Blame SOURCES/nginx-1.14.0-pkcs11.patch
|
|
daa24a |
# HG changeset patch
|
|
|
daa24a |
# User Anderson Sasaki <ansasaki@redhat.com>
|
|
|
daa24a |
# Date 1533742801 -7200
|
|
|
daa24a |
# Wed Aug 08 17:40:01 2018 +0200
|
|
|
daa24a |
# Node ID ae457c9b2967da1b05aefcf1e81c099e9375c0d7
|
|
|
daa24a |
# Parent ba971deb4b447662e3c47fcc860b34d43469162a
|
|
|
daa24a |
SSL: added ENGINE_init() call before loading key.
|
|
|
daa24a |
|
|
|
daa24a |
It is necessary to call ENGINE_init() before using an OpenSSL engine
|
|
|
daa24a |
to get the engine functional reference. Without this, when
|
|
|
daa24a |
ENGINE_load_private_key() is called, the engine is still uninitialized.
|
|
|
daa24a |
|
|
|
daa24a |
diff -r ba971deb4b44 -r ae457c9b2967 src/event/ngx_event_openssl.c
|
|
|
daa24a |
--- a/src/event/ngx_event_openssl.c Tue Aug 07 02:16:07 2018 +0300
|
|
|
daa24a |
+++ b/src/event/ngx_event_openssl.c Wed Aug 08 17:40:01 2018 +0200
|
|
|
daa24a |
@@ -533,6 +533,13 @@
|
|
|
daa24a |
return NGX_ERROR;
|
|
|
daa24a |
}
|
|
|
daa24a |
|
|
|
daa24a |
+ if (!ENGINE_init(engine)) {
|
|
|
daa24a |
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
|
|
|
daa24a |
+ "ENGINE_init(\"%s\") failed", p);
|
|
|
daa24a |
+ ENGINE_free(engine);
|
|
|
daa24a |
+ return NGX_ERROR;
|
|
|
daa24a |
+ }
|
|
|
daa24a |
+
|
|
|
daa24a |
*last++ = ':';
|
|
|
daa24a |
|
|
|
daa24a |
pkey = ENGINE_load_private_key(engine, (char *) last, 0, 0);
|
|
|
daa24a |
@@ -540,10 +547,12 @@
|
|
|
daa24a |
if (pkey == NULL) {
|
|
|
daa24a |
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
|
|
|
daa24a |
"ENGINE_load_private_key(\"%s\") failed", last);
|
|
|
daa24a |
+ ENGINE_finish(engine);
|
|
|
daa24a |
ENGINE_free(engine);
|
|
|
daa24a |
return NGX_ERROR;
|
|
|
daa24a |
}
|
|
|
daa24a |
|
|
|
daa24a |
+ ENGINE_finish(engine);
|
|
|
daa24a |
ENGINE_free(engine);
|
|
|
daa24a |
|
|
|
daa24a |
if (SSL_CTX_use_PrivateKey(ssl->ctx, pkey) == 0) {
|