Blob Blame History Raw
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 0a2f260..606b6e2 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -616,6 +616,71 @@ ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert,
     X509    *x509, *temp;
     u_long   n;
 
+    if (ngx_strncmp(cert->data, "engine:", sizeof("engine:") - 1) == 0) {
+
+#ifndef OPENSSL_NO_ENGINE
+
+        u_char  *p, *last;
+        ENGINE  *engine;
+
+        p = cert->data + sizeof("engine:") - 1;
+        last = (u_char *) ngx_strchr(p, ':');
+
+        if (last == NULL) {
+            *err = "invalid syntax";
+            return NULL;
+        }
+
+        *last = '\0';
+
+        engine = ENGINE_by_id((char *) p);
+
+        if (engine == NULL) {
+            *err = "ENGINE_by_id() failed";
+            return NULL;
+        }
+
+        if (!ENGINE_init(engine)) {
+            *err = "ENGINE_init() failed";
+            ENGINE_free(engine);
+            return NULL;
+        }
+
+        *last++ = ':';
+
+        struct {
+            const char *cert_id;
+            X509 *cert;
+        } params = { (char *) last, NULL };
+
+        if (!ENGINE_ctrl_cmd(engine, "LOAD_CERT_CTRL", 0, &params, NULL, 1)) {
+            *err = "ENGINE_ctrl_cmd() failed - Unable to get the certificate";
+            ENGINE_free(engine);
+            return NULL;
+        }
+
+        ENGINE_finish(engine);
+        ENGINE_free(engine);
+
+        /* set chain to null */
+
+        *chain = sk_X509_new_null();
+        if (*chain == NULL) {
+           *err = "sk_X509_new_null() failed";
+           X509_free(params.cert);
+           return NULL;
+        }
+
+        return params.cert;
+
+#else
+
+        *err = "loading \"engine:...\" certificate is not supported";
+        return NULL;
+
+#endif
+    }
+
     if (ngx_strncmp(cert->data, "data:", sizeof("data:") - 1) == 0) {
 
         bio = BIO_new_mem_buf(cert->data + sizeof("data:") - 1,