From bfc26e82997aa86460eedd182abc1a3814d5d107 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 14 Feb 2016 20:59:10 +0900
Subject: [PATCH 01/15] nghttpx: Use ImmutableString to store memcached server
 host

---
 src/shrpx.cc                | 16 ++++++++--------
 src/shrpx_config.cc         |  4 ++--
 src/shrpx_config.h          |  8 ++++++--
 src/shrpx_ssl.cc            |  2 +-
 src/shrpx_worker.cc         |  4 ++--
 src/shrpx_worker_process.cc |  4 ++--
 6 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/src/shrpx.cc b/src/shrpx.cc
index ee05263b..33272f97 100644
--- a/src/shrpx.cc
+++ b/src/shrpx.cc
@@ -2220,10 +2220,10 @@ void process_options(
 
   {
     auto &memcachedconf = tlsconf.session_cache.memcached;
-    if (memcachedconf.host) {
-      auto hostport =
-          util::make_hostport(memcachedconf.host.get(), memcachedconf.port);
-      if (resolve_hostname(&memcachedconf.addr, memcachedconf.host.get(),
+    if (!memcachedconf.host.empty()) {
+      auto hostport = util::make_hostport(StringRef{memcachedconf.host},
+                                          memcachedconf.port);
+      if (resolve_hostname(&memcachedconf.addr, memcachedconf.host.c_str(),
                            memcachedconf.port, memcachedconf.family) == -1) {
         LOG(FATAL)
             << "Resolving memcached address for TLS session cache failed: "
@@ -2238,10 +2238,10 @@ void process_options(
 
   {
     auto &memcachedconf = tlsconf.ticket.memcached;
-    if (memcachedconf.host) {
-      auto hostport =
-          util::make_hostport(memcachedconf.host.get(), memcachedconf.port);
-      if (resolve_hostname(&memcachedconf.addr, memcachedconf.host.get(),
+    if (!memcachedconf.host.empty()) {
+      auto hostport = util::make_hostport(StringRef{memcachedconf.host},
+                                          memcachedconf.port);
+      if (resolve_hostname(&memcachedconf.addr, memcachedconf.host.c_str(),
                            memcachedconf.port, memcachedconf.family) == -1) {
         LOG(FATAL) << "Resolving memcached address for TLS ticket key failed: "
                    << hostport;
diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc
index 5e6236c3..20d30c86 100644
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@@ -2154,7 +2154,7 @@ int parse_config(const char *opt, const char *optarg,
     }
 
     auto &memcachedconf = mod_config()->tls.session_cache.memcached;
-    memcachedconf.host = strcopy(host);
+    memcachedconf.host = host;
     memcachedconf.port = port;
 
     return 0;
@@ -2166,7 +2166,7 @@ int parse_config(const char *opt, const char *optarg,
     }
 
     auto &memcachedconf = mod_config()->tls.ticket.memcached;
-    memcachedconf.host = strcopy(host);
+    memcachedconf.host = host;
     memcachedconf.port = port;
 
     return 0;
diff --git a/src/shrpx_config.h b/src/shrpx_config.h
index b81f8e1d..e5a21241 100644
--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@@ -343,7 +343,9 @@ struct TLSConfig {
     struct {
       Address addr;
       uint16_t port;
-      std::unique_ptr<char[]> host;
+      // Hostname of memcached server.  This is also used as SNI field
+      // if TLS is enabled.
+      ImmutableString host;
       // Client private key and certificate for authentication
       ImmutableString private_key_file;
       ImmutableString cert_file;
@@ -370,7 +372,9 @@ struct TLSConfig {
     struct {
       Address addr;
       uint16_t port;
-      std::unique_ptr<char[]> host;
+      // Hostname of memcached server.  This is also used as SNI field
+      // if TLS is enabled.
+      ImmutableString host;
       // Client private key and certificate for authentication
       ImmutableString private_key_file;
       ImmutableString cert_file;
diff --git a/src/shrpx_ssl.cc b/src/shrpx_ssl.cc
index 5d8a2360..afbcbb15 100644
--- a/src/shrpx_ssl.cc
+++ b/src/shrpx_ssl.cc
@@ -485,7 +485,7 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
   SSL_CTX_set_session_id_context(ssl_ctx, sid_ctx, sizeof(sid_ctx) - 1);
   SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_SERVER);
 
-  if (tlsconf.session_cache.memcached.host) {
+  if (!tlsconf.session_cache.memcached.host.empty()) {
     SSL_CTX_sess_set_new_cb(ssl_ctx, tls_session_new_cb);
     SSL_CTX_sess_set_get_cb(ssl_ctx, tls_session_get_cb);
   }
diff --git a/src/shrpx_worker.cc b/src/shrpx_worker.cc
index e663eace..83cfff9b 100644
--- a/src/shrpx_worker.cc
+++ b/src/shrpx_worker.cc
@@ -91,11 +91,11 @@ Worker::Worker(struct ev_loop *loop, SSL_CTX *sv_ssl_ctx, SSL_CTX *cl_ssl_ctx,
 
   auto &session_cacheconf = get_config()->tls.session_cache;
 
-  if (session_cacheconf.memcached.host) {
+  if (!session_cacheconf.memcached.host.empty()) {
     session_cache_memcached_dispatcher_ = make_unique<MemcachedDispatcher>(
         &session_cacheconf.memcached.addr, loop,
         tls_session_cache_memcached_ssl_ctx,
-        session_cacheconf.memcached.host.get(), &mcpool_);
+        StringRef{session_cacheconf.memcached.host}, &mcpool_);
   }
 
   auto &downstreamconf = get_config()->conn.downstream;
diff --git a/src/shrpx_worker_process.cc b/src/shrpx_worker_process.cc
index 26863d82..f7dacc7c 100644
--- a/src/shrpx_worker_process.cc
+++ b/src/shrpx_worker_process.cc
@@ -427,7 +427,7 @@ int worker_process_event_loop(WorkerProcessConfig *wpconf) {
     auto &ticketconf = get_config()->tls.ticket;
     auto &memcachedconf = ticketconf.memcached;
 
-    if (ticketconf.memcached.host) {
+    if (!memcachedconf.host.empty()) {
       SSL_CTX *ssl_ctx = nullptr;
 
       if (memcachedconf.tls) {
@@ -437,7 +437,7 @@ int worker_process_event_loop(WorkerProcessConfig *wpconf) {
       conn_handler.set_tls_ticket_key_memcached_dispatcher(
           make_unique<MemcachedDispatcher>(
               &ticketconf.memcached.addr, loop, ssl_ctx,
-              StringRef(memcachedconf.host.get()), &mcpool));
+              StringRef{memcachedconf.host}, &mcpool));
 
       ev_timer_init(&renew_ticket_key_timer, memcached_get_ticket_key_cb, 0.,
                     0.);

