SSL: passwords support for dynamic certificate loading.

Passwords have to be copied to the configuration pool to be used at runtime. Also, to prevent blocking on stdin (with "daemon off;") an empty password list is provided. To make things simpler, password handling was modified to allow an empty array (with 0 elements and elts set to NULL) as an equivalent of an array with 1 empty password.
author: Maxim Dounin <mdounin@mdounin.ru> 2019-02-25 16:42:23 +0300
committer: Maxim Dounin <mdounin@mdounin.ru> 2019-02-25 16:42:23 +0300
commit: 8772a0e0892e632c37f3b92b1d287ed9b473cb13 (patch)
tree: 7f5c5a9db242028cee1f99abafe261c6bcc79a31 /src/http/ngx_http_request.c
parent: 6e5a731edb6c1b8581c4b6fd2a2bf4ec0e768c24 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 4e14d3b10..81d546a86 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -995,7 +995,8 @@ ngx_http_ssl_certificate(ngx_ssl_conn_t *ssl_conn, void *arg)
         ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
                        "ssl key: \"%s\"", key.data);
 
-        if (ngx_ssl_connection_certificate(c, r->pool, &cert, &key, NULL)
+        if (ngx_ssl_connection_certificate(c, r->pool, &cert, &key,
+                                           sscf->passwords)
             != NGX_OK)
         {
             goto failed;
author	Maxim Dounin <mdounin@mdounin.ru>	2019-02-25 16:42:23 +0300
committer	Maxim Dounin <mdounin@mdounin.ru>	2019-02-25 16:42:23 +0300
commit	8772a0e0892e632c37f3b92b1d287ed9b473cb13 (patch)
tree	7f5c5a9db242028cee1f99abafe261c6bcc79a31 /src/http/ngx_http_request.c
parent	6e5a731edb6c1b8581c4b6fd2a2bf4ec0e768c24 (diff)