Resolves: #2006420 - Broken loading certificates from hardware token (PKCS#11)

This commit is contained in:
Luboš Uhliarik 2021-09-22 16:37:10 +02:00
parent 0b6d4f6992
commit 1365117847
2 changed files with 48 additions and 1 deletions

View File

@ -0,0 +1,41 @@
From a769a35a6197c76390e1dd8f5054d426fbbbda05 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Wed, 22 Sep 2021 16:12:58 +0200
Subject: [PATCH] Init openssl engine properly
---
src/event/ngx_event_openssl.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 270b200..f813458 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -798,16 +798,24 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
return NULL;
}
+ if (!ENGINE_init(engine)) {
+ *err = "ENGINE_init() failed";
+ ENGINE_free(engine);
+ return NULL;
+ }
+
*last++ = ':';
pkey = ENGINE_load_private_key(engine, (char *) last, 0, 0);
if (pkey == NULL) {
*err = "ENGINE_load_private_key() failed";
+ ENGINE_finish(engine);
ENGINE_free(engine);
return NULL;
}
+ ENGINE_finish(engine);
ENGINE_free(engine);
return pkey;
--
2.31.1

View File

@ -41,7 +41,7 @@
Name: nginx Name: nginx
Epoch: 1 Epoch: 1
Version: 1.20.1 Version: 1.20.1
Release: 6%{?dist} Release: 7%{?dist}
Summary: A high performance web server and reverse proxy server Summary: A high performance web server and reverse proxy server
# BSD License (two clause) # BSD License (two clause)
@ -82,6 +82,9 @@ Patch2: 0003-Support-loading-cert-hardware-token-PKC.patch
# downstream patch for RHEL - https://bugzilla.redhat.com/show_bug.cgi?id=2006822 # downstream patch for RHEL - https://bugzilla.redhat.com/show_bug.cgi?id=2006822
Patch3: 0004-Set-proper-compiler-optimalization-level-O2-for-perl.patch Patch3: 0004-Set-proper-compiler-optimalization-level-O2-for-perl.patch
# downstream patch for RHEL - https://bugzilla.redhat.com/show_bug.cgi?id=2006420
Patch4: 0005-Init-openssl-engine-properly.patch
BuildRequires: make BuildRequires: make
BuildRequires: gcc BuildRequires: gcc
BuildRequires: gnupg2 BuildRequires: gnupg2
@ -581,6 +584,9 @@ fi
%changelog %changelog
* Wed Sep 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-7
- Resolves: #2006420 - Broken loading certificates from hardware token (PKCS#11)
* Wed Sep 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-6 * Wed Sep 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-6
- Resolves: #2006822 - Hardening tests fail for nginx - Resolves: #2006822 - Hardening tests fail for nginx