From 660bc389e6f8276fe0b508f890f3e3ce4567fbd5 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 14 Feb 2016 21:01:54 +0900
Subject: [PATCH 02/15] nghttpx: Use ImmutableString for
 fetch_ocsp_response_file

---
 src/shrpx.cc                    | 11 +++++------
 src/shrpx_config.cc             |  2 +-
 src/shrpx_config.h              |  2 +-
 src/shrpx_connection_handler.cc |  3 ++-
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/shrpx.cc b/src/shrpx.cc
index 33272f97..44c4094e 100644
--- a/src/shrpx.cc
+++ b/src/shrpx.cc
@@ -1067,8 +1067,7 @@ void fill_default_config() {
     auto &ocspconf = tlsconf.ocsp;
     // ocsp update interval = 14400 secs = 4 hours, borrowed from h2o
     ocspconf.update_interval = 4_h;
-    ocspconf.fetch_ocsp_response_file =
-        strcopy(PKGDATADIR "/fetch-ocsp-response");
+    ocspconf.fetch_ocsp_response_file = PKGDATADIR "/fetch-ocsp-response";
   }
 
   {
@@ -1579,8 +1578,8 @@ SSL/TLS:
   --fetch-ocsp-response-file=<PATH>
               Path to  fetch-ocsp-response script file.  It  should be
               absolute path.
-              Default: )"
-      << get_config()->tls.ocsp.fetch_ocsp_response_file.get() << R"(
+              Default: )" << get_config()->tls.ocsp.fetch_ocsp_response_file
+      << R"(
   --ocsp-update-interval=<DURATION>
               Set interval to update OCSP response cache.
               Default: )"
@@ -2094,10 +2093,10 @@ void process_options(
 
   if (!upstreamconf.no_tls && !tlsconf.ocsp.disabled) {
     struct stat buf;
-    if (stat(tlsconf.ocsp.fetch_ocsp_response_file.get(), &buf) != 0) {
+    if (stat(tlsconf.ocsp.fetch_ocsp_response_file.c_str(), &buf) != 0) {
       tlsconf.ocsp.disabled = true;
       LOG(WARN) << "--fetch-ocsp-response-file: "
-                << tlsconf.ocsp.fetch_ocsp_response_file.get()
+                << tlsconf.ocsp.fetch_ocsp_response_file
                 << " not found.  OCSP stapling has been disabled.";
     }
   }
diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc
index 20d30c86..6afcc47b 100644
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@@ -2086,7 +2086,7 @@ int parse_config(const char *opt, const char *optarg,
     return parse_uint(&mod_config()->http2.downstream.connections_per_worker,
                       opt, optarg);
   case SHRPX_OPTID_FETCH_OCSP_RESPONSE_FILE:
-    mod_config()->tls.ocsp.fetch_ocsp_response_file = strcopy(optarg);
+    mod_config()->tls.ocsp.fetch_ocsp_response_file = optarg;
 
     return 0;
   case SHRPX_OPTID_OCSP_UPDATE_INTERVAL:
diff --git a/src/shrpx_config.h b/src/shrpx_config.h
index e5a21241..d290a37a 100644
--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@@ -394,7 +394,7 @@ struct TLSConfig {
   // OCSP realted configurations
   struct {
     ev_tstamp update_interval;
-    std::unique_ptr<char[]> fetch_ocsp_response_file;
+    ImmutableString fetch_ocsp_response_file;
     bool disabled;
   } ocsp;
 
diff --git a/src/shrpx_connection_handler.cc b/src/shrpx_connection_handler.cc
index 588e814b..8dea4f38 100644
--- a/src/shrpx_connection_handler.cc
+++ b/src/shrpx_connection_handler.cc
@@ -463,7 +463,8 @@ int ConnectionHandler::start_ocsp_update(const char *cert_file) {
   assert(!ev_is_active(&ocsp_.chldev));
 
   char *const argv[] = {
-      const_cast<char *>(get_config()->tls.ocsp.fetch_ocsp_response_file.get()),
+      const_cast<char *>(
+          get_config()->tls.ocsp.fetch_ocsp_response_file.c_str()),
       const_cast<char *>(cert_file), nullptr};
   char *const envp[] = {nullptr};
 

From 52f641781321f15453bd0d890a3db25e5bf96c3e Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 14 Feb 2016 21:06:16 +0900
Subject: [PATCH 03/15] nghttpx: Use ImmutableString for tls.cacert

---
 src/shrpx_config.cc             |  2 +-
 src/shrpx_config.h              |  2 +-
 src/shrpx_connection_handler.cc | 15 ++++++---------
 src/shrpx_ssl.cc                |  2 +-
 4 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc
index 6afcc47b..fc3cdce8 100644
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@@ -1816,7 +1816,7 @@ int parse_config(const char *opt, const char *optarg,
 
     return 0;
   case SHRPX_OPTID_CACERT:
-    mod_config()->tls.cacert = strcopy(optarg);
+    mod_config()->tls.cacert = optarg;
 
     return 0;
   case SHRPX_OPTID_BACKEND_IPV4:
diff --git a/src/shrpx_config.h b/src/shrpx_config.h
index d290a37a..8326cbf3 100644
--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@@ -431,7 +431,7 @@ struct TLSConfig {
   std::unique_ptr<char[]> cert_file;
   std::unique_ptr<char[]> dh_param_file;
   std::unique_ptr<char[]> ciphers;
-  std::unique_ptr<char[]> cacert;
+  ImmutableString cacert;
   bool insecure;
   bool no_http2_cipher_black_list;
 };
diff --git a/src/shrpx_connection_handler.cc b/src/shrpx_connection_handler.cc
index 8dea4f38..008f1289 100644
--- a/src/shrpx_connection_handler.cc
+++ b/src/shrpx_connection_handler.cc
@@ -202,9 +202,8 @@ int ConnectionHandler::create_single_worker() {
 #ifdef HAVE_NEVERBLEED
         nb_.get(),
 #endif // HAVE_NEVERBLEED
-        StringRef::from_maybe_nullptr(tlsconf.cacert.get()),
-        StringRef(memcachedconf.cert_file),
-        StringRef(memcachedconf.private_key_file), StringRef(), nullptr);
+        StringRef{tlsconf.cacert}, StringRef{memcachedconf.cert_file},
+        StringRef{memcachedconf.private_key_file}, StringRef(), nullptr);
     all_ssl_ctx_.push_back(session_cache_ssl_ctx);
   }
 
@@ -253,9 +252,8 @@ int ConnectionHandler::create_worker_thread(size_t num) {
 #ifdef HAVE_NEVERBLEED
           nb_.get(),
 #endif // HAVE_NEVERBLEED
-          StringRef::from_maybe_nullptr(tlsconf.cacert.get()),
-          StringRef(memcachedconf.cert_file),
-          StringRef(memcachedconf.private_key_file), StringRef(), nullptr);
+          StringRef{tlsconf.cacert}, StringRef{memcachedconf.cert_file},
+          StringRef{memcachedconf.private_key_file}, StringRef{}, nullptr);
       all_ssl_ctx_.push_back(session_cache_ssl_ctx);
     }
     auto worker =
@@ -768,9 +766,8 @@ SSL_CTX *ConnectionHandler::create_tls_ticket_key_memcached_ssl_ctx() {
 #ifdef HAVE_NEVERBLEED
       nb_.get(),
 #endif // HAVE_NEVERBLEED
-      StringRef::from_maybe_nullptr(tlsconf.cacert.get()),
-      StringRef(memcachedconf.cert_file),
-      StringRef(memcachedconf.private_key_file), StringRef(), nullptr);
+      StringRef{tlsconf.cacert}, StringRef{memcachedconf.cert_file},
+      StringRef{memcachedconf.private_key_file}, StringRef{}, nullptr);
 
   all_ssl_ctx_.push_back(ssl_ctx);
 
diff --git a/src/shrpx_ssl.cc b/src/shrpx_ssl.cc
index afbcbb15..bfba5a57 100644
--- a/src/shrpx_ssl.cc
+++ b/src/shrpx_ssl.cc
@@ -1323,7 +1323,7 @@ SSL_CTX *setup_downstream_client_ssl_context(
 #ifdef HAVE_NEVERBLEED
       nb,
 #endif // HAVE_NEVERBLEED
-      StringRef::from_maybe_nullptr(tlsconf.cacert.get()),
+      StringRef{tlsconf.cacert},
       StringRef::from_maybe_nullptr(tlsconf.client.cert_file.get()),
       StringRef::from_maybe_nullptr(tlsconf.client.private_key_file.get()),
       alpn, next_proto_select_cb);

From 529a59d309f40c9e0570a6c2be6332b182b53826 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 14 Feb 2016 21:09:15 +0900
Subject: [PATCH 04/15] nghttpx: Use ImmutableString for
 tls.client_verify.cacert

---
 src/shrpx_config.cc |  2 +-
 src/shrpx_config.h  |  2 +-
 src/shrpx_ssl.cc    | 10 +++++-----
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc
index fc3cdce8..506391a7 100644
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@@ -1907,7 +1907,7 @@ int parse_config(const char *opt, const char *optarg,
 
     return 0;
   case SHRPX_OPTID_VERIFY_CLIENT_CACERT:
-    mod_config()->tls.client_verify.cacert = strcopy(optarg);
+    mod_config()->tls.client_verify.cacert = optarg;
 
     return 0;
   case SHRPX_OPTID_CLIENT_PRIVATE_KEY_FILE:
diff --git a/src/shrpx_config.h b/src/shrpx_config.h
index 8326cbf3..5ea8cc62 100644
--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@@ -402,7 +402,7 @@ struct TLSConfig {
   struct {
     // Path to file containing CA certificate solely used for client
     // certificate validation
-    std::unique_ptr<char[]> cacert;
+    ImmutableString cacert;
     bool enabled;
   } client_verify;
 
diff --git a/src/shrpx_ssl.cc b/src/shrpx_ssl.cc
index bfba5a57..d6fa26a7 100644
--- a/src/shrpx_ssl.cc
+++ b/src/shrpx_ssl.cc
@@ -579,12 +579,12 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
     DIE();
   }
   if (tlsconf.client_verify.enabled) {
-    if (tlsconf.client_verify.cacert) {
+    if (!tlsconf.client_verify.cacert.empty()) {
       if (SSL_CTX_load_verify_locations(
-              ssl_ctx, tlsconf.client_verify.cacert.get(), nullptr) != 1) {
+              ssl_ctx, tlsconf.client_verify.cacert.c_str(), nullptr) != 1) {
 
         LOG(FATAL) << "Could not load trusted ca certificates from "
-                   << tlsconf.client_verify.cacert.get() << ": "
+                   << tlsconf.client_verify.cacert << ": "
                    << ERR_error_string(ERR_get_error(), nullptr);
         DIE();
       }
@@ -592,10 +592,10 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
       // error even though it returns success. See
       // http://forum.nginx.org/read.php?29,242540
       ERR_clear_error();
-      auto list = SSL_load_client_CA_file(tlsconf.client_verify.cacert.get());
+      auto list = SSL_load_client_CA_file(tlsconf.client_verify.cacert.c_str());
       if (!list) {
         LOG(FATAL) << "Could not load ca certificates from "
-                   << tlsconf.client_verify.cacert.get() << ": "
+                   << tlsconf.client_verify.cacert << ": "
                    << ERR_error_string(ERR_get_error(), nullptr);
         DIE();
       }

From c999987baf2b4c0a53bbab4ce50ed00f2cb3e66f Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 14 Feb 2016 21:13:46 +0900
Subject: [PATCH 05/15] nghttpx: Use ImmutableString for private_key_file

---
 src/shrpx.cc        | 2 +-
 src/shrpx_config.cc | 4 ++--
 src/shrpx_config.h  | 4 ++--
 src/shrpx_ssl.cc    | 5 ++---
 4 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/src/shrpx.cc b/src/shrpx.cc
index 44c4094e..369c1a78 100644
--- a/src/shrpx.cc
+++ b/src/shrpx.cc
@@ -2085,7 +2085,7 @@ void process_options(
   }
 
   if (!upstreamconf.no_tls &&
-      (!tlsconf.private_key_file || !tlsconf.cert_file)) {
+      (tlsconf.private_key_file.empty() || !tlsconf.cert_file)) {
     print_usage(std::cerr);
     LOG(FATAL) << "Too few arguments";
     exit(EXIT_FAILURE);
diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc
index 506391a7..10d9d97b 100644
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@@ -1745,7 +1745,7 @@ int parse_config(const char *opt, const char *optarg,
     return 0;
   }
   case SHRPX_OPTID_PRIVATE_KEY_FILE:
-    mod_config()->tls.private_key_file = strcopy(optarg);
+    mod_config()->tls.private_key_file = optarg;
 
     return 0;
   case SHRPX_OPTID_PRIVATE_KEY_PASSWD_FILE: {
@@ -1911,7 +1911,7 @@ int parse_config(const char *opt, const char *optarg,
 
     return 0;
   case SHRPX_OPTID_CLIENT_PRIVATE_KEY_FILE:
-    mod_config()->tls.client.private_key_file = strcopy(optarg);
+    mod_config()->tls.client.private_key_file = optarg;
 
     return 0;
   case SHRPX_OPTID_CLIENT_CERT_FILE:
diff --git a/src/shrpx_config.h b/src/shrpx_config.h
index 5ea8cc62..4b6b514d 100644
--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@@ -408,7 +408,7 @@ struct TLSConfig {
 
   // Client private key and certificate used in backend connections.
   struct {
-    std::unique_ptr<char[]> private_key_file;
+    ImmutableString private_key_file;
     std::unique_ptr<char[]> cert_file;
   } client;
 
@@ -426,7 +426,7 @@ struct TLSConfig {
   long int tls_proto_mask;
   std::string backend_sni_name;
   std::chrono::seconds session_timeout;
-  std::unique_ptr<char[]> private_key_file;
+  ImmutableString private_key_file;
   std::unique_ptr<char[]> private_key_passwd;
   std::unique_ptr<char[]> cert_file;
   std::unique_ptr<char[]> dh_param_file;
diff --git a/src/shrpx_ssl.cc b/src/shrpx_ssl.cc
index d6fa26a7..c5e8b79f 100644
--- a/src/shrpx_ssl.cc
+++ b/src/shrpx_ssl.cc
@@ -1245,7 +1245,7 @@ SSL_CTX *setup_server_ssl_context(std::vector<SSL_CTX *> &all_ssl_ctx,
 
   auto &tlsconf = get_config()->tls;
 
-  auto ssl_ctx = ssl::create_ssl_context(tlsconf.private_key_file.get(),
+  auto ssl_ctx = ssl::create_ssl_context(tlsconf.private_key_file.c_str(),
                                          tlsconf.cert_file.get()
 #ifdef HAVE_NEVERBLEED
                                              ,
@@ -1325,8 +1325,7 @@ SSL_CTX *setup_downstream_client_ssl_context(
 #endif // HAVE_NEVERBLEED
       StringRef{tlsconf.cacert},
       StringRef::from_maybe_nullptr(tlsconf.client.cert_file.get()),
-      StringRef::from_maybe_nullptr(tlsconf.client.private_key_file.get()),
-      alpn, next_proto_select_cb);
+      StringRef{tlsconf.client.private_key_file}, alpn, next_proto_select_cb);
 }
 
 CertLookupTree *create_cert_lookup_tree() {

From ac81003669deb40ede9b5559b9c832b43a787d71 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 14 Feb 2016 21:17:25 +0900
Subject: [PATCH 06/15] nghttpx: Use ImmutableString for cert_file

---
 src/shrpx.cc        | 2 +-
 src/shrpx_config.cc | 4 ++--
 src/shrpx_config.h  | 4 ++--
 src/shrpx_ssl.cc    | 9 ++++-----
 4 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/src/shrpx.cc b/src/shrpx.cc
index 369c1a78..17adf31d 100644
--- a/src/shrpx.cc
+++ b/src/shrpx.cc
@@ -2085,7 +2085,7 @@ void process_options(
   }
 
   if (!upstreamconf.no_tls &&
-      (tlsconf.private_key_file.empty() || !tlsconf.cert_file)) {
+      (tlsconf.private_key_file.empty() || tlsconf.cert_file.empty())) {
     print_usage(std::cerr);
     LOG(FATAL) << "Too few arguments";
     exit(EXIT_FAILURE);
diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc
index 10d9d97b..12e01978 100644
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@@ -1759,7 +1759,7 @@ int parse_config(const char *opt, const char *optarg,
     return 0;
   }
   case SHRPX_OPTID_CERTIFICATE_FILE:
-    mod_config()->tls.cert_file = strcopy(optarg);
+    mod_config()->tls.cert_file = optarg;
 
     return 0;
   case SHRPX_OPTID_DH_PARAM_FILE:
@@ -1915,7 +1915,7 @@ int parse_config(const char *opt, const char *optarg,
 
     return 0;
   case SHRPX_OPTID_CLIENT_CERT_FILE:
-    mod_config()->tls.client.cert_file = strcopy(optarg);
+    mod_config()->tls.client.cert_file = optarg;
 
     return 0;
   case SHRPX_OPTID_FRONTEND_HTTP2_DUMP_REQUEST_HEADER:
diff --git a/src/shrpx_config.h b/src/shrpx_config.h
index 4b6b514d..52f12ca1 100644
--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@@ -409,7 +409,7 @@ struct TLSConfig {
   // Client private key and certificate used in backend connections.
   struct {
     ImmutableString private_key_file;
-    std::unique_ptr<char[]> cert_file;
+    ImmutableString cert_file;
   } client;
 
   // The list of (private key file, certificate file) pair
@@ -428,7 +428,7 @@ struct TLSConfig {
   std::chrono::seconds session_timeout;
   ImmutableString private_key_file;
   std::unique_ptr<char[]> private_key_passwd;
-  std::unique_ptr<char[]> cert_file;
+  ImmutableString cert_file;
   std::unique_ptr<char[]> dh_param_file;
   std::unique_ptr<char[]> ciphers;
   ImmutableString cacert;
diff --git a/src/shrpx_ssl.cc b/src/shrpx_ssl.cc
index c5e8b79f..adb80e47 100644
--- a/src/shrpx_ssl.cc
+++ b/src/shrpx_ssl.cc
@@ -1246,7 +1246,7 @@ SSL_CTX *setup_server_ssl_context(std::vector<SSL_CTX *> &all_ssl_ctx,
   auto &tlsconf = get_config()->tls;
 
   auto ssl_ctx = ssl::create_ssl_context(tlsconf.private_key_file.c_str(),
-                                         tlsconf.cert_file.get()
+                                         tlsconf.cert_file.c_str()
 #ifdef HAVE_NEVERBLEED
                                              ,
                                          nb
@@ -1281,8 +1281,8 @@ SSL_CTX *setup_server_ssl_context(std::vector<SSL_CTX *> &all_ssl_ctx,
     }
   }
 
-  if (ssl::cert_lookup_tree_add_cert_from_file(cert_tree, ssl_ctx,
-                                               tlsconf.cert_file.get()) == -1) {
+  if (ssl::cert_lookup_tree_add_cert_from_file(
+          cert_tree, ssl_ctx, tlsconf.cert_file.c_str()) == -1) {
     LOG(FATAL) << "Failed to add default certificate.";
     DIE();
   }
@@ -1323,8 +1323,7 @@ SSL_CTX *setup_downstream_client_ssl_context(
 #ifdef HAVE_NEVERBLEED
       nb,
 #endif // HAVE_NEVERBLEED
-      StringRef{tlsconf.cacert},
-      StringRef::from_maybe_nullptr(tlsconf.client.cert_file.get()),
+      StringRef{tlsconf.cacert}, StringRef{tlsconf.client.cert_file},
       StringRef{tlsconf.client.private_key_file}, alpn, next_proto_select_cb);
 }
 

From 35ebdd35bc6bb9ccc98686fb8b432db181d2ae84 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 14 Feb 2016 21:20:40 +0900
Subject: [PATCH 07/15] nghttpx: Use ImmutableString for private_key_file

---
 src/shrpx_config.cc | 2 +-
 src/shrpx_config.h  | 2 +-
 src/shrpx_ssl.cc    | 6 +++---
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc
index 12e01978..0682149f 100644
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@@ -1754,7 +1754,7 @@ int parse_config(const char *opt, const char *optarg,
       LOG(ERROR) << opt << ": Couldn't read key file's passwd from " << optarg;
       return -1;
     }
-    mod_config()->tls.private_key_passwd = strcopy(passwd);
+    mod_config()->tls.private_key_passwd = passwd;
 
     return 0;
   }
diff --git a/src/shrpx_config.h b/src/shrpx_config.h
index 52f12ca1..3f5a8565 100644
--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@@ -427,7 +427,7 @@ struct TLSConfig {
   std::string backend_sni_name;
   std::chrono::seconds session_timeout;
   ImmutableString private_key_file;
-  std::unique_ptr<char[]> private_key_passwd;
+  ImmutableString private_key_passwd;
   ImmutableString cert_file;
   std::unique_ptr<char[]> dh_param_file;
   std::unique_ptr<char[]> ciphers;
diff --git a/src/shrpx_ssl.cc b/src/shrpx_ssl.cc
index adb80e47..f5d2b594 100644
--- a/src/shrpx_ssl.cc
+++ b/src/shrpx_ssl.cc
@@ -124,13 +124,13 @@ set_alpn_prefs(const std::vector<std::string> &protos) {
 namespace {
 int ssl_pem_passwd_cb(char *buf, int size, int rwflag, void *user_data) {
   auto config = static_cast<Config *>(user_data);
-  int len = (int)strlen(config->tls.private_key_passwd.get());
+  auto len = static_cast<int>(config->tls.private_key_passwd.size());
   if (size < len + 1) {
     LOG(ERROR) << "ssl_pem_passwd_cb: buf is too small " << size;
     return 0;
   }
   // Copy string including last '\0'.
-  memcpy(buf, config->tls.private_key_passwd.get(), len + 1);
+  memcpy(buf, config->tls.private_key_passwd.c_str(), len + 1);
   return len;
 }
 } // namespace
@@ -548,7 +548,7 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
 
   SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
   SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
-  if (tlsconf.private_key_passwd) {
+  if (!tlsconf.private_key_passwd.empty()) {
     SSL_CTX_set_default_passwd_cb(ssl_ctx, ssl_pem_passwd_cb);
     SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, (void *)get_config());
   }

From 2344932b45e5b22b37651ab2b432f0bb2504ba06 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 14 Feb 2016 21:22:28 +0900
Subject: [PATCH 08/15] nghttpx: Use ImmutableString for dh_param_file

---
 src/shrpx_config.cc | 2 +-
 src/shrpx_config.h  | 2 +-
 src/shrpx_ssl.cc    | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc
index 0682149f..24e89d05 100644
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@@ -1763,7 +1763,7 @@ int parse_config(const char *opt, const char *optarg,
 
     return 0;
   case SHRPX_OPTID_DH_PARAM_FILE:
-    mod_config()->tls.dh_param_file = strcopy(optarg);
+    mod_config()->tls.dh_param_file = optarg;
 
     return 0;
   case SHRPX_OPTID_SUBCERT: {
diff --git a/src/shrpx_config.h b/src/shrpx_config.h
index 3f5a8565..dbe8c9a5 100644
--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@@ -429,7 +429,7 @@ struct TLSConfig {
   ImmutableString private_key_file;
   ImmutableString private_key_passwd;
   ImmutableString cert_file;
-  std::unique_ptr<char[]> dh_param_file;
+  ImmutableString dh_param_file;
   std::unique_ptr<char[]> ciphers;
   ImmutableString cacert;
   bool insecure;
diff --git a/src/shrpx_ssl.cc b/src/shrpx_ssl.cc
index f5d2b594..a7e00086 100644
--- a/src/shrpx_ssl.cc
+++ b/src/shrpx_ssl.cc
@@ -527,9 +527,9 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
 
 #endif // OPENSSL_NO_EC
 
-  if (tlsconf.dh_param_file) {
+  if (!tlsconf.dh_param_file.empty()) {
     // Read DH parameters from file
-    auto bio = BIO_new_file(tlsconf.dh_param_file.get(), "r");
+    auto bio = BIO_new_file(tlsconf.dh_param_file.c_str(), "r");
     if (bio == nullptr) {
       LOG(FATAL) << "BIO_new_file() failed: "
                  << ERR_error_string(ERR_get_error(), nullptr);

From 67804cfc8c4818953dbcaf5ed5d17d49692d5ff3 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 14 Feb 2016 21:25:24 +0900
Subject: [PATCH 09/15] nghttpx: Use ImmutableString for ciphers

---
 src/shrpx_config.cc | 2 +-
 src/shrpx_config.h  | 2 +-
 src/shrpx_ssl.cc    | 8 ++++----
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc
index 24e89d05..d99ca91a 100644
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@@ -1804,7 +1804,7 @@ int parse_config(const char *opt, const char *optarg,
     return 0;
   }
   case SHRPX_OPTID_CIPHERS:
-    mod_config()->tls.ciphers = strcopy(optarg);
+    mod_config()->tls.ciphers = optarg;
 
     return 0;
   case SHRPX_OPTID_CLIENT:
diff --git a/src/shrpx_config.h b/src/shrpx_config.h
index dbe8c9a5..d8c63fd4 100644
--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@@ -430,7 +430,7 @@ struct TLSConfig {
   ImmutableString private_key_passwd;
   ImmutableString cert_file;
   ImmutableString dh_param_file;
-  std::unique_ptr<char[]> ciphers;
+  ImmutableString ciphers;
   ImmutableString cacert;
   bool insecure;
   bool no_http2_cipher_black_list;
diff --git a/src/shrpx_ssl.cc b/src/shrpx_ssl.cc
index a7e00086..aff475e6 100644
--- a/src/shrpx_ssl.cc
+++ b/src/shrpx_ssl.cc
@@ -493,8 +493,8 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
   SSL_CTX_set_timeout(ssl_ctx, tlsconf.session_timeout.count());
 
   const char *ciphers;
-  if (tlsconf.ciphers) {
-    ciphers = tlsconf.ciphers.get();
+  if (!tlsconf.ciphers.empty()) {
+    ciphers = tlsconf.ciphers.c_str();
   } else {
     ciphers = nghttp2::ssl::DEFAULT_CIPHER_LIST;
   }
@@ -683,8 +683,8 @@ SSL_CTX *create_ssl_client_context(
   SSL_CTX_set_options(ssl_ctx, ssl_opts | tlsconf.tls_proto_mask);
 
   const char *ciphers;
-  if (tlsconf.ciphers) {
-    ciphers = tlsconf.ciphers.get();
+  if (!tlsconf.ciphers.empty()) {
+    ciphers = tlsconf.ciphers.c_str();
   } else {
     ciphers = nghttp2::ssl::DEFAULT_CIPHER_LIST;
   }

From 9055323b67590adb4cbb941adddc05fddefd1dd2 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 14 Feb 2016 21:28:47 +0900
Subject: [PATCH 10/15] nghttpx: Use ImmutableString for request_header_file
 and response_header_file

---
 src/shrpx.cc        | 8 ++++----
 src/shrpx_config.cc | 6 ++----
 src/shrpx_config.h  | 4 ++--
 3 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/src/shrpx.cc b/src/shrpx.cc
index 17adf31d..71af4447 100644
--- a/src/shrpx.cc
+++ b/src/shrpx.cc
@@ -1986,8 +1986,8 @@ void process_options(
   {
     auto &dumpconf = http2conf.upstream.debug.dump;
 
-    if (dumpconf.request_header_file) {
-      auto path = dumpconf.request_header_file.get();
+    if (!dumpconf.request_header_file.empty()) {
+      auto path = dumpconf.request_header_file.c_str();
       auto f = open_file_for_write(path);
 
       if (f == nullptr) {
@@ -2007,8 +2007,8 @@ void process_options(
       }
     }
 
-    if (dumpconf.response_header_file) {
-      auto path = dumpconf.response_header_file.get();
+    if (!dumpconf.response_header_file.empty()) {
+      auto path = dumpconf.response_header_file.c_str();
       auto f = open_file_for_write(path);
 
       if (f == nullptr) {
diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc
index d99ca91a..c16a6132 100644
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@@ -1919,13 +1919,11 @@ int parse_config(const char *opt, const char *optarg,
 
     return 0;
   case SHRPX_OPTID_FRONTEND_HTTP2_DUMP_REQUEST_HEADER:
-    mod_config()->http2.upstream.debug.dump.request_header_file =
-        strcopy(optarg);
+    mod_config()->http2.upstream.debug.dump.request_header_file = optarg;
 
     return 0;
   case SHRPX_OPTID_FRONTEND_HTTP2_DUMP_RESPONSE_HEADER:
-    mod_config()->http2.upstream.debug.dump.response_header_file =
-        strcopy(optarg);
+    mod_config()->http2.upstream.debug.dump.response_header_file = optarg;
 
     return 0;
   case SHRPX_OPTID_HTTP2_NO_COOKIE_CRUMBLING:
diff --git a/src/shrpx_config.h b/src/shrpx_config.h
index d8c63fd4..93d55ade 100644
--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@@ -473,8 +473,8 @@ struct Http2Config {
   struct {
     struct {
       struct {
-        std::unique_ptr<char[]> request_header_file;
-        std::unique_ptr<char[]> response_header_file;
+        ImmutableString request_header_file;
+        ImmutableString response_header_file;
         FILE *request_header;
         FILE *response_header;
       } dump;

From 2b707bff27dc377ef8f0a8d60ffc4c09edadf815 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 14 Feb 2016 21:32:27 +0900
Subject: [PATCH 11/15] nghttpx: Use ImmutableString for log file

---
 src/shrpx.cc        |  4 ++--
 src/shrpx_config.cc |  4 ++--
 src/shrpx_config.h  |  4 ++--
 src/shrpx_log.cc    | 14 +++++++-------
 4 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/src/shrpx.cc b/src/shrpx.cc
index 71af4447..a914a656 100644
--- a/src/shrpx.cc
+++ b/src/shrpx.cc
@@ -1121,7 +1121,7 @@ void fill_default_config() {
     accessconf.format = parse_log_format(DEFAULT_ACCESSLOG_FORMAT);
 
     auto &errorconf = loggingconf.error;
-    errorconf.file = strcopy("/dev/stderr");
+    errorconf.file = "/dev/stderr";
   }
 
   loggingconf.syslog_facility = LOG_DAEMON;
@@ -1752,7 +1752,7 @@ Logging:
               Set path to write error  log.  To reopen file, send USR1
               signal  to nghttpx.   stderr will  be redirected  to the
               error log file unless --errorlog-syslog is used.
-              Default: )" << get_config()->logging.error.file.get() << R"(
+              Default: )" << get_config()->logging.error.file << R"(
   --errorlog-syslog
               Send  error log  to  syslog.  If  this  option is  used,
               --errorlog-file option is ignored.
diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc
index c16a6132..2c092148 100644
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@@ -1622,7 +1622,7 @@ int parse_config(const char *opt, const char *optarg,
     return parse_duration(&mod_config()->http2.timeout.stream_write, opt,
                           optarg);
   case SHRPX_OPTID_ACCESSLOG_FILE:
-    mod_config()->logging.access.file = strcopy(optarg);
+    mod_config()->logging.access.file = optarg;
 
     return 0;
   case SHRPX_OPTID_ACCESSLOG_SYSLOG:
@@ -1634,7 +1634,7 @@ int parse_config(const char *opt, const char *optarg,
 
     return 0;
   case SHRPX_OPTID_ERRORLOG_FILE:
-    mod_config()->logging.error.file = strcopy(optarg);
+    mod_config()->logging.error.file = optarg;
 
     return 0;
   case SHRPX_OPTID_ERRORLOG_SYSLOG:
diff --git a/src/shrpx_config.h b/src/shrpx_config.h
index 93d55ade..04faed86 100644
--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@@ -504,12 +504,12 @@ struct Http2Config {
 struct LoggingConfig {
   struct {
     std::vector<LogFragment> format;
-    std::unique_ptr<char[]> file;
+    ImmutableString file;
     // Send accesslog to syslog, ignoring accesslog_file.
     bool syslog;
   } access;
   struct {
-    std::unique_ptr<char[]> file;
+    ImmutableString file;
     // Send errorlog to syslog, ignoring errorlog_file.
     bool syslog;
   } error;
diff --git a/src/shrpx_log.cc b/src/shrpx_log.cc
index 261b02e5..ae699e8b 100644
--- a/src/shrpx_log.cc
+++ b/src/shrpx_log.cc
@@ -393,23 +393,23 @@ int reopen_log_files() {
   auto &accessconf = get_config()->logging.access;
   auto &errorconf = get_config()->logging.error;
 
-  if (!accessconf.syslog && accessconf.file) {
-    new_accesslog_fd = util::open_log_file(accessconf.file.get());
+  if (!accessconf.syslog && !accessconf.file.empty()) {
+    new_accesslog_fd = util::open_log_file(accessconf.file.c_str());
 
     if (new_accesslog_fd == -1) {
-      LOG(ERROR) << "Failed to open accesslog file " << accessconf.file.get();
+      LOG(ERROR) << "Failed to open accesslog file " << accessconf.file;
       res = -1;
     }
   }
 
-  if (!errorconf.syslog && errorconf.file) {
-    new_errorlog_fd = util::open_log_file(errorconf.file.get());
+  if (!errorconf.syslog && !errorconf.file.empty()) {
+    new_errorlog_fd = util::open_log_file(errorconf.file.c_str());
 
     if (new_errorlog_fd == -1) {
       if (lgconf->errorlog_fd != -1) {
-        LOG(ERROR) << "Failed to open errorlog file " << errorconf.file.get();
+        LOG(ERROR) << "Failed to open errorlog file " << errorconf.file;
       } else {
-        std::cerr << "Failed to open errorlog file " << errorconf.file.get()
+        std::cerr << "Failed to open errorlog file " << errorconf.file
                   << std::endl;
       }
 

From 76a425226ffcfdd88d8b0009b2cd847fc16e65e2 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 14 Feb 2016 21:34:33 +0900
Subject: [PATCH 12/15] nghttpx: Use ImmutableString for pid_file

---
 src/shrpx.cc        | 10 +++++-----
 src/shrpx_config.cc |  2 +-
 src/shrpx_config.h  |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/shrpx.cc b/src/shrpx.cc
index a914a656..8508da4d 100644
--- a/src/shrpx.cc
+++ b/src/shrpx.cc
@@ -199,18 +199,18 @@ int chown_to_running_user(const char *path) {
 
 namespace {
 void save_pid() {
-  std::ofstream out(get_config()->pid_file.get(), std::ios::binary);
+  std::ofstream out(get_config()->pid_file.c_str(), std::ios::binary);
   out << get_config()->pid << "\n";
   out.close();
   if (!out) {
-    LOG(ERROR) << "Could not save PID to file " << get_config()->pid_file.get();
+    LOG(ERROR) << "Could not save PID to file " << get_config()->pid_file;
     exit(EXIT_FAILURE);
   }
 
   if (get_config()->uid != 0) {
-    if (chown_to_running_user(get_config()->pid_file.get()) == -1) {
+    if (chown_to_running_user(get_config()->pid_file.c_str()) == -1) {
       auto error = errno;
-      LOG(WARN) << "Changing owner of pid file " << get_config()->pid_file.get()
+      LOG(WARN) << "Changing owner of pid file " << get_config()->pid_file
                 << " failed: " << strerror(error);
     }
   }
@@ -946,7 +946,7 @@ int event_loop() {
     redirect_stderr_to_errorlog();
   }
 
-  if (get_config()->pid_file) {
+  if (!get_config()->pid_file.empty()) {
     save_pid();
   }
 
diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc
index 2c092148..8d23b9ac 100644
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@@ -1728,7 +1728,7 @@ int parse_config(const char *opt, const char *optarg,
 
     return 0;
   case SHRPX_OPTID_PID_FILE:
-    mod_config()->pid_file = strcopy(optarg);
+    mod_config()->pid_file = optarg;
 
     return 0;
   case SHRPX_OPTID_USER: {
diff --git a/src/shrpx_config.h b/src/shrpx_config.h
index 04faed86..3caa7aeb 100644
--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@@ -581,7 +581,7 @@ struct Config {
   TLSConfig tls;
   LoggingConfig logging;
   ConnectionConfig conn;
-  std::unique_ptr<char[]> pid_file;
+  ImmutableString pid_file;
   std::unique_ptr<char[]> conf_path;
   std::unique_ptr<char[]> user;
   std::unique_ptr<char[]> mruby_file;

From 466e4b7a1e171b7b183922b7e8a27a61ca3a293d Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 14 Feb 2016 22:20:10 +0900
Subject: [PATCH 13/15] nghttpx: Use ImmutableString for conf_path

---
 src/shrpx.cc       | 12 ++++++------
 src/shrpx_config.h |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/shrpx.cc b/src/shrpx.cc
index 8508da4d..0c1fb3f7 100644
--- a/src/shrpx.cc
+++ b/src/shrpx.cc
@@ -1040,7 +1040,7 @@ void fill_default_config() {
   *mod_config() = {};
 
   mod_config()->num_worker = 1;
-  mod_config()->conf_path = strcopy("/etc/nghttpx/nghttpx.conf");
+  mod_config()->conf_path = "/etc/nghttpx/nghttpx.conf";
   mod_config()->pid = getpid();
 
   auto &tlsconf = mod_config()->tls;
@@ -1893,7 +1893,7 @@ Scripting:
 Misc:
   --conf=<PATH>
               Load configuration from <PATH>.
-              Default: )" << get_config()->conf_path.get() << R"(
+              Default: )" << get_config()->conf_path << R"(
   --include=<PATH>
               Load additional configurations from <PATH>.  File <PATH>
               is  read  when  configuration  parser  encountered  this
@@ -1919,11 +1919,11 @@ namespace {
 void process_options(
     int argc, char **argv,
     std::vector<std::pair<const char *, const char *>> &cmdcfgs) {
-  if (conf_exists(get_config()->conf_path.get())) {
+  if (conf_exists(get_config()->conf_path.c_str())) {
     std::set<std::string> include_set;
-    if (load_config(get_config()->conf_path.get(), include_set) == -1) {
+    if (load_config(get_config()->conf_path.c_str(), include_set) == -1) {
       LOG(FATAL) << "Failed to load configuration from "
-                 << get_config()->conf_path.get();
+                 << get_config()->conf_path;
       exit(EXIT_FAILURE);
     }
     assert(include_set.empty());
@@ -2563,7 +2563,7 @@ int main(int argc, char **argv) {
         break;
       case 12:
         // --conf
-        mod_config()->conf_path = strcopy(optarg);
+        mod_config()->conf_path = optarg;
         break;
       case 14:
         // --syslog-facility
diff --git a/src/shrpx_config.h b/src/shrpx_config.h
index 3caa7aeb..c7a3ef59 100644
--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@@ -582,7 +582,7 @@ struct Config {
   LoggingConfig logging;
   ConnectionConfig conn;
   ImmutableString pid_file;
-  std::unique_ptr<char[]> conf_path;
+  ImmutableString conf_path;
   std::unique_ptr<char[]> user;
   std::unique_ptr<char[]> mruby_file;
   char **original_argv;

From 7aabc6b125279fea2a60c23f329651fe5a323a58 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 14 Feb 2016 22:21:55 +0900
Subject: [PATCH 14/15] nghttpx: Use ImmutableString for user

---
 src/shrpx_config.cc         | 2 +-
 src/shrpx_config.h          | 2 +-
 src/shrpx_worker_process.cc | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc
index 8d23b9ac..1e023d18 100644
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@@ -1738,7 +1738,7 @@ int parse_config(const char *opt, const char *optarg,
                  << strerror(errno);
       return -1;
     }
-    mod_config()->user = strcopy(pwd->pw_name);
+    mod_config()->user = pwd->pw_name;
     mod_config()->uid = pwd->pw_uid;
     mod_config()->gid = pwd->pw_gid;
 
diff --git a/src/shrpx_config.h b/src/shrpx_config.h
index c7a3ef59..03b3700b 100644
--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@@ -583,7 +583,7 @@ struct Config {
   ConnectionConfig conn;
   ImmutableString pid_file;
   ImmutableString conf_path;
-  std::unique_ptr<char[]> user;
+  ImmutableString user;
   std::unique_ptr<char[]> mruby_file;
   char **original_argv;
   char **argv;
diff --git a/src/shrpx_worker_process.cc b/src/shrpx_worker_process.cc
index f7dacc7c..8d09b5d2 100644
--- a/src/shrpx_worker_process.cc
+++ b/src/shrpx_worker_process.cc
@@ -64,7 +64,7 @@ void drop_privileges(
 #endif // HAVE_NEVERBLEED
     ) {
   if (getuid() == 0 && get_config()->uid != 0) {
-    if (initgroups(get_config()->user.get(), get_config()->gid) != 0) {
+    if (initgroups(get_config()->user.c_str(), get_config()->gid) != 0) {
       auto error = errno;
       LOG(FATAL) << "Could not change supplementary groups: "
                  << strerror(error);
@@ -86,7 +86,7 @@ void drop_privileges(
     }
 #ifdef HAVE_NEVERBLEED
     if (nb) {
-      neverbleed_setuidgid(nb, get_config()->user.get(), 1);
+      neverbleed_setuidgid(nb, get_config()->user.c_str(), 1);
     }
 #endif // HAVE_NEVERBLEED
   }

From aa3373a107a2e9a96afe10929db4773a88745f90 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 14 Feb 2016 22:27:59 +0900
Subject: [PATCH 15/15] nghttpx: Use ImmutableString for mruby_file

---
 src/shrpx_config.cc |  2 +-
 src/shrpx_config.h  |  2 +-
 src/shrpx_mruby.cc  | 11 +++++------
 src/shrpx_mruby.h   |  6 ++++--
 src/shrpx_worker.cc |  3 +--
 5 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc
index 1e023d18..4d95ffe2 100644
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@@ -2205,7 +2205,7 @@ int parse_config(const char *opt, const char *optarg,
 
   case SHRPX_OPTID_MRUBY_FILE:
 #ifdef HAVE_MRUBY
-    mod_config()->mruby_file = strcopy(optarg);
+    mod_config()->mruby_file = optarg;
 #else  // !HAVE_MRUBY
     LOG(WARN) << opt
               << ": ignored because mruby support is disabled at build time.";
diff --git a/src/shrpx_config.h b/src/shrpx_config.h
index 03b3700b..80f0e06e 100644
--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@@ -584,7 +584,7 @@ struct Config {
   ImmutableString pid_file;
   ImmutableString conf_path;
   ImmutableString user;
-  std::unique_ptr<char[]> mruby_file;
+  ImmutableString mruby_file;
   char **original_argv;
   char **argv;
   char *cwd;
diff --git a/src/shrpx_mruby.cc b/src/shrpx_mruby.cc
index 5b1b3967..bd57c146 100644
--- a/src/shrpx_mruby.cc
+++ b/src/shrpx_mruby.cc
@@ -31,7 +31,6 @@
 #include "shrpx_config.h"
 #include "shrpx_mruby_module.h"
 #include "shrpx_downstream_connection.h"
-#include "template.h"
 
 namespace shrpx {
 
@@ -146,12 +145,12 @@ mrb_value instantiate_app(mrb_state *mrb, RProc *proc) {
 // very hard to write these kind of code because mruby has almost no
 // documentation aobut compiling or generating code, at least at the
 // time of this writing.
-RProc *compile(mrb_state *mrb, const char *filename) {
-  if (filename == nullptr) {
+RProc *compile(mrb_state *mrb, const StringRef &filename) {
+  if (filename.empty()) {
     return nullptr;
   }
 
-  auto infile = fopen(filename, "rb");
+  auto infile = fopen(filename.c_str(), "rb");
   if (infile == nullptr) {
     return nullptr;
   }
@@ -185,8 +184,8 @@ RProc *compile(mrb_state *mrb, const char *filename) {
   return proc;
 }
 
-std::unique_ptr<MRubyContext> create_mruby_context(const char *filename) {
-  if (!filename) {
+std::unique_ptr<MRubyContext> create_mruby_context(const StringRef &filename) {
+  if (filename.empty()) {
     return make_unique<MRubyContext>(nullptr, mrb_nil_value(), mrb_nil_value());
   }
 
diff --git a/src/shrpx_mruby.h b/src/shrpx_mruby.h
index 95f0430c..55a18351 100644
--- a/src/shrpx_mruby.h
+++ b/src/shrpx_mruby.h
@@ -32,6 +32,8 @@
 #include <mruby.h>
 #include <mruby/proc.h>
 
+#include "template.h"
+
 using namespace nghttp2;
 
 namespace shrpx {
@@ -69,9 +71,9 @@ struct MRubyAssocData {
   bool response_headers_dirty;
 };
 
-RProc *compile(mrb_state *mrb, const char *filename);
+RProc *compile(mrb_state *mrb, const StringRef &filename);
 
-std::unique_ptr<MRubyContext> create_mruby_context(const char *filename);
+std::unique_ptr<MRubyContext> create_mruby_context(const StringRef &filename);
 
 // Return interned |ptr|.
 mrb_sym intern_ptr(mrb_state *mrb, void *ptr);
diff --git a/src/shrpx_worker.cc b/src/shrpx_worker.cc
index 83cfff9b..604f9058 100644
--- a/src/shrpx_worker.cc
+++ b/src/shrpx_worker.cc
@@ -290,8 +290,7 @@ std::mt19937 &Worker::get_randgen() { return randgen_; }
 
 #ifdef HAVE_MRUBY
 int Worker::create_mruby_context() {
-  auto mruby_file = get_config()->mruby_file.get();
-  mruby_ctx_ = mruby::create_mruby_context(mruby_file);
+  mruby_ctx_ = mruby::create_mruby_context(StringRef{get_config()->mruby_file});
   if (!mruby_ctx_) {
     return -1;
   }