Certain providers may attempt to reload the key on the first use after a
fork. Such attempt would require re-prompting the pin, and this time we
are not able to pass the password callback.
While it is addressable with configuration for a specific provider, it would
be prudent to ensure that no such prompts could block worker processes by
setting the default UI method.
UI_null() first appeared in 1.1.1 along with the OSSL_STORE, so it is safe
to assume the same set of guards.
static void ngx_ssl_cache_node_free(ngx_rbtree_t *rbtree,
ngx_ssl_cache_node_t *cn);
+static ngx_int_t ngx_openssl_cache_init_worker(ngx_cycle_t *cycle);
+
static ngx_command_t ngx_openssl_cache_commands[] = {
NGX_CORE_MODULE, /* module type */
NULL, /* init master */
NULL, /* init module */
- NULL, /* init process */
+ ngx_openssl_cache_init_worker, /* init process */
NULL, /* init thread */
NULL, /* exit thread */
NULL, /* exit process */
node->right = sentinel;
ngx_rbt_red(node);
}
+
+
+static ngx_int_t
+ngx_openssl_cache_init_worker(ngx_cycle_t *cycle)
+{
+#ifdef ERR_R_OSSL_STORE_LIB
+
+ if (ngx_process != NGX_PROCESS_WORKER) {
+ return NGX_OK;
+ }
+
+ UI_set_default_method(UI_null());
+
+#endif
+
+ return NGX_OK;
+}
projects / nginx.git / commitdiff