ignatenkobrain / rpms / nginx

Forked from rpms/nginx 2 years ago
Clone
Source Code
GIT

Blame SOURCES/nginx-1.18.0-pkcs11-cert.patch

c8-beta-stream-1.14 c8-beta-stream-1.16 c8-beta-stream-1.18 c8-beta-stream-1.20 c8-stream-1.14 c8-stream-1.16 c8-stream-1.18 c8-stream-1.20 c8s-stream-1.14 c8s-stream-1.18 c8s-stream-1.20 c9-beta
  1.   c817052883e6bccba4f9a2facb1a1a8e6a3309bb
  2.   SOURCES
  3.   nginx-1.18.0-pkcs11-cert.patch
Blob History Raw
0bbbd2 
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
0bbbd2 
index 0a2f260..606b6e2 100644
0bbbd2 
--- a/src/event/ngx_event_openssl.c
0bbbd2 
+++ b/src/event/ngx_event_openssl.c
0bbbd2 
@@ -616,6 +616,71 @@ ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert,
0bbbd2 
     X509    *x509, *temp;
0bbbd2 
     u_long   n;
0bbbd2
0bbbd2 
+    if (ngx_strncmp(cert->data, "engine:", sizeof("engine:") - 1) == 0) {
0bbbd2 
+
0bbbd2 
+#ifndef OPENSSL_NO_ENGINE
0bbbd2 
+
0bbbd2 
+        u_char  *p, *last;
0bbbd2 
+        ENGINE  *engine;
0bbbd2 
+
0bbbd2 
+        p = cert->data + sizeof("engine:") - 1;
0bbbd2 
+        last = (u_char *) ngx_strchr(p, ':');
0bbbd2 
+
0bbbd2 
+        if (last == NULL) {
0bbbd2 
+            *err = "invalid syntax";
0bbbd2 
+            return NULL;
0bbbd2 
+        }
0bbbd2 
+
0bbbd2 
+        *last = '\0';
0bbbd2 
+
0bbbd2 
+        engine = ENGINE_by_id((char *) p);
0bbbd2 
+
0bbbd2 
+        if (engine == NULL) {
0bbbd2 
+            *err = "ENGINE_by_id() failed";
0bbbd2 
+            return NULL;
0bbbd2 
+        }
0bbbd2 
+
0bbbd2 
+        if (!ENGINE_init(engine)) {
0bbbd2 
+            *err = "ENGINE_init() failed";
0bbbd2 
+            ENGINE_free(engine);
0bbbd2 
+            return NULL;
0bbbd2 
+        }
0bbbd2 
+
0bbbd2 
+        *last++ = ':';
0bbbd2 
+
0bbbd2 
+        struct {
0bbbd2 
+            const char *cert_id;
0bbbd2 
+            X509 *cert;
0bbbd2 
+        } params = { (char *) last, NULL };
0bbbd2 
+
0bbbd2 
+        if (!ENGINE_ctrl_cmd(engine, "LOAD_CERT_CTRL", 0, &params, NULL, 1)) {
0bbbd2 
+            *err = "ENGINE_ctrl_cmd() failed - Unable to get the certificate";
0bbbd2 
+            ENGINE_free(engine);
0bbbd2 
+            return NULL;
0bbbd2 
+        }
0bbbd2 
+
0bbbd2 
+        ENGINE_finish(engine);
0bbbd2 
+        ENGINE_free(engine);
0bbbd2 
+
0bbbd2 
+        /* set chain to null */
0bbbd2 
+
0bbbd2 
+        *chain = sk_X509_new_null();
0bbbd2 
+        if (*chain == NULL) {
0bbbd2 
+           *err = "sk_X509_new_null() failed";
0bbbd2 
+           X509_free(params.cert);
0bbbd2 
+           return NULL;
0bbbd2 
+        }
0bbbd2 
+
0bbbd2 
+        return params.cert;
0bbbd2 
+
0bbbd2 
+#else
0bbbd2 
+
0bbbd2 
+        *err = "loading \"engine:...\" certificate is not supported";
0bbbd2 
+        return NULL;
0bbbd2 
+
0bbbd2 
+#endif
0bbbd2 
+    }
0bbbd2 
+
0bbbd2 
     if (ngx_strncmp(cert->data, "data:", sizeof("data:") - 1) == 0) {
0bbbd2
0bbbd2 
         bio = BIO_new_mem_buf(cert->data + sizeof("data:") - 1,

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation