Klaus Demo nginx / be63760
load SSL engine before certificates, otherwise RSA keys will use built-in RSA methods Igor Sysoev 13 years ago
1 changed file(s) with 30 addition(s) and 39 deletion(s). Raw diff Collapse all Expand all
99
1010
1111 typedef struct {
12 ngx_str_t engine;
12 ngx_uint_t engine; /* unsigned engine:1; */
1313 } ngx_openssl_conf_t;
1414
1515
3636 ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel);
3737
3838 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle);
39 static char *ngx_openssl_init_conf(ngx_cycle_t *cycle, void *conf);
39 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
4040 static void ngx_openssl_exit(ngx_cycle_t *cycle);
41
42 #if !(NGX_SSL_ENGINE)
43 static char *ngx_openssl_noengine(ngx_conf_t *cf, ngx_command_t *cmd,
44 void *conf);
45 #endif
4641
4742
4843 static ngx_command_t ngx_openssl_commands[] = {
4944
5045 { ngx_string("ssl_engine"),
5146 NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1,
52 #if (NGX_SSL_ENGINE)
53 ngx_conf_set_str_slot,
54 #else
55 ngx_openssl_noengine,
56 #endif
47 ngx_openssl_engine,
5748 0,
58 offsetof(ngx_openssl_conf_t, engine),
49 0,
5950 NULL },
6051
6152 ngx_null_command
6556 static ngx_core_module_t ngx_openssl_module_ctx = {
6657 ngx_string("openssl"),
6758 ngx_openssl_create_conf,
68 ngx_openssl_init_conf
59 NULL
6960 };
7061
7162
21122103 /*
21132104 * set by ngx_pcalloc():
21142105 *
2115 * oscf->engine.len = 0;
2116 * oscf->engine.data = NULL;
2106 * oscf->engine = 0;
21172107 */
21182108
21192109 return oscf;
21212111
21222112
21232113 static char *
2124 ngx_openssl_init_conf(ngx_cycle_t *cycle, void *conf)
2114 ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
21252115 {
21262116 #if (NGX_SSL_ENGINE)
21272117 ngx_openssl_conf_t *oscf = conf;
21282118
2129 ENGINE *engine;
2130
2131 if (oscf->engine.len == 0) {
2132 return NGX_CONF_OK;
2133 }
2134
2135 engine = ENGINE_by_id((const char *) oscf->engine.data);
2119 ENGINE *engine;
2120 ngx_str_t *value;
2121
2122 if (oscf->engine) {
2123 return "is duplicate";
2124 }
2125
2126 oscf->engine = 1;
2127
2128 value = cf->args->elts;
2129
2130 engine = ENGINE_by_id((const char *) value[1].data);
21362131
21372132 if (engine == NULL) {
2138 ngx_ssl_error(NGX_LOG_WARN, cycle->log, 0,
2139 "ENGINE_by_id(\"%V\") failed", &oscf->engine);
2133 ngx_ssl_error(NGX_LOG_WARN, cf->log, 0,
2134 "ENGINE_by_id(\"%V\") failed", &value[1]);
21402135 return NGX_CONF_ERROR;
21412136 }
21422137
21432138 if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) {
2144 ngx_ssl_error(NGX_LOG_WARN, cycle->log, 0,
2139 ngx_ssl_error(NGX_LOG_WARN, cf->log, 0,
21452140 "ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed",
2146 &oscf->engine);
2141 &value[1]);
2142
2143 ENGINE_free(engine);
2144
21472145 return NGX_CONF_ERROR;
21482146 }
21492147
21502148 ENGINE_free(engine);
21512149
2152 #endif
2153
21542150 return NGX_CONF_OK;
2155 }
2156
2157
2158 #if !(NGX_SSL_ENGINE)
2159
2160 static char *
2161 ngx_openssl_noengine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
2162 {
2151
2152 #else
2153
21632154 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
21642155 "\"ssl_engine\" directive is available only in "
21652156 "OpenSSL 0.9.7 and higher,");
21662157
21672158 return NGX_CONF_ERROR;
2168 }
21692159
21702160 #endif
2161 }
21712162
21722163
21732164 static void