static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,
unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx,
HMAC_CTX *hctx, int enc);
+static void ngx_ssl_session_ticket_keys_cleanup(void *data);
#endif
#ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
ngx_uint_t i;
ngx_array_t *keys;
ngx_file_info_t fi;
+ ngx_pool_cleanup_t *cln;
ngx_ssl_session_ticket_key_t *key;
if (paths == NULL) {
return NGX_ERROR;
}
+ cln = ngx_pool_cleanup_add(cf->pool, 0);
+ if (cln == NULL) {
+ return NGX_ERROR;
+ }
+
+ cln->handler = ngx_ssl_session_ticket_keys_cleanup;
+ cln->data = keys;
+
path = paths->elts;
for (i = 0; i < paths->nelts; i++) {
ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno,
ngx_close_file_n " \"%V\" failed", &file.name);
}
+
+ ngx_explicit_memzero(&buf, 80);
}
if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_session_ticket_keys_index, keys)
ngx_close_file_n " \"%V\" failed", &file.name);
}
+ ngx_explicit_memzero(&buf, 80);
+
return NGX_ERROR;
}
}
}
+
+static void
+ngx_ssl_session_ticket_keys_cleanup(void *data)
+{
+ ngx_array_t *keys = data;
+
+ ngx_explicit_memzero(keys->elts,
+ keys->nelts * sizeof(ngx_ssl_session_ticket_key_t));
+}
+
#else
ngx_int_t
projects / nginx.git / commitdiff