Welcome! Log In Create A New Profile

Advanced

Fwd: Checking cert+key bundle

Previous Message Next Message
Forum List Message List New Topic Print View
Иван Григорьев
March 27, 2024 10:24AM
Hello.

I discovered an unusual behavior (imho) - if you “mix” cryptographic
algorithms (ECDSA certificate, RSA key or vice versa), then nginx doesn't
report a problem when reloading and applies the configuration (there are no
errors when executing nginx -t either).

Is this expected behavior or does it look like a bug?

I checked it on different versions and OS, but just in case:





*snake@carbon:~$ nginx -Vnginx version: nginx/1.24.0built by gcc 10.2.1
20210110 (Debian 10.2.1-6) built with OpenSSL 1.1.1n 15 Mar 2022 (running
with OpenSSL 1.1.1f 31 Mar 2020)TLS SNI support enabledconfigure
arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx
--modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid
--lock-path=/var/run/nginx.lock
--http-client-body-temp-path=/var/cache/nginx/client_temp
--http-proxy-temp-path=/var/cache/nginx/proxy_temp
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
--http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx
--with-compat --with-file-aio --with-threads --with-http_addition_module
--with-http_auth_request_module --with-http_dav_module
--with-http_flv_module --with-http_gunzip_module
--with-http_gzip_static_module --with-http_mp4_module
--with-http_random_index_module --with-http_realip_module
--with-http_secure_link_module --with-http_slice_module
--with-http_ssl_module --with-http_stub_status_module
--with-http_sub_module --with-http_v2_module --with-mail
--with-mail_ssl_module --with-stream --with-stream_realip_module
--with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g
-O2
-ffile-prefix-map=/data/builder/debuild/nginx-1.24.0/debian/debuild-base/nginx-1.24.0=.
-fstack-protector-strong -Wformat -Werror=format-security
-Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now
-Wl,--as-needed -pie'*
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Fwd: Checking cert+key bundle

Иван Григорьев March 27, 2024 10:24AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 189
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready