SSL: support for parsing PEM certificates from memory.
This makes it possible to provide certificates directly via variables
in ssl_certificate / ssl_certificate_key directives, without using
intermediate files.
Maxim Dounin
3 years ago
| 610 | 610 | X509 *x509, *temp; |
| 611 | 611 | u_long n; |
| 612 | 612 | |
| 613 | if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, cert) | |
| 614 | != NGX_OK) | |
| 615 | { | |
| 616 | *err = NULL; | |
| 617 | return NULL; | |
| 618 | } | |
| 619 | ||
| 620 | /* | |
| 621 | * we can't use SSL_CTX_use_certificate_chain_file() as it doesn't | |
| 622 | * allow to access certificate later from SSL_CTX, so we reimplement | |
| 623 | * it here | |
| 624 | */ | |
| 625 | ||
| 626 | bio = BIO_new_file((char *) cert->data, "r"); | |
| 627 | if (bio == NULL) { | |
| 628 | *err = "BIO_new_file() failed"; | |
| 629 | return NULL; | |
| 613 | if (ngx_strncmp(cert->data, "data:", sizeof("data:") - 1) == 0) { | |
| 614 | ||
| 615 | bio = BIO_new_mem_buf(cert->data + sizeof("data:") - 1, | |
| 616 | cert->len - (sizeof("data:") - 1)); | |
| 617 | if (bio == NULL) { | |
| 618 | *err = "BIO_new_mem_buf() failed"; | |
| 619 | return NULL; | |
| 620 | } | |
| 621 | ||
| 622 | } else { | |
| 623 | ||
| 624 | if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, cert) | |
| 625 | != NGX_OK) | |
| 626 | { | |
| 627 | *err = NULL; | |
| 628 | return NULL; | |
| 629 | } | |
| 630 | ||
| 631 | bio = BIO_new_file((char *) cert->data, "r"); | |
| 632 | if (bio == NULL) { | |
| 633 | *err = "BIO_new_file() failed"; | |
| 634 | return NULL; | |
| 635 | } | |
| 630 | 636 | } |
| 631 | 637 | |
| 632 | 638 | /* certificate itself */ |
| 742 | 748 | #endif |
| 743 | 749 | } |
| 744 | 750 | |
| 745 | if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, key) | |
| 746 | != NGX_OK) | |
| 747 | { | |
| 748 | *err = NULL; | |
| 749 | return NULL; | |
| 750 | } | |
| 751 | ||
| 752 | bio = BIO_new_file((char *) key->data, "r"); | |
| 753 | if (bio == NULL) { | |
| 754 | *err = "BIO_new_file() failed"; | |
| 755 | return NULL; | |
| 751 | if (ngx_strncmp(key->data, "data:", sizeof("data:") - 1) == 0) { | |
| 752 | ||
| 753 | bio = BIO_new_mem_buf(key->data + sizeof("data:") - 1, | |
| 754 | key->len - (sizeof("data:") - 1)); | |
| 755 | if (bio == NULL) { | |
| 756 | *err = "BIO_new_mem_buf() failed"; | |
| 757 | return NULL; | |
| 758 | } | |
| 759 | ||
| 760 | } else { | |
| 761 | ||
| 762 | if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, key) | |
| 763 | != NGX_OK) | |
| 764 | { | |
| 765 | *err = NULL; | |
| 766 | return NULL; | |
| 767 | } | |
| 768 | ||
| 769 | bio = BIO_new_file((char *) key->data, "r"); | |
| 770 | if (bio == NULL) { | |
| 771 | *err = "BIO_new_file() failed"; | |
| 772 | return NULL; | |
| 773 | } | |
| 756 | 774 | } |
| 757 | 775 | |
| 758 | 776 | if (passwords) { |