Resolves: #2006420 - Broken loading certificates from hardware token (PKCS#11)
This commit is contained in:
parent
0b6d4f6992
commit
1365117847
41
0005-Init-openssl-engine-properly.patch
Normal file
41
0005-Init-openssl-engine-properly.patch
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
From a769a35a6197c76390e1dd8f5054d426fbbbda05 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
|
||||||
|
Date: Wed, 22 Sep 2021 16:12:58 +0200
|
||||||
|
Subject: [PATCH] Init openssl engine properly
|
||||||
|
|
||||||
|
---
|
||||||
|
src/event/ngx_event_openssl.c | 8 ++++++++
|
||||||
|
1 file changed, 8 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
|
||||||
|
index 270b200..f813458 100644
|
||||||
|
--- a/src/event/ngx_event_openssl.c
|
||||||
|
+++ b/src/event/ngx_event_openssl.c
|
||||||
|
@@ -798,16 +798,24 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (!ENGINE_init(engine)) {
|
||||||
|
+ *err = "ENGINE_init() failed";
|
||||||
|
+ ENGINE_free(engine);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
*last++ = ':';
|
||||||
|
|
||||||
|
pkey = ENGINE_load_private_key(engine, (char *) last, 0, 0);
|
||||||
|
|
||||||
|
if (pkey == NULL) {
|
||||||
|
*err = "ENGINE_load_private_key() failed";
|
||||||
|
+ ENGINE_finish(engine);
|
||||||
|
ENGINE_free(engine);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ ENGINE_finish(engine);
|
||||||
|
ENGINE_free(engine);
|
||||||
|
|
||||||
|
return pkey;
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -41,7 +41,7 @@
|
|||||||
Name: nginx
|
Name: nginx
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 1.20.1
|
Version: 1.20.1
|
||||||
Release: 6%{?dist}
|
Release: 7%{?dist}
|
||||||
|
|
||||||
Summary: A high performance web server and reverse proxy server
|
Summary: A high performance web server and reverse proxy server
|
||||||
# BSD License (two clause)
|
# BSD License (two clause)
|
||||||
@ -82,6 +82,9 @@ Patch2: 0003-Support-loading-cert-hardware-token-PKC.patch
|
|||||||
# downstream patch for RHEL - https://bugzilla.redhat.com/show_bug.cgi?id=2006822
|
# downstream patch for RHEL - https://bugzilla.redhat.com/show_bug.cgi?id=2006822
|
||||||
Patch3: 0004-Set-proper-compiler-optimalization-level-O2-for-perl.patch
|
Patch3: 0004-Set-proper-compiler-optimalization-level-O2-for-perl.patch
|
||||||
|
|
||||||
|
# downstream patch for RHEL - https://bugzilla.redhat.com/show_bug.cgi?id=2006420
|
||||||
|
Patch4: 0005-Init-openssl-engine-properly.patch
|
||||||
|
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: gnupg2
|
BuildRequires: gnupg2
|
||||||
@ -581,6 +584,9 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Sep 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-7
|
||||||
|
- Resolves: #2006420 - Broken loading certificates from hardware token (PKCS#11)
|
||||||
|
|
||||||
* Wed Sep 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-6
|
* Wed Sep 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-6
|
||||||
- Resolves: #2006822 - Hardening tests fail for nginx
|
- Resolves: #2006822 - Hardening tests fail for nginx
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user