walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Merge branch 'nghttpx-replace-unique-ptr-char-with-immutable-string'

This commit is contained in:
Tatsuhiro Tsujikawa 2016-02-14 22:36:48 +09:00
parent 47106c0756 aa3373a107
commit 02b7116d42
10 changed files with 126 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
src/shrpx.cc
View File

@ -199,18 +199,18 @@ int chown_to_running_user(const char *path) {
namespace { namespace {
void save_pid() { void save_pid() {
std::ofstream out(get_config()->pid_file.get(), std::ios::binary); std::ofstream out(get_config()->pid_file.c_str(), std::ios::binary);
out << get_config()->pid << "\n"; out << get_config()->pid << "\n";
out.close(); out.close();
if (!out) { if (!out) {
LOG(ERROR) << "Could not save PID to file " << get_config()->pid_file.get(); LOG(ERROR) << "Could not save PID to file " << get_config()->pid_file;
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
if (get_config()->uid != 0) { if (get_config()->uid != 0) {
if (chown_to_running_user(get_config()->pid_file.get()) == -1) { if (chown_to_running_user(get_config()->pid_file.c_str()) == -1) {
auto error = errno; auto error = errno;
LOG(WARN) << "Changing owner of pid file " << get_config()->pid_file.get() LOG(WARN) << "Changing owner of pid file " << get_config()->pid_file
<< " failed: " << strerror(error); << " failed: " << strerror(error);
} }
} }
@ -946,7 +946,7 @@ int event_loop() {
redirect_stderr_to_errorlog(); redirect_stderr_to_errorlog();
} }
if (get_config()->pid_file) { if (!get_config()->pid_file.empty()) {
save_pid(); save_pid();
} }
@ -1040,7 +1040,7 @@ void fill_default_config() {
*mod_config() = {}; *mod_config() = {};
mod_config()->num_worker = 1; mod_config()->num_worker = 1;
mod_config()->conf_path = strcopy("/etc/nghttpx/nghttpx.conf"); mod_config()->conf_path = "/etc/nghttpx/nghttpx.conf";
mod_config()->pid = getpid(); mod_config()->pid = getpid();
auto &tlsconf = mod_config()->tls; auto &tlsconf = mod_config()->tls;
@ -1067,8 +1067,7 @@ void fill_default_config() {
auto &ocspconf = tlsconf.ocsp; auto &ocspconf = tlsconf.ocsp;
// ocsp update interval = 14400 secs = 4 hours, borrowed from h2o // ocsp update interval = 14400 secs = 4 hours, borrowed from h2o
ocspconf.update_interval = 4_h; ocspconf.update_interval = 4_h;
ocspconf.fetch_ocsp_response_file = ocspconf.fetch_ocsp_response_file = PKGDATADIR "/fetch-ocsp-response";
strcopy(PKGDATADIR "/fetch-ocsp-response");
} }
{ {
@ -1122,7 +1121,7 @@ void fill_default_config() {
accessconf.format = parse_log_format(DEFAULT_ACCESSLOG_FORMAT); accessconf.format = parse_log_format(DEFAULT_ACCESSLOG_FORMAT);
auto &errorconf = loggingconf.error; auto &errorconf = loggingconf.error;
errorconf.file = strcopy("/dev/stderr"); errorconf.file = "/dev/stderr";
} }
loggingconf.syslog_facility = LOG_DAEMON; loggingconf.syslog_facility = LOG_DAEMON;
@ -1579,8 +1578,8 @@ SSL/TLS:
--fetch-ocsp-response-file=<PATH> --fetch-ocsp-response-file=<PATH>
Path to fetch-ocsp-response script file. It should be Path to fetch-ocsp-response script file. It should be
absolute path. absolute path.
Default: )" Default: )" << get_config()->tls.ocsp.fetch_ocsp_response_file
<< get_config()->tls.ocsp.fetch_ocsp_response_file.get() << R"( << R"(
--ocsp-update-interval=<DURATION> --ocsp-update-interval=<DURATION>
Set interval to update OCSP response cache. Set interval to update OCSP response cache.
Default: )" Default: )"
@ -1753,7 +1752,7 @@ Logging:
Set path to write error log. To reopen file, send USR1 Set path to write error log. To reopen file, send USR1
signal to nghttpx. stderr will be redirected to the signal to nghttpx. stderr will be redirected to the
error log file unless --errorlog-syslog is used. error log file unless --errorlog-syslog is used.
Default: )" << get_config()->logging.error.file.get() << R"( Default: )" << get_config()->logging.error.file << R"(
--errorlog-syslog --errorlog-syslog
Send error log to syslog. If this option is used, Send error log to syslog. If this option is used,
--errorlog-file option is ignored. --errorlog-file option is ignored.
@ -1894,7 +1893,7 @@ Scripting:
Misc: Misc:
--conf=<PATH> --conf=<PATH>
Load configuration from <PATH>. Load configuration from <PATH>.
Default: )" << get_config()->conf_path.get() << R"( Default: )" << get_config()->conf_path << R"(
--include=<PATH> --include=<PATH>
Load additional configurations from <PATH>. File <PATH> Load additional configurations from <PATH>. File <PATH>
is read when configuration parser encountered this is read when configuration parser encountered this
