# HG changeset patch
# User Maxim Dounin <mdou...@mdounin.ru>
# Date 1746113755 -10800
# Thu May 01 18:35:55 2025 +0300
# Node ID 756db4ac033c5dea1a3c6478e0701115164a8c34
# Parent 6d64b685bc7fbee88e31ce54a151de0deeaabdde
Stream: fixed passwords usage for certificates with variables.
Missed in 9343:4f20c52c5f1b. Passwords not preserved for run time could
happen to be used at run time if there are multiple server{} blocks all
using the same SSL configuration inherited from the stream{} block.
diff --git a/src/stream/ngx_stream_proxy_module.c
b/src/stream/ngx_stream_proxy_module.c
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -2261,6 +2261,19 @@ ngx_stream_proxy_set_ssl(ngx_conf_t *cf,
ngx_pool_cleanup_t *cln;
if (pscf->ssl->ctx) {
+
+ if (pscf->ssl_certificate
+ && pscf->ssl_certificate->value.len
+ && (pscf->ssl_certificate->lengths
+ || pscf->ssl_certificate_key->lengths))
+ {
+ pscf->ssl_passwords =
+ ngx_ssl_preserve_passwords(cf, pscf->ssl_passwords);
+ if (pscf->ssl_passwords == NULL) {
+ return NGX_ERROR;
+ }
+ }
+
return NGX_OK;
}
