Browse Source

Latest update - 7477

master
Hakase 1 week ago
parent
commit
d4d98562a7
Signed by: Hakase <hakase@hakase.app> GPG Key ID: BB2821A9E0DF48C9
1 changed files with 45 additions and 28 deletions
  1. 45
    28
      src/event/ngx_event_openssl.c

+ 45
- 28
src/event/ngx_event_openssl.c View File

@@ -619,23 +619,29 @@ ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert,
619 619
     X509    *x509, *temp;
620 620
     u_long   n;
621 621
 
622
-    if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, cert)
623
-        != NGX_OK)
624
-    {
625
-        *err = NULL;
626
-        return NULL;
627
-    }
622
+    if (ngx_strncmp(cert->data, "data:", sizeof("data:") - 1) == 0) {
628 623
 
629
-    /*
630
-     * we can't use SSL_CTX_use_certificate_chain_file() as it doesn't
631
-     * allow to access certificate later from SSL_CTX, so we reimplement
632
-     * it here
633
-     */
624
+        bio = BIO_new_mem_buf(cert->data + sizeof("data:") - 1,
625
+                              cert->len - (sizeof("data:") - 1));
626
+        if (bio == NULL) {
627
+            *err = "BIO_new_mem_buf() failed";
628
+            return NULL;
629
+        }
634 630
 
635
-    bio = BIO_new_file((char *) cert->data, "r");
636
-    if (bio == NULL) {
637
-        *err = "BIO_new_file() failed";
638
-        return NULL;
631
+    } else {
632
+
633
+        if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, cert)
634
+            != NGX_OK)
635
+        {
636
+            *err = NULL;
637
+            return NULL;
638
+        }
639
+
640
+        bio = BIO_new_file((char *) cert->data, "r");
641
+        if (bio == NULL) {
642
+            *err = "BIO_new_file() failed";
643
+            return NULL;
644
+        }
639 645
     }
640 646
 
641 647
     /* certificate itself */
@@ -709,9 +715,8 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
709 715
 
710 716
 #ifndef OPENSSL_NO_ENGINE
711 717
 
712
-        u_char      *p, *last;
713
-        ENGINE      *engine;
714
-        EVP_PKEY    *pkey;
718
+        u_char  *p, *last;
719
+        ENGINE  *engine;
715 720
 
716 721
         p = key->data + sizeof("engine:") - 1;
717 722
         last = (u_char *) ngx_strchr(p, ':');
@@ -752,17 +757,29 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
752 757
 #endif
753 758
     }
754 759
 
755
-    if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, key)
756
-        != NGX_OK)
757
-    {
758
-        *err = NULL;
759
-        return NULL;
760
-    }
760
+    if (ngx_strncmp(key->data, "data:", sizeof("data:") - 1) == 0) {
761 761
 
762
-    bio = BIO_new_file((char *) key->data, "r");
763
-    if (bio == NULL) {
764
-        *err = "BIO_new_file() failed";
765
-        return NULL;
762
+        bio = BIO_new_mem_buf(key->data + sizeof("data:") - 1,
763
+                              key->len - (sizeof("data:") - 1));
764
+        if (bio == NULL) {
765
+            *err = "BIO_new_mem_buf() failed";
766
+            return NULL;
767
+        }
768
+
769
+    } else {
770
+
771
+        if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, key)
772
+            != NGX_OK)
773
+        {
774
+            *err = NULL;
775
+            return NULL;
776
+        }
777
+
778
+        bio = BIO_new_file((char *) key->data, "r");
779
+        if (bio == NULL) {
780
+            *err = "BIO_new_file() failed";
781
+            return NULL;
782
+        }
766 783
     }
767 784
 
768 785
     if (passwords) {

Loading…
Cancel
Save