SSL: loading certificate keys via ENGINE_load_private_key().

author: Dmitrii Pichulin <unknown> 2014-08-04 11:03:20 +0400
committer: Dmitrii Pichulin <unknown> 2014-08-04 11:03:20 +0400
commit: cf5013dd3fb2531ca465cae7481ddc4cc16e56c5 (patch)
tree: d81e5d8fb54f3af7919b239357542cbf6039375c /src
parent: 811281ec362cbde44fced67819f1607baeb75be3 (diff)
download: nginx-cf5013dd3fb2531ca465cae7481ddc4cc16e56c5.tar.gz
nginx-cf5013dd3fb2531ca465cae7481ddc4cc16e56c5.zip
1 files changed, 61 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index ab54d88c4..20f9eea66 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -376,6 +376,67 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
 
     BIO_free(bio);
 
+    if (ngx_strncmp(key->data, "engine:", sizeof("engine:") - 1) == 0) {
+
+#ifndef OPENSSL_NO_ENGINE
+
+        u_char      *p, *last;
+        ENGINE      *engine;
+        EVP_PKEY    *pkey;
+
+        p = key->data + sizeof("engine:") - 1;
+        last = (u_char *) ngx_strchr(p, ':');
+
+        if (last == NULL) {
+            ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                               "invalid syntax in \"%V\"", key);
+            return NGX_ERROR;
+        }
+
+        *last = '\0';
+
+        engine = ENGINE_by_id((char *) p);
+
+        if (engine == NULL) {
+            ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+                          "ENGINE_by_id(\"%s\") failed", p);
+            return NGX_ERROR;
+        }
+
+        *last++ = ':';
+
+        pkey = ENGINE_load_private_key(engine, (char *) last, 0, 0);
+
+        if (pkey == NULL) {
+            ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+                          "ENGINE_load_private_key(\"%s\") failed", last);
+            ENGINE_free(engine);
+            return NGX_ERROR;
+        }
+
+        ENGINE_free(engine);
+
+        if (SSL_CTX_use_PrivateKey(ssl->ctx, pkey) == 0) {
+            ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+                          "SSL_CTX_use_PrivateKey(\"%s\") failed", last);
+            EVP_PKEY_free(pkey);
+            return NGX_ERROR;
+        }
+
+        EVP_PKEY_free(pkey);
+
+        return NGX_OK;
+
+#else
+
+        ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                           "loading \"engine:...\" certificate keys "
+                           "is not supported");
+        return NGX_ERROR;
+
+#endif
+    }
+
     if (ngx_conf_full_name(cf->cycle, key, 1) != NGX_OK) {
         return NGX_ERROR;
     }
author	Dmitrii Pichulin <unknown>	2014-08-04 11:03:20 +0400
committer	Dmitrii Pichulin <unknown>	2014-08-04 11:03:20 +0400
commit	cf5013dd3fb2531ca465cae7481ddc4cc16e56c5 (patch)
tree	d81e5d8fb54f3af7919b239357542cbf6039375c /src
parent	811281ec362cbde44fced67819f1607baeb75be3 (diff)
download	nginx-cf5013dd3fb2531ca465cae7481ddc4cc16e56c5.tar.gz nginx-cf5013dd3fb2531ca465cae7481ddc4cc16e56c5.zip