From 8772a0e0892e632c37f3b92b1d287ed9b473cb13 Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Mon, 25 Feb 2019 16:42:23 +0300 Subject: SSL: passwords support for dynamic certificate loading. Passwords have to be copied to the configuration pool to be used at runtime. Also, to prevent blocking on stdin (with "daemon off;") an empty password list is provided. To make things simpler, password handling was modified to allow an empty array (with 0 elements and elts set to NULL) as an equivalent of an array with 1 empty password. --- src/http/ngx_http_request.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/http/ngx_http_request.c') diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index 4e14d3b10..81d546a86 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -995,7 +995,8 @@ ngx_http_ssl_certificate(ngx_ssl_conn_t *ssl_conn, void *arg) ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "ssl key: \"%s\"", key.data); - if (ngx_ssl_connection_certificate(c, r->pool, &cert, &key, NULL) + if (ngx_ssl_connection_certificate(c, r->pool, &cert, &key, + sscf->passwords) != NGX_OK) { goto failed; -- cgit v1.2.3