#610 closed defect (wontfix)
SSL parser bug while parsing SSL key/pem/crt file with BOM in windows system version
| Reported by: | 家靖 陆 | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | 1.6.2 |
| Component: | nginx-module | Version: | 1.6.x |
| Keywords: | ssl bom | Cc: | |
| uname -a: | windows 7 X86_64 | ||
| nginx -V: |
nginx version: nginx/1.6.0
TLS SNI support enabled configure arguments: --with-cc=cl --builddir=objs.msvc8 --with-debug --prefix= - -conf-path=conf/nginx.conf --pid-path=logs/nginx.pid --http-log-path=logs/access .log --error-log-path=logs/error.log --sbin-path=nginx.exe --http-client-body-te mp-path=temp/client_body_temp --http-proxy-temp-path=temp/proxy_temp --http-fast cgi-temp-path=temp/fastcgi_temp --http-scgi-temp-path=temp/scgi_temp --http-uwsg i-temp-path=temp/uwsgi_temp --with-cc-opt=-DFD_SETSIZE=1024 --with-pcre=objs.msv c8/lib/pcre-8.34 --with-zlib=objs.msvc8/lib/zlib-1.2.8 --with-select_module --wi th-http_realip_module --with-http_addition_module --with-http_sub_module --with- http_dav_module --with-http_stub_status_module --with-http_flv_module --with-htt p_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-htt p_auth_request_module --with-http_random_index_module --with-http_secure_link_mo dule --with-mail --with-openssl=objs.msvc8/lib/openssl-1.0.1h --with-openssl-opt =enable-tlsext --with-http_ssl_module --with-mail_ssl_module --with-ipv6 |
||
Description
Hi:
When the nginx parsing ssl key/pem/crt file -- if these files are started with BOM which is an ordinary situation in windows-- nginx is unable to parse the ssl key header such as:
-----BEGIN CERTIFICATE-----
and throw the Bug:
nginx: [emerg] SSL_CTX_use_PrivateKey_file("D:/DevTools/nginx-1.6.0/conf/server.
key") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expect
ing: ANY PRIVATE KEY error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
lib)
After converting the charset to UTF-8 without BOM , it has passed...
so i think someone would better add trim function to filter the BOM(such as regExp \uFEFF), so we can easily use the ssl module..
this type of bug may not be easily found and debug
Change History (2)
comment:1 by , 10 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
comment:2 by , 8 years ago
| sensitive: | 1 → 0 |
|---|
Note:
See TracTickets
for help on using tickets.
Yes, it's a known problem that some editors on Windows try to add BOM and this breaks various things. Unfortunately, we can't do anything with this. You may want to avoid using such editors on important files.
Note well that certificates and keys are read using the OpenSSL library, and they must be in the PEM format. The format syntax only allows 7-bit ASCII, so BOM is clearly illegal there. You may try to convince OpenSSL developers to ignore BOMs, but I doubt you'll succeed.