details: http://freenginx.org/hg/nginx/rev/9e3487fd18c8
branches:
changeset: 9352:9e3487fd18c8
user: Maxim Dounin <mdou...@mdounin.ru>
date: Thu May 08 17:44:47 2025 +0300
description:
Stream: fixed passwords usage for certificates with variables.
Missed in 9343:4f20c52c5f1b. Passwords not preserved for run time could
happen to be used at run time if there are multiple server{} blocks all
using the same SSL configuration inherited from the stream{} block.
diffstat:
src/stream/ngx_stream_proxy_module.c | 13 +++++++++++++
1 files changed, 13 insertions(+), 0 deletions(-)
diffs (23 lines):
diff --git a/src/stream/ngx_stream_proxy_module.c
b/src/stream/ngx_stream_proxy_module.c
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -2261,6 +2261,19 @@ ngx_stream_proxy_set_ssl(ngx_conf_t *cf,
ngx_pool_cleanup_t *cln;
if (pscf->ssl->ctx) {
+
+ if (pscf->ssl_certificate
+ && pscf->ssl_certificate->value.len
+ && (pscf->ssl_certificate->lengths
+ || pscf->ssl_certificate_key->lengths))
+ {
+ pscf->ssl_passwords =
+ ngx_ssl_preserve_passwords(cf, pscf->ssl_passwords);
+ if (pscf->ssl_passwords == NULL) {
+ return NGX_ERROR;
+ }
+ }
+
return NGX_OK;
}
