On Oct 24, 2014, at 3:29 PM, Piotr Sikora <piotr@cloudflare.com> wrote:
> # HG changeset patch
> # User Piotr Sikora <piotr@cloudflare.com>
> # Date 1414150080 25200
> # Fri Oct 24 04:28:00 2014 -0700
> # Node ID f71b843694fc2be7eabb9313aa82fb87e83210d6
> # Parent 973fded4f461f3a397779b3a1dc80881b1b34974
> SSL: make ssl_password_file work with recent OpenSSL releases.

I updated the patch to cover the pem file in PKCS#8 format
that is matched with PEM_STRING_PKCS8.

diff -r 973fded4f461 -r 8c59ef63e7c0 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Wed Oct 15 22:57:23 2014 +0400
+++ b/src/event/ngx_event_openssl.c Mon Oct 27 13:19:01 2014 +0300
@@ -410,8 +410,12 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_
if (ERR_GET_LIB(n) == ERR_LIB_CIPHER
&& ERR_GET_REASON(n) == CIPHER_R_BAD_DECRYPT)
#else
- if (ERR_GET_LIB(n) == ERR_LIB_EVP
- && ERR_GET_REASON(n) == EVP_R_BAD_DECRYPT)
+ if ((ERR_GET_LIB(n) == ERR_LIB_PEM
+ && ERR_GET_REASON(n) == PEM_R_BAD_DECRYPT)
+ || (ERR_GET_LIB(n) == ERR_LIB_EVP
+ && ERR_GET_REASON(n) == EVP_R_BAD_DECRYPT)
+ || (ERR_GET_LIB(n) == ERR_LIB_PKCS12
+ && ERR_GET_REASON(n) == PKCS12_R_PKCS12_CIPHERFINAL_ERROR))
#endif
{
ERR_clear_error();
diff -r 973fded4f461 -r 8c59ef63e7c0 src/event/ngx_event_openssl.h
--- a/src/event/ngx_event_openssl.h Wed Oct 15 22:57:23 2014 +0400
+++ b/src/event/ngx_event_openssl.h Mon Oct 27 13:19:01 2014 +0300
@@ -22,6 +22,7 @@
#include <openssl/engine.h>
#endif
#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
#ifndef OPENSSL_NO_OCSP
#include <openssl/ocsp.h>
#endif


--
Sergey Kandaurov

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel