id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,uname,nginx_version 560,ECDSA server certificate,Eugeny G.,,"I tested ECDSA certificates with nginx and found it crashes {{{ #0 0x00007fe08432f980 in EC_POINT_cmp () from /lib64/libcrypto.so.10 #1 0x00007fe08433877c in eckey_pub_cmp () from /lib64/libcrypto.so.10 #2 0x00007fe0843937a1 in X509_check_private_key () from /lib64/libcrypto.so.10 #3 0x00007fe0846ab560 in ssl_set_pkey () from /lib64/libssl.so.10 #4 0x00007fe0846ac5e6 in SSL_CTX_use_PrivateKey_file () from /lib64/libssl.so.10 #5 0x00007fe0851eed42 in ngx_ssl_certificate (cf=cf@entry=0x7fffaf0d4960, ssl=ssl@entry=0x7fe085cb9f98, cert=cert@entry=0x7fe085cb9fd8, key=key@entry=0x7fe085cb9fe8) at src/event/ngx_event_openssl.c:326 #6 0x00007fe0852420dd in ngx_http_ssl_merge_srv_conf (cf=0x7fffaf0d4960, parent=0x7fe085c94898, child=0x7fe085cb9f90) at src/http/modules/ngx_http_ssl_module.c:550 #7 0x00007fe0851f4dd4 in ngx_http_merge_servers (cmcf=0x7fe085c93d30, cmcf=0x7fe085c93d30, ctx_index=21, module=0x7fe0854a0900 , cf=0x7fffaf0d4960) at src/http/ngx_http.c:584 #8 ngx_http_block (cf=0x7fffaf0d4960, cmd=, conf=) at src/http/ngx_http.c:270 #9 0x00007fe0851dac50 in ngx_conf_handler (last=1, cf=0x7fffaf0d4960) at src/core/ngx_conf_file.c:387 #10 ngx_conf_parse (cf=cf@entry=0x7fffaf0d4960, filename=filename@entry=0x7fe085c924e0) at src/core/ngx_conf_file.c:243 #11 0x00007fe0851d8314 in ngx_init_cycle (old_cycle=old_cycle@entry=0x7fffaf0d4b20) at src/core/ngx_cycle.c:268 #12 0x00007fe0851c99fb in main (argc=, argv=) at src/core/nginx.c:333 }}} SSL settings: {{{ server { listen *:443; server_name fms.nginx.local; ssl on; ssl_client_certificate ""ssl/ca.crt""; ssl_certificate ""ssl/web.crt""; ssl_certificate_key ssl/web.key""; ssl_verify_client on; ... } }}}",defect,closed,minor,,nginx-core,1.4.x,invalid,,,Linux fedorax64 3.13.9-200.fc20.x86_64 #1 SMP Fri Apr 4 12:13:05 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux,"nginx version: nginx/1.4.7 built by gcc 4.8.2 20131212 (Red Hat 4.8.2-7) (GCC) TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http- client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_sp dy_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_geoip_module --with-http_sub_module --with-http_dav_module --with-ht tp_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_ stub_status_module --with-http_perl_module --with-mail --with-mail_ssl_module --with-pcre --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexcept ions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat /redhat-hardened-ld -Wl,-E'"