Welcome! Log In Create A New Profile

Advanced

nginx reload failed when using an encrypted key as ssl_certificate_key

nginx reload failed when using an encrypted key as ssl_certificate_key
August 04, 2013 10:31PM
for some reasons, we used an encrypted key as ssl_certificate_key.

After execute "./sbin/nginx -s reload", we expect ex worker process will be quit and new worker process will be create。
But unfortunately , EX worker process does not quit , new worker process does not be create.

attachments are certificates and private key for test , the password for key1.key is 123456. they were be created by openssl.

Thanks for your kind help!
Attachments:
open | download - key1.key (963 bytes)
open | download - cert1.cer (725 bytes)
open | download - cacert.pem.cer (716 bytes)
[root@localhost nginx_debug]# ./sbin/nginx -V
nginx version: nginx/1.2.3
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx_debug --with-http_ssl_module --with-openssl=/home/nginx/openssl-1.0.1e/ --with-zlib=/home/nginx/zlib-1.2.7 --with-pcre=/home/nginx/pcre-8.31 --with-debug

i find " Enter PEM pass phrase:
8 2013/08/05 16:38:26 [emerg] 24715#0: SSL_CTX_use_PrivateKey_file("/usr/local/nginx_debug/conf/cert.key") failed (SSL: error:0906406D:PEM routines:PEM_def_callback:problems getting password error:0906A068:PEM routines:PEM_do_header:bad password read error:140B0009:SSL r outines:SSL_CTX_use_PrivateKey_file:PEM lib)" in error.log .

maybe it is an openssl bug.
I found it's not the nginx problem .

#0 read_string_inner (ui=0x116d360, uis=0x116d550, echo=0, strip_nl=1) at ui_openssl.c:448
#1 0x00000000005de91c in read_string (ui=0x116d360, uis=0x116d550) at ui_openssl.c:375
#2 0x00000000005ddebc in UI_process (ui=0x116d360) at ui_lib.c:528
#3 0x00000000005c28a8 in EVP_read_pw_string_min (buf=0x7ffff82ec4a0 "\200\067@", min=4, len=1024, prompt=0x668527 "Enter PEM pass phrase:", verify=0) at evp_key.c:109
#4 0x0000000000551411 in PEM_def_callback (buf=0x7ffff82ec4a0 "\200\067@", num=1024, w=0, key=0x0) at pem_lib.c:108
#5 0x000000000055222d in PEM_do_header (cipher=0x7ffff82eca20, data=0x116dea0 "\003\071\364 (\316\213~`t\254n\017\375\n\016\224\327y\210\302\017 \034hq4\210UBz\232\323T\26
7\373\323#\306\361\070Dl\211\201\\\317\323'\243\226\210\205\233\310+%\025\316K\321}\242\252A\232]\366\367`a\204`{\246\026\f\205\304\065e:mt\307\336`\253O!\366\371\361m\001\
202\357\253|\306\375\063\233\334't\227\364\226\006G\020\352.\323b\361_\037\326p9_Z\234\237\270|oH\002\062+\356\021/\203\371\200,\253\356q6\373i\240/hK\265\270e\200\022\215F
\341\346\216\f{\265\036\016\267\357\373\367\067\302\371s\216=)h\315A\247\206\216", <incomplete sequence \346>..., plen=0x7ffff82eca00, callback=0, u=0x0) at pem_lib.c:453
#6 0x0000000000551b44 in PEM_bytes_read_bio (pdata=0x7ffff82ecea0, plen=0x7ffff82ece98, pnm=0x7ffff82eceb0, name=0x668c92 "ANY PRIVATE KEY", bp=0x1154c00, cb=0, u=0x0) at
pem_lib.c:296
#7 0x0000000000554f47 in PEM_read_bio_PrivateKey (bp=0x1154c00, x=0x0, cb=0, u=0x0) at pem_pkey.c:84
#8 0x00000000004dcff2 in SSL_CTX_use_PrivateKey_file (ctx=0x11369b0, file=0x116c055 "/usr/local/nginx_debug/conf/cert.key", type=1) at ssl_rsa.c:654
#9 0x0000000000438eeb in ngx_ssl_certificate (cf=0x7ffff82ed480, ssl=0x1165980, cert=0x11659c0, key=0x11659d0) at src/event/ngx_event_openssl.c:236
#10 0x0000000000495ee7 in ngx_http_ssl_merge_srv_conf (cf=0x7ffff82ed480, parent=0x113cdf8, child=0x1165978) at src/http/modules/ngx_http_ssl_module.c:451
#11 0x000000000043ec8a in ngx_http_merge_servers (cf=0x7ffff82ed480, cmcf=0x113c398, module=0x8db1c0, ctx_index=15) at src/http/ngx_http.c:584
#12 0x000000000043e236 in ngx_http_block (cf=0x7ffff82ed480, cmd=0x8d2200, conf=0x113bb08) at src/http/ngx_http.c:270
#13 0x000000000041d871 in ngx_conf_handler (cf=0x7ffff82ed480, last=1) at src/core/ngx_conf_file.c:388
#14 0x000000000041d41c in ngx_conf_parse (cf=0x7ffff82ed480, filename=0x113b870) at src/core/ngx_conf_file.c:244
#15 0x0000000000419de4 in ngx_init_cycle (old_cycle=0x1137700) at src/core/ngx_cycle.c:268
#16 0x0000000000433faa in ngx_master_process_cycle (cycle=0x1137700) at src/os/unix/ngx_process_cycle.c:241
#17 0x0000000000403e36 in main (argc=1, argv=0x7ffff82ed9b8) at src/core/nginx.c:410

in read_string_inner , execute 'p=fgets(result,maxsize,tty_in);' failed. But i don't know why.

(gdb) p result
$148 = '\000' <repeats 7768 times>, "\001", '\000' <repeats 15 times>, "p", '\000' <repeats 31 times>, "\005\000\000\000\061\000\000\000[\000\000\000|\000\000\000\200\316\0
71\272=\000\000\000 \242.\370\377\177\000\000 \000\000\000\000\000\000\000\260\331.\370\377\177", '\000' <repeats 18 times>"\215, \224\a\272=\000\000\000\374\232P\000\000\0
00\000\000 \242.\370\377\177\000\000\200\067@\000\000\000\000\000\037\233P\000\000\000\000\000\200\067@\000\000\000\000\000\037\233P\000\177\000\000\000\211\ff\000\000\000\
000\000 \000\000\000\000\000\000\000p\242.\370\377\177\000\000\234\241P\000\000\000\000\000\200\242.\370\377\177\000\000\234\241P\000\177\000\000\000\211\ff\000\000\000\000
\000\002\000\000\000 \000\000\000-\365g\000\000\000\000\000\000\177\026\001\000\000\000\000\310U\021\001\000\000\000\000'\205f\000\000\000\000\000"...
(gdb) p maxsize
$149 = 8191
(gdb) p *tty_in
$150 = {_flags = -72540008, _IO_read_ptr = 0x7f9b55630000 "", _IO_read_end = 0x7f9b55630000 "", _IO_read_base = 0x7f9b55630000 "", _IO_write_base = 0x7f9b55630000 "", _IO_w
rite_ptr = 0x7f9b55630000 "", _IO_write_end = 0x7f9b55630000 "", _IO_buf_base = 0x7f9b55630000 "", _IO_buf_end = 0x7f9b55631000 "-----BEGIN RSA PRIVATE KEY-----\nProc-Type:
4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,075AB77C254C621E\n\nAzn0ICjOi35gdOSxhaxuD/0KDpTXeYjCDyAcaHE0iFVCeprpmKzTVLf70yPG8ThE\nbImBXM/T5ImcJ9myo5aIhZvIKyUVzkvRfaKqQZp"..., _IO_
save_base = 0x0, _IO_backup_base = 0x0, _IO_save_end = 0x0, _markers = 0x0, _chain = 0x0, _fileno = 0, _flags2 = 0, _old_offset = -1, _cur_column = 0, _vtable_offset = 0 '\
000', _shortbuf = "", _lock = 0x3dba39ce00, _offset = -1, __pad1 = 0x0, __pad2 = 0x3dba39b960, __pad3 = 0x0, __pad4 = 0x0, __pad5 = 0, _mode = -1, _unused2 = '\000' <repeat
s 19 times>}


I expect someone can give me some suggests. Thanks!
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 199
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready