Klaus Demo nginx / 59c34b6
SSL: support for parsing PEM certificates from memory. This makes it possible to provide certificates directly via variables in ssl_certificate / ssl_certificate_key directives, without using intermediate files. Maxim Dounin 3 years ago
1 changed file(s) with 46 addition(s) and 28 deletion(s). Raw diff Collapse all Expand all
610610 X509 *x509, *temp;
611611 u_long n;
612612
613 if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, cert)
614 != NGX_OK)
615 {
616 *err = NULL;
617 return NULL;
618 }
619
620 /*
621 * we can't use SSL_CTX_use_certificate_chain_file() as it doesn't
622 * allow to access certificate later from SSL_CTX, so we reimplement
623 * it here
624 */
625
626 bio = BIO_new_file((char *) cert->data, "r");
627 if (bio == NULL) {
628 *err = "BIO_new_file() failed";
629 return NULL;
613 if (ngx_strncmp(cert->data, "data:", sizeof("data:") - 1) == 0) {
614
615 bio = BIO_new_mem_buf(cert->data + sizeof("data:") - 1,
616 cert->len - (sizeof("data:") - 1));
617 if (bio == NULL) {
618 *err = "BIO_new_mem_buf() failed";
619 return NULL;
620 }
621
622 } else {
623
624 if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, cert)
625 != NGX_OK)
626 {
627 *err = NULL;
628 return NULL;
629 }
630
631 bio = BIO_new_file((char *) cert->data, "r");
632 if (bio == NULL) {
633 *err = "BIO_new_file() failed";
634 return NULL;
635 }
630636 }
631637
632638 /* certificate itself */
742748 #endif
743749 }
744750
745 if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, key)
746 != NGX_OK)
747 {
748 *err = NULL;
749 return NULL;
750 }
751
752 bio = BIO_new_file((char *) key->data, "r");
753 if (bio == NULL) {
754 *err = "BIO_new_file() failed";
755 return NULL;
751 if (ngx_strncmp(key->data, "data:", sizeof("data:") - 1) == 0) {
752
753 bio = BIO_new_mem_buf(key->data + sizeof("data:") - 1,
754 key->len - (sizeof("data:") - 1));
755 if (bio == NULL) {
756 *err = "BIO_new_mem_buf() failed";
757 return NULL;
758 }
759
760 } else {
761
762 if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, key)
763 != NGX_OK)
764 {
765 *err = NULL;
766 return NULL;
767 }
768
769 bio = BIO_new_file((char *) key->data, "r");
770 if (bio == NULL) {
771 *err = "BIO_new_file() failed";
772 return NULL;
773 }
756774 }
757775
758776 if (passwords) {