From 8772a0e0892e632c37f3b92b1d287ed9b473cb13 Mon Sep 17 00:00:00 2001
From: Maxim Dounin <mdounin@mdounin.ru>
Date: Mon, 25 Feb 2019 16:42:23 +0300
Subject: SSL: passwords support for dynamic certificate loading.

Passwords have to be copied to the configuration pool to be used
at runtime.  Also, to prevent blocking on stdin (with "daemon off;")
an empty password list is provided.

To make things simpler, password handling was modified to allow
an empty array (with 0 elements and elts set to NULL) as an equivalent
of an array with 1 empty password.
---
 src/http/modules/ngx_http_ssl_module.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/http/modules')

diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index 759762c5a..3134f0ec8 100644
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -935,6 +935,11 @@ found:
         }
     }
 
+    conf->passwords = ngx_ssl_preserve_passwords(cf, conf->passwords);
+    if (conf->passwords == NULL) {
+        return NGX_ERROR;
+    }
+
     return NGX_OK;
 }
 
-- 
cgit