Mercurial > hg > nginx

diff src/event/ngx_event_openssl.c @ 5892:42520df85ebb

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: simplified ssl_password_file error handling. Instead of collecting a number of the possible SSL_CTX_use_PrivateKey_file() error codes that becomes more and more difficult with the rising variety of OpenSSL versions and its derivatives, just continue with the next password. Multiple passwords in a single ssl_password_file feature was broken after recent OpenSSL changes (commit 4aac102f75b517bdb56b1bcfd0a856052d559f6e). Affected OpenSSL releases: 0.9.8zc, 1.0.0o, 1.0.1j and 1.0.2-beta3. Reported by Piotr Sikora.
author Sergey Kandaurov <pluknet@nginx.com>
date Fri, 24 Oct 2014 04:28:00 -0700
parents ec81934727a1
children b7a37f6a25ea
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -404,20 +404,9 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_
         }
 
         if (--tries) {
-            n = ERR_peek_error();
-
-#ifdef OPENSSL_IS_BORINGSSL
-            if (ERR_GET_LIB(n) == ERR_LIB_CIPHER
-                && ERR_GET_REASON(n) == CIPHER_R_BAD_DECRYPT)
-#else
-            if (ERR_GET_LIB(n) == ERR_LIB_EVP
-                && ERR_GET_REASON(n) == EVP_R_BAD_DECRYPT)
-#endif
-            {
-                ERR_clear_error();
-                SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd);
-                continue;
-            }
+            ERR_clear_error();
+            SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd);
+            continue;
         }
 
         ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,