@ -1920,11 +1919,11 @@ namespace {
void process_options( void process_options(
int argc, char **argv, int argc, char **argv,
std::vector<std::pair<const char *, const char *>> &cmdcfgs) { std::vector<std::pair<const char *, const char *>> &cmdcfgs) {
if (conf_exists(get_config()->conf_path.get())) { if (conf_exists(get_config()->conf_path.c_str())) {
std::set<std::string> include_set; std::set<std::string> include_set;
if (load_config(get_config()->conf_path.get(), include_set) == -1) { if (load_config(get_config()->conf_path.c_str(), include_set) == -1) {
LOG(FATAL) << "Failed to load configuration from " LOG(FATAL) << "Failed to load configuration from "
<< get_config()->conf_path.get(); << get_config()->conf_path;
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
assert(include_set.empty()); assert(include_set.empty());
@ -1987,8 +1986,8 @@ void process_options(
{ {
auto &dumpconf = http2conf.upstream.debug.dump; auto &dumpconf = http2conf.upstream.debug.dump;
if (dumpconf.request_header_file) { if (!dumpconf.request_header_file.empty()) {
auto path = dumpconf.request_header_file.get(); auto path = dumpconf.request_header_file.c_str();
auto f = open_file_for_write(path); auto f = open_file_for_write(path);
if (f == nullptr) { if (f == nullptr) {
@ -2008,8 +2007,8 @@ void process_options(
} }
} }
if (dumpconf.response_header_file) { if (!dumpconf.response_header_file.empty()) {
auto path = dumpconf.response_header_file.get(); auto path = dumpconf.response_header_file.c_str();
auto f = open_file_for_write(path); auto f = open_file_for_write(path);
if (f == nullptr) { if (f == nullptr) {
@ -2086,7 +2085,7 @@ void process_options(
} }
if (!upstreamconf.no_tls && if (!upstreamconf.no_tls &&
(!tlsconf.private_key_file || !tlsconf.cert_file)) { (tlsconf.private_key_file.empty() || tlsconf.cert_file.empty())) {
print_usage(std::cerr); print_usage(std::cerr);
LOG(FATAL) << "Too few arguments"; LOG(FATAL) << "Too few arguments";
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
@ -2094,10 +2093,10 @@ void process_options(
if (!upstreamconf.no_tls && !tlsconf.ocsp.disabled) { if (!upstreamconf.no_tls && !tlsconf.ocsp.disabled) {
struct stat buf; struct stat buf;
if (stat(tlsconf.ocsp.fetch_ocsp_response_file.get(), &buf) != 0) { if (stat(tlsconf.ocsp.fetch_ocsp_response_file.c_str(), &buf) != 0) {
tlsconf.ocsp.disabled = true; tlsconf.ocsp.disabled = true;
LOG(WARN) << "--fetch-ocsp-response-file: " LOG(WARN) << "--fetch-ocsp-response-file: "
<< tlsconf.ocsp.fetch_ocsp_response_file.get() << tlsconf.ocsp.fetch_ocsp_response_file
<< " not found. OCSP stapling has been disabled."; << " not found. OCSP stapling has been disabled.";
} }
} }
@ -2220,10 +2219,10 @@ void process_options(
{ {
auto &memcachedconf = tlsconf.session_cache.memcached; auto &memcachedconf = tlsconf.session_cache.memcached;
if (memcachedconf.host) { if (!memcachedconf.host.empty()) {
auto hostport = auto hostport = util::make_hostport(StringRef{memcachedconf.host},
util::make_hostport(memcachedconf.host.get(), memcachedconf.port); memcachedconf.port);
if (resolve_hostname(&memcachedconf.addr, memcachedconf.host.get(), if (resolve_hostname(&memcachedconf.addr, memcachedconf.host.c_str(),
memcachedconf.port, memcachedconf.family) == -1) { memcachedconf.port, memcachedconf.family) == -1) {
LOG(FATAL) LOG(FATAL)
<< "Resolving memcached address for TLS session cache failed: " << "Resolving memcached address for TLS session cache failed: "
@ -2238,10 +2237,10 @@ void process_options(
{ {
auto &memcachedconf = tlsconf.ticket.memcached; auto &memcachedconf = tlsconf.ticket.memcached;
if (memcachedconf.host) { if (!memcachedconf.host.empty()) {
auto hostport = auto hostport = util::make_hostport(StringRef{memcachedconf.host},
util::make_hostport(memcachedconf.host.get(), memcachedconf.port); memcachedconf.port);
if (resolve_hostname(&memcachedconf.addr, memcachedconf.host.get(), if (resolve_hostname(&memcachedconf.addr, memcachedconf.host.c_str(),
memcachedconf.port, memcachedconf.family) == -1) { memcachedconf.port, memcachedconf.family) == -1) {
LOG(FATAL) << "Resolving memcached address for TLS ticket key failed: " LOG(FATAL) << "Resolving memcached address for TLS ticket key failed: "
<< hostport; << hostport;
@ -2564,7 +2563,7 @@ int main(int argc, char **argv) {
break; break;
case 12: case 12:
// --conf // --conf
mod_config()->conf_path = strcopy(optarg); mod_config()->conf_path = optarg;
break; break;
case 14: case 14:
// --syslog-facility // --syslog-facility

40
src/shrpx_config.cc
View File

@ -1622,7 +1622,7 @@ int parse_config(const char *opt, const char *optarg,
return parse_duration(&mod_config()->http2.timeout.stream_write, opt, return parse_duration(&mod_config()->http2.timeout.stream_write, opt,
optarg); optarg);
case SHRPX_OPTID_ACCESSLOG_FILE: case SHRPX_OPTID_ACCESSLOG_FILE:
mod_config()->logging.access.file = strcopy(optarg); mod_config()->logging.access.file = optarg;
return 0; return 0;
case SHRPX_OPTID_ACCESSLOG_SYSLOG: case SHRPX_OPTID_ACCESSLOG_SYSLOG:
@ -1634,7 +1634,7 @@ int parse_config(const char *opt, const char *optarg,
return 0; return 0;
case SHRPX_OPTID_ERRORLOG_FILE: case SHRPX_OPTID_ERRORLOG_FILE:
mod_config()->logging.error.file = strcopy(optarg); mod_config()->logging.error.file = optarg;
return 0; return 0;
case SHRPX_OPTID_ERRORLOG_SYSLOG: case SHRPX_OPTID_ERRORLOG_SYSLOG:
@ -1728,7 +1728,7 @@ int parse_config(const char *opt, const char *optarg,
return 0; return 0;
case SHRPX_OPTID_PID_FILE: case SHRPX_OPTID_PID_FILE:
mod_config()->pid_file = strcopy(optarg); mod_config()->pid_file = optarg;
return 0; return 0;
case SHRPX_OPTID_USER: { case SHRPX_OPTID_USER: {
@ -1738,14 +1738,14 @@ int parse_config(const char *opt, const char *optarg,
<< strerror(errno); << strerror(errno);
return -1; return -1;
} }
mod_config()->user = strcopy(pwd->pw_name); mod_config()->user = pwd->pw_name;
mod_config()->uid = pwd->pw_uid; mod_config()->uid = pwd->pw_uid;
mod_config()->gid = pwd->pw_gid; mod_config()->gid = pwd->pw_gid;
return 0; return 0;
} }
case SHRPX_OPTID_PRIVATE_KEY_FILE: case SHRPX_OPTID_PRIVATE_KEY_FILE:
mod_config()->tls.private_key_file = strcopy(optarg); mod_config()->tls.private_key_file = optarg;
return 0; return 0;
case SHRPX_OPTID_PRIVATE_KEY_PASSWD_FILE: { case SHRPX_OPTID_PRIVATE_KEY_PASSWD_FILE: {
@ -1754,16 +1754,16 @@ int parse_config(const char *opt, const char *optarg,
LOG(ERROR) << opt << ": Couldn't read key file's passwd from " << optarg; LOG(ERROR) << opt << ": Couldn't read key file's passwd from " << optarg;
return -1; return -1;
} }
mod_config()->tls.private_key_passwd = strcopy(passwd); mod_config()->tls.private_key_passwd = passwd;
return 0; return 0;
} }
case SHRPX_OPTID_CERTIFICATE_FILE: case SHRPX_OPTID_CERTIFICATE_FILE:
mod_config()->tls.cert_file = strcopy(optarg); mod_config()->tls.cert_file = optarg;
return 0; return 0;
case SHRPX_OPTID_DH_PARAM_FILE: case SHRPX_OPTID_DH_PARAM_FILE:
mod_config()->tls.dh_param_file = strcopy(optarg); mod_config()->tls.dh_param_file = optarg;
return 0; return 0;
case SHRPX_OPTID_SUBCERT: { case SHRPX_OPTID_SUBCERT: {
@ -1804,7 +1804,7 @@ int parse_config(const char *opt, const char *optarg,
return 0; return 0;
} }
case SHRPX_OPTID_CIPHERS: case SHRPX_OPTID_CIPHERS:
mod_config()->tls.ciphers = strcopy(optarg); mod_config()->tls.ciphers = optarg;
return 0; return 0;
case SHRPX_OPTID_CLIENT: case SHRPX_OPTID_CLIENT:
@ -1816,7 +1816,7 @@ int parse_config(const char *opt, const char *optarg,
return 0; return 0;
case SHRPX_OPTID_CACERT: case SHRPX_OPTID_CACERT:
mod_config()->tls.cacert = strcopy(optarg); mod_config()->tls.cacert = optarg;
return 0; return 0;
case SHRPX_OPTID_BACKEND_IPV4: case SHRPX_OPTID_BACKEND_IPV4:
@ -1907,25 +1907,23 @@ int parse_config(const char *opt, const char *optarg,
return 0; return 0;
case SHRPX_OPTID_VERIFY_CLIENT_CACERT: case SHRPX_OPTID_VERIFY_CLIENT_CACERT:
mod_config()->tls.client_verify.cacert = strcopy(optarg); mod_config()->tls.client_verify.cacert = optarg;
return 0; return 0;
case SHRPX_OPTID_CLIENT_PRIVATE_KEY_FILE: case SHRPX_OPTID_CLIENT_PRIVATE_KEY_FILE:
mod_config()->tls.client.private_key_file = strcopy(optarg); mod_config()->tls.client.private_key_file = optarg;
return 0; return 0;
case SHRPX_OPTID_CLIENT_CERT_FILE: case SHRPX_OPTID_CLIENT_CERT_FILE:
mod_config()->tls.client.cert_file = strcopy(optarg); mod_config()->tls.client.cert_file = optarg;
return 0; return 0;
case SHRPX_OPTID_FRONTEND_HTTP2_DUMP_REQUEST_HEADER: case SHRPX_OPTID_FRONTEND_HTTP2_DUMP_REQUEST_HEADER:
mod_config()->http2.upstream.debug.dump.request_header_file = mod_config()->http2.upstream.debug.dump.request_header_file = optarg;
strcopy(optarg);
return 0; return 0;
case SHRPX_OPTID_FRONTEND_HTTP2_DUMP_RESPONSE_HEADER: case SHRPX_OPTID_FRONTEND_HTTP2_DUMP_RESPONSE_HEADER:
mod_config()->http2.upstream.debug.dump.response_header_file = mod_config()->http2.upstream.debug.dump.response_header_file = optarg;
strcopy(optarg);
return 0; return 0;
case SHRPX_OPTID_HTTP2_NO_COOKIE_CRUMBLING: case SHRPX_OPTID_HTTP2_NO_COOKIE_CRUMBLING:
@ -2086,7 +2084,7 @@ int parse_config(const char *opt, const char *optarg,
return parse_uint(&mod_config()->http2.downstream.connections_per_worker, return parse_uint(&mod_config()->http2.downstream.connections_per_worker,
opt, optarg); opt, optarg);
case SHRPX_OPTID_FETCH_OCSP_RESPONSE_FILE: case SHRPX_OPTID_FETCH_OCSP_RESPONSE_FILE:
mod_config()->tls.ocsp.fetch_ocsp_response_file = strcopy(optarg); mod_config()->tls.ocsp.fetch_ocsp_response_file = optarg;
return 0; return 0;
case SHRPX_OPTID_OCSP_UPDATE_INTERVAL: case SHRPX_OPTID_OCSP_UPDATE_INTERVAL:
@ -2154,7 +2152,7 @@ int parse_config(const char *opt, const char *optarg,
} }
auto &memcachedconf = mod_config()->tls.session_cache.memcached; auto &memcachedconf = mod_config()->tls.session_cache.memcached;
memcachedconf.host = strcopy(host); memcachedconf.host = host;
memcachedconf.port = port; memcachedconf.port = port;
return 0; return 0;
@ -2166,7 +2164,7 @@ int parse_config(const char *opt, const char *optarg,
} }
auto &memcachedconf = mod_config()->tls.ticket.memcached; auto &memcachedconf = mod_config()->tls.ticket.memcached;
memcachedconf.host = strcopy(host); memcachedconf.host = host;
memcachedconf.port = port; memcachedconf.port = port;
return 0; return 0;
@ -2207,7 +2205,7 @@ int parse_config(const char *opt, const char *optarg,
case SHRPX_OPTID_MRUBY_FILE: case SHRPX_OPTID_MRUBY_FILE:
#ifdef HAVE_MRUBY #ifdef HAVE_MRUBY
mod_config()->mruby_file = strcopy(optarg); mod_config()->mruby_file = optarg;
#else // !HAVE_MRUBY #else // !HAVE_MRUBY
LOG(WARN) << opt LOG(WARN) << opt
<< ": ignored because mruby support is disabled at build time."; << ": ignored because mruby support is disabled at build time.";

44
src/shrpx_config.h
View File

@ -343,7 +343,9 @@ struct TLSConfig {
struct { struct {
Address addr; Address addr;
uint16_t port; uint16_t port;
std::unique_ptr<char[]> host; // Hostname of memcached server. This is also used as SNI field
// if TLS is enabled.
ImmutableString host;
// Client private key and certificate for authentication // Client private key and certificate for authentication
ImmutableString private_key_file; ImmutableString private_key_file;
ImmutableString cert_file; ImmutableString cert_file;
@ -370,7 +372,9 @@ struct TLSConfig {
struct { struct {
Address addr; Address addr;
uint16_t port; uint16_t port;
std::unique_ptr<char[]> host; // Hostname of memcached server. This is also used as SNI field
// if TLS is enabled.
ImmutableString host;
// Client private key and certificate for authentication // Client private key and certificate for authentication
ImmutableString private_key_file; ImmutableString private_key_file;
ImmutableString cert_file; ImmutableString cert_file;
@ -390,7 +394,7 @@ struct TLSConfig {
// OCSP realted configurations // OCSP realted configurations
struct { struct {
ev_tstamp update_interval; ev_tstamp update_interval;
std::unique_ptr<char[]> fetch_ocsp_response_file; ImmutableString fetch_ocsp_response_file;
bool disabled; bool disabled;
} ocsp; } ocsp;
@ -398,14 +402,14 @@ struct TLSConfig {
struct { struct {
// Path to file containing CA certificate solely used for client // Path to file containing CA certificate solely used for client
// certificate validation // certificate validation
std::unique_ptr<char[]> cacert; ImmutableString cacert;
bool enabled; bool enabled;
} client_verify; } client_verify;
// Client private key and certificate used in backend connections. // Client private key and certificate used in backend connections.
struct { struct {
std::unique_ptr<char[]> private_key_file; ImmutableString private_key_file;
std::unique_ptr<char[]> cert_file; ImmutableString cert_file;
} client; } client;
// The list of (private key file, certificate file) pair // The list of (private key file, certificate file) pair
@ -422,12 +426,12 @@ struct TLSConfig {
long int tls_proto_mask; long int tls_proto_mask;
std::string backend_sni_name; std::string backend_sni_name;
std::chrono::seconds session_timeout; std::chrono::seconds session_timeout;
std::unique_ptr<char[]> private_key_file; ImmutableString private_key_file;
std::unique_ptr<char[]> private_key_passwd; ImmutableString private_key_passwd;
std::unique_ptr<char[]> cert_file; ImmutableString cert_file;
std::unique_ptr<char[]> dh_param_file; ImmutableString dh_param_file;
std::unique_ptr<char[]> ciphers; ImmutableString ciphers;
std::unique_ptr<char[]> cacert; ImmutableString cacert;
bool insecure; bool insecure;
bool no_http2_cipher_black_list; bool no_http2_cipher_black_list;
}; };
@ -469,8 +473,8 @@ struct Http2Config {
struct { struct {
struct { struct {
struct { struct {
std::unique_ptr<char[]> request_header_file; ImmutableString request_header_file;
std::unique_ptr<char[]> response_header_file; ImmutableString response_header_file;
FILE *request_header; FILE *request_header;
FILE *response_header; FILE *response_header;
} dump; } dump;
@ -500,12 +504,12 @@ struct Http2Config {
struct LoggingConfig { struct LoggingConfig {
struct { struct {
std::vector<LogFragment> format; std::vector<LogFragment> format;
std::unique_ptr<char[]> file; ImmutableString file;
// Send accesslog to syslog, ignoring accesslog_file. // Send accesslog to syslog, ignoring accesslog_file.
bool syslog; bool syslog;
} access; } access;
struct { struct {
std::unique_ptr<char[]> file; ImmutableString file;
// Send errorlog to syslog, ignoring errorlog_file. // Send errorlog to syslog, ignoring errorlog_file.
bool syslog; bool syslog;
} error; } error;
@ -577,10 +581,10 @@ struct Config {
TLSConfig tls; TLSConfig tls;
LoggingConfig logging; LoggingConfig logging;
ConnectionConfig conn; ConnectionConfig conn;
std::unique_ptr<char[]> pid_file; ImmutableString pid_file;
std::unique_ptr<char[]> conf_path; ImmutableString conf_path;
std::unique_ptr<char[]> user; ImmutableString user;
std::unique_ptr<char[]> mruby_file; ImmutableString mruby_file;
char **original_argv; char **original_argv;
char **argv; char **argv;
char *cwd; char *cwd;

18
src/shrpx_connection_handler.cc
View File

@ -202,9 +202,8 @@ int ConnectionHandler::create_single_worker() {
#ifdef HAVE_NEVERBLEED #ifdef HAVE_NEVERBLEED
nb_.get(), nb_.get(),
#endif // HAVE_NEVERBLEED #endif // HAVE_NEVERBLEED
StringRef::from_maybe_nullptr(tlsconf.cacert.get()), StringRef{tlsconf.cacert}, StringRef{memcachedconf.cert_file},
StringRef(memcachedconf.cert_file), StringRef{memcachedconf.private_key_file}, StringRef(), nullptr);
StringRef(memcachedconf.private_key_file), StringRef(), nullptr);
all_ssl_ctx_.push_back(session_cache_ssl_ctx); all_ssl_ctx_.push_back(session_cache_ssl_ctx);
} }
@ -253,9 +252,8 @@ int ConnectionHandler::create_worker_thread(size_t num) {
#ifdef HAVE_NEVERBLEED #ifdef HAVE_NEVERBLEED
nb_.get(), nb_.get(),
#endif // HAVE_NEVERBLEED #endif // HAVE_NEVERBLEED
StringRef::from_maybe_nullptr(tlsconf.cacert.get()), StringRef{tlsconf.cacert}, StringRef{memcachedconf.cert_file},
StringRef(memcachedconf.cert_file), StringRef{memcachedconf.private_key_file}, StringRef{}, nullptr);
StringRef(memcachedconf.private_key_file), StringRef(), nullptr);
all_ssl_ctx_.push_back(session_cache_ssl_ctx); all_ssl_ctx_.push_back(session_cache_ssl_ctx);
} }
auto worker = auto worker =
@ -463,7 +461,8 @@ int ConnectionHandler::start_ocsp_update(const char *cert_file) {
assert(!ev_is_active(&ocsp_.chldev)); assert(!ev_is_active(&ocsp_.chldev));
char *const argv[] = { char *const argv[] = {
const_cast<char *>(get_config()->tls.ocsp.fetch_ocsp_response_file.get()), const_cast<char *>(
get_config()->tls.ocsp.fetch_ocsp_response_file.c_str()),
const_cast<char *>(cert_file), nullptr}; const_cast<char *>(cert_file), nullptr};
char *const envp[] = {nullptr}; char *const envp[] = {nullptr};
@ -767,9 +766,8 @@ SSL_CTX *ConnectionHandler::create_tls_ticket_key_memcached_ssl_ctx() {
#ifdef HAVE_NEVERBLEED #ifdef HAVE_NEVERBLEED
nb_.get(), nb_.get(),
#endif // HAVE_NEVERBLEED #endif // HAVE_NEVERBLEED
StringRef::from_maybe_nullptr(tlsconf.cacert.get()), StringRef{tlsconf.cacert}, StringRef{memcachedconf.cert_file},
StringRef(memcachedconf.cert_file), StringRef{memcachedconf.private_key_file}, StringRef{}, nullptr);
StringRef(memcachedconf.private_key_file), StringRef(), nullptr);
all_ssl_ctx_.push_back(ssl_ctx); all_ssl_ctx_.push_back(ssl_ctx);

14
src/shrpx_log.cc
View File

@ -393,23 +393,23 @@ int reopen_log_files() {
auto &accessconf = get_config()->logging.access; auto &accessconf = get_config()->logging.access;
auto &errorconf = get_config()->logging.error; auto &errorconf = get_config()->logging.error;
if (!accessconf.syslog && accessconf.file) { if (!accessconf.syslog && !accessconf.file.empty()) {
new_accesslog_fd = util::open_log_file(accessconf.file.get()); new_accesslog_fd = util::open_log_file(accessconf.file.c_str());
if (new_accesslog_fd == -1) { if (new_accesslog_fd == -1) {
LOG(ERROR) << "Failed to open accesslog file " << accessconf.file.get(); LOG(ERROR) << "Failed to open accesslog file " << accessconf.file;
res = -1; res = -1;
} }
} }
if (!errorconf.syslog && errorconf.file) { if (!errorconf.syslog && !errorconf.file.empty()) {
new_errorlog_fd = util::open_log_file(errorconf.file.get()); new_errorlog_fd = util::open_log_file(errorconf.file.c_str());
if (new_errorlog_fd == -1) { if (new_errorlog_fd == -1) {
if (lgconf->errorlog_fd != -1) { if (lgconf->errorlog_fd != -1) {
LOG(ERROR) << "Failed to open errorlog file " << errorconf.file.get(); LOG(ERROR) << "Failed to open errorlog file " << errorconf.file;
} else { } else {
std::cerr << "Failed to open errorlog file " << errorconf.file.get() std::cerr << "Failed to open errorlog file " << errorconf.file
<< std::endl; << std::endl;
} }

11
src/shrpx_mruby.cc
View File

@ -31,7 +31,6 @@
#include "shrpx_config.h" #include "shrpx_config.h"
#include "shrpx_mruby_module.h" #include "shrpx_mruby_module.h"
#include "shrpx_downstream_connection.h" #include "shrpx_downstream_connection.h"
#include "template.h"
namespace shrpx { namespace shrpx {
@ -146,12 +145,12 @@ mrb_value instantiate_app(mrb_state *mrb, RProc *proc) {
// very hard to write these kind of code because mruby has almost no // very hard to write these kind of code because mruby has almost no
// documentation aobut compiling or generating code, at least at the // documentation aobut compiling or generating code, at least at the
// time of this writing. // time of this writing.
RProc *compile(mrb_state *mrb, const char *filename) { RProc *compile(mrb_state *mrb, const StringRef &filename) {
if (filename == nullptr) { if (filename.empty()) {
return nullptr; return nullptr;
} }
auto infile = fopen(filename, "rb"); auto infile = fopen(filename.c_str(), "rb");
if (infile == nullptr) { if (infile == nullptr) {
return nullptr; return nullptr;
} }
@ -185,8 +184,8 @@ RProc *compile(mrb_state *mrb, const char *filename) {
return proc; return proc;
} }
std::unique_ptr<MRubyContext> create_mruby_context(const char *filename) { std::unique_ptr<MRubyContext> create_mruby_context(const StringRef &filename) {
if (!filename) { if (filename.empty()) {
return make_unique<MRubyContext>(nullptr, mrb_nil_value(), mrb_nil_value()); return make_unique<MRubyContext>(nullptr, mrb_nil_value(), mrb_nil_value());
} }

6
src/shrpx_mruby.h
View File

@ -32,6 +32,8 @@
#include <mruby.h> #include <mruby.h>
#include <mruby/proc.h> #include <mruby/proc.h>
#include "template.h"
using namespace nghttp2; using namespace nghttp2;
namespace shrpx { namespace shrpx {
@ -69,9 +71,9 @@ struct MRubyAssocData {
bool response_headers_dirty; bool response_headers_dirty;
}; };
RProc *compile(mrb_state *mrb, const char *filename); RProc *compile(mrb_state *mrb, const StringRef &filename);
std::unique_ptr<MRubyContext> create_mruby_context(const char *filename); std::unique_ptr<MRubyContext> create_mruby_context(const StringRef &filename);
// Return interned |ptr|. // Return interned |ptr|.
mrb_sym intern_ptr(mrb_state *mrb, void *ptr); mrb_sym intern_ptr(mrb_state *mrb, void *ptr);

44
src/shrpx_ssl.cc
View File

@ -124,13 +124,13 @@ set_alpn_prefs(const std::vector<std::string> &protos) {
namespace { namespace {
int ssl_pem_passwd_cb(char *buf, int size, int rwflag, void *user_data) { int ssl_pem_passwd_cb(char *buf, int size, int rwflag, void *user_data) {
auto config = static_cast<Config *>(user_data); auto config = static_cast<Config *>(user_data);
int len = (int)strlen(config->tls.private_key_passwd.get()); auto len = static_cast<int>(config->tls.private_key_passwd.size());
if (size < len + 1) { if (size < len + 1) {
LOG(ERROR) << "ssl_pem_passwd_cb: buf is too small " << size; LOG(ERROR) << "ssl_pem_passwd_cb: buf is too small " << size;
return 0; return 0;
} }
// Copy string including last '\0'. // Copy string including last '\0'.
memcpy(buf, config->tls.private_key_passwd.get(), len + 1); memcpy(buf, config->tls.private_key_passwd.c_str(), len + 1);
return len; return len;
} }
} // namespace } // namespace
@ -485,7 +485,7 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
SSL_CTX_set_session_id_context(ssl_ctx, sid_ctx, sizeof(sid_ctx) - 1); SSL_CTX_set_session_id_context(ssl_ctx, sid_ctx, sizeof(sid_ctx) - 1);
SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_SERVER); SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_SERVER);
if (tlsconf.session_cache.memcached.host) { if (!tlsconf.session_cache.memcached.host.empty()) {
SSL_CTX_sess_set_new_cb(ssl_ctx, tls_session_new_cb); SSL_CTX_sess_set_new_cb(ssl_ctx, tls_session_new_cb);
SSL_CTX_sess_set_get_cb(ssl_ctx, tls_session_get_cb); SSL_CTX_sess_set_get_cb(ssl_ctx, tls_session_get_cb);
} }
@ -493,8 +493,8 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
SSL_CTX_set_timeout(ssl_ctx, tlsconf.session_timeout.count()); SSL_CTX_set_timeout(ssl_ctx, tlsconf.session_timeout.count());
const char *ciphers; const char *ciphers;
if (tlsconf.ciphers) { if (!tlsconf.ciphers.empty()) {
ciphers = tlsconf.ciphers.get(); ciphers = tlsconf.ciphers.c_str();
} else { } else {
ciphers = nghttp2::ssl::DEFAULT_CIPHER_LIST; ciphers = nghttp2::ssl::DEFAULT_CIPHER_LIST;
} }
@ -527,9 +527,9 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
#endif // OPENSSL_NO_EC #endif // OPENSSL_NO_EC
if (tlsconf.dh_param_file) { if (!tlsconf.dh_param_file.empty()) {
// Read DH parameters from file // Read DH parameters from file
auto bio = BIO_new_file(tlsconf.dh_param_file.get(), "r"); auto bio = BIO_new_file(tlsconf.dh_param_file.c_str(), "r");
if (bio == nullptr) { if (bio == nullptr) {
LOG(FATAL) << "BIO_new_file() failed: " LOG(FATAL) << "BIO_new_file() failed: "
<< ERR_error_string(ERR_get_error(), nullptr); << ERR_error_string(ERR_get_error(), nullptr);
@ -548,7 +548,7 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS); SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
if (tlsconf.private_key_passwd) { if (!tlsconf.private_key_passwd.empty()) {
SSL_CTX_set_default_passwd_cb(ssl_ctx, ssl_pem_passwd_cb); SSL_CTX_set_default_passwd_cb(ssl_ctx, ssl_pem_passwd_cb);
SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, (void *)get_config()); SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, (void *)get_config());
} }
@ -579,12 +579,12 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
DIE(); DIE();
} }
if (tlsconf.client_verify.enabled) { if (tlsconf.client_verify.enabled) {
if (tlsconf.client_verify.cacert) { if (!tlsconf.client_verify.cacert.empty()) {
if (SSL_CTX_load_verify_locations( if (SSL_CTX_load_verify_locations(
ssl_ctx, tlsconf.client_verify.cacert.get(), nullptr) != 1) { ssl_ctx, tlsconf.client_verify.cacert.c_str(), nullptr) != 1) {
LOG(FATAL) << "Could not load trusted ca certificates from " LOG(FATAL) << "Could not load trusted ca certificates from "
<< tlsconf.client_verify.cacert.get() << ": " << tlsconf.client_verify.cacert << ": "
<< ERR_error_string(ERR_get_error(), nullptr); << ERR_error_string(ERR_get_error(), nullptr);
DIE(); DIE();
} }
@ -592,10 +592,10 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
// error even though it returns success. See // error even though it returns success. See
// http://forum.nginx.org/read.php?29,242540 // http://forum.nginx.org/read.php?29,242540
ERR_clear_error(); ERR_clear_error();
auto list = SSL_load_client_CA_file(tlsconf.client_verify.cacert.get()); auto list = SSL_load_client_CA_file(tlsconf.client_verify.cacert.c_str());
if (!list) { if (!list) {
LOG(FATAL) << "Could not load ca certificates from " LOG(FATAL) << "Could not load ca certificates from "
<< tlsconf.client_verify.cacert.get() << ": " << tlsconf.client_verify.cacert << ": "
<< ERR_error_string(ERR_get_error(), nullptr); << ERR_error_string(ERR_get_error(), nullptr);
DIE(); DIE();
} }
@ -683,8 +683,8 @@ SSL_CTX *create_ssl_client_context(
SSL_CTX_set_options(ssl_ctx, ssl_opts | tlsconf.tls_proto_mask); SSL_CTX_set_options(ssl_ctx, ssl_opts | tlsconf.tls_proto_mask);
const char *ciphers; const char *ciphers;
if (tlsconf.ciphers) { if (!tlsconf.ciphers.empty()) {
ciphers = tlsconf.ciphers.get(); ciphers = tlsconf.ciphers.c_str();
} else { } else {
ciphers = nghttp2::ssl::DEFAULT_CIPHER_LIST; ciphers = nghttp2::ssl::DEFAULT_CIPHER_LIST;
} }
@ -1245,8 +1245,8 @@ SSL_CTX *setup_server_ssl_context(std::vector<SSL_CTX *> &all_ssl_ctx,
auto &tlsconf = get_config()->tls; auto &tlsconf = get_config()->tls;
auto ssl_ctx = ssl::create_ssl_context(tlsconf.private_key_file.get(), auto ssl_ctx = ssl::create_ssl_context(tlsconf.private_key_file.c_str(),
tlsconf.cert_file.get() tlsconf.cert_file.c_str()
#ifdef HAVE_NEVERBLEED #ifdef HAVE_NEVERBLEED
, ,
nb nb
@ -1281,8 +1281,8 @@ SSL_CTX *setup_server_ssl_context(std::vector<SSL_CTX *> &all_ssl_ctx,
} }
} }
if (ssl::cert_lookup_tree_add_cert_from_file(cert_tree, ssl_ctx, if (ssl::cert_lookup_tree_add_cert_from_file(
tlsconf.cert_file.get()) == -1) { cert_tree, ssl_ctx, tlsconf.cert_file.c_str()) == -1) {
LOG(FATAL) << "Failed to add default certificate."; LOG(FATAL) << "Failed to add default certificate.";
DIE(); DIE();
} }
@ -1323,10 +1323,8 @@ SSL_CTX *setup_downstream_client_ssl_context(
#ifdef HAVE_NEVERBLEED #ifdef HAVE_NEVERBLEED
nb, nb,
#endif // HAVE_NEVERBLEED #endif // HAVE_NEVERBLEED
StringRef::from_maybe_nullptr(tlsconf.cacert.get()), StringRef{tlsconf.cacert}, StringRef{tlsconf.client.cert_file},
StringRef::from_maybe_nullptr(tlsconf.client.cert_file.get()), StringRef{tlsconf.client.private_key_file}, alpn, next_proto_select_cb);
StringRef::from_maybe_nullptr(tlsconf.client.private_key_file.get()),
alpn, next_proto_select_cb);
} }
CertLookupTree *create_cert_lookup_tree() { CertLookupTree *create_cert_lookup_tree() {

7
src/shrpx_worker.cc
View File

@ -91,11 +91,11 @@ Worker::Worker(struct ev_loop *loop, SSL_CTX *sv_ssl_ctx, SSL_CTX *cl_ssl_ctx,
auto &session_cacheconf = get_config()->tls.session_cache; auto &session_cacheconf = get_config()->tls.session_cache;
if (session_cacheconf.memcached.host) { if (!session_cacheconf.memcached.host.empty()) {
session_cache_memcached_dispatcher_ = make_unique<MemcachedDispatcher>( session_cache_memcached_dispatcher_ = make_unique<MemcachedDispatcher>(
&session_cacheconf.memcached.addr, loop, &session_cacheconf.memcached.addr, loop,
tls_session_cache_memcached_ssl_ctx, tls_session_cache_memcached_ssl_ctx,
session_cacheconf.memcached.host.get(), &mcpool_); StringRef{session_cacheconf.memcached.host}, &mcpool_);
} }
auto &downstreamconf = get_config()->conn.downstream; auto &downstreamconf = get_config()->conn.downstream;
@ -290,8 +290,7 @@ std::mt19937 &Worker::get_randgen() { return randgen_; }
#ifdef HAVE_MRUBY #ifdef HAVE_MRUBY
int Worker::create_mruby_context() { int Worker::create_mruby_context() {
auto mruby_file = get_config()->mruby_file.get(); mruby_ctx_ = mruby::create_mruby_context(StringRef{get_config()->mruby_file});
mruby_ctx_ = mruby::create_mruby_context(mruby_file);
if (!mruby_ctx_) { if (!mruby_ctx_) {
return -1; return -1;
} }

8
src/shrpx_worker_process.cc
View File

@ -64,7 +64,7 @@ void drop_privileges(
#endif // HAVE_NEVERBLEED #endif // HAVE_NEVERBLEED
) { ) {
if (getuid() == 0 && get_config()->uid != 0) { if (getuid() == 0 && get_config()->uid != 0) {
if (initgroups(get_config()->user.get(), get_config()->gid) != 0) { if (initgroups(get_config()->user.c_str(), get_config()->gid) != 0) {
auto error = errno; auto error = errno;
LOG(FATAL) << "Could not change supplementary groups: " LOG(FATAL) << "Could not change supplementary groups: "
<< strerror(error); << strerror(error);
@ -86,7 +86,7 @@ void drop_privileges(
} }
#ifdef HAVE_NEVERBLEED #ifdef HAVE_NEVERBLEED
if (nb) { if (nb) {
neverbleed_setuidgid(nb, get_config()->user.get(), 1); neverbleed_setuidