwords) { | 777 if (passwords) { |
760 tries = passwords->nelts; | 778 tries = passwords->nelts; |
761 pwd = passwords->elts; | 779 pwd = passwords->elts; |