Resolves: #2006420 - Broken loading certificates from hardware token (PKCS#11)
This commit is contained in:
parent
0b6d4f6992
commit
1365117847
41
0005-Init-openssl-engine-properly.patch
Normal file
41
0005-Init-openssl-engine-properly.patch
Normal file
@ -0,0 +1,41 @@
|
||||
From a769a35a6197c76390e1dd8f5054d426fbbbda05 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
|
||||
Date: Wed, 22 Sep 2021 16:12:58 +0200
|
||||
Subject: [PATCH] Init openssl engine properly
|
||||
|
||||
---
|
||||
src/event/ngx_event_openssl.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
|
||||
index 270b200..f813458 100644
|
||||
--- a/src/event/ngx_event_openssl.c
|
||||
+++ b/src/event/ngx_event_openssl.c
|
||||
@@ -798,16 +798,24 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+ if (!ENGINE_init(engine)) {
|
||||
+ *err = "ENGINE_init() failed";
|
||||
+ ENGINE_free(engine);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
*last++ = ':';
|
||||
|
||||
pkey = ENGINE_load_private_key(engine, (char *) last, 0, 0);
|
||||
|
||||
if (pkey == NULL) {
|
||||
*err = "ENGINE_load_private_key() failed";
|
||||
+ ENGINE_finish(engine);
|
||||
ENGINE_free(engine);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+ ENGINE_finish(engine);
|
||||
ENGINE_free(engine);
|
||||
|
||||
return pkey;
|
||||
--
|
||||
2.31.1
|
||||
|
@ -41,7 +41,7 @@
|
||||
Name: nginx
|
||||
Epoch: 1
|
||||
Version: 1.20.1
|
||||
Release: 6%{?dist}
|
||||
Release: 7%{?dist}
|
||||
|
||||
Summary: A high performance web server and reverse proxy server
|
||||
# BSD License (two clause)
|
||||
@ -82,6 +82,9 @@ Patch2: 0003-Support-loading-cert-hardware-token-PKC.patch
|
||||
# downstream patch for RHEL - https://bugzilla.redhat.com/show_bug.cgi?id=2006822
|
||||
Patch3: 0004-Set-proper-compiler-optimalization-level-O2-for-perl.patch
|
||||
|
||||
# downstream patch for RHEL - https://bugzilla.redhat.com/show_bug.cgi?id=2006420
|
||||
Patch4: 0005-Init-openssl-engine-properly.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc
|
||||
BuildRequires: gnupg2
|
||||
@ -581,6 +584,9 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Sep 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-7
|
||||
- Resolves: #2006420 - Broken loading certificates from hardware token (PKCS#11)
|
||||
|
||||
* Wed Sep 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-6
|
||||
- Resolves: #2006822 - Hardening tests fail for nginx
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user