SSL: fixed possible configuration overwrite loading "engine:" keys.

When loading certificate keys via ENGINE_load_private_key() in runtime,
it was possible to overwrite configuration on ENGINE_by_id() failure.
OpenSSL documention doesn't describe errors in details, the only reason
I found in the comment to example is when the engine is not available.

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 89f277fe56ae64be2e11c5207a292a0d4c28678f..8d1f5695cbd529fee2021d7af366800371057df3 100644 (file)
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -764,13 +764,13 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
 
         engine = ENGINE_by_id((char *) p);
 
+        *last++ = ':';
+
         if (engine == NULL) {
             *err = "ENGINE_by_id() failed";
             return NULL;
         }
 
-        *last++ = ':';
-
         pkey = ENGINE_load_private_key(engine, (char *) last, 0, 0);
 
         if (pkey == NULL) {