Hey Sergey, > diff -r 973fded4f461 -r 8c59ef63e7c0 src/event/ngx_event_openssl.h > --- a/src/event/ngx_event_openssl.h Wed Oct 15 22:57:23 2014 +0400 > +++ b/src/event/ngx_event_openssl.h Mon Oct 27 13:19:01 2014 +0300 > @@ -22,6 +22,7 @@ > #include <openssl/engine.h> > #endif > #include <openssl/evp.h> > +#include <openssl/pkcs12.h> > #ifndef OPENSSL_NO_OCSP > #include <openssl/ocsp.h> > #endif
This should be added after ocsp.h, ideally guarded for OpenSSL only, i.e.: +#ifndef OPENSSL_IS_BORINGSSL +#include <openssl/pkcs12.h> +#endif I've looked into BoringSSL and it supports PKCS#8 private keys with encrypted with PKCS#12 compatible algorithms even now, without any changes in nginx, because it reports bad passwords using the same error code as for traditional private keys (i.e. CIPHER_R_BAD_DECRYPT). Best regards, Piotr Sikora _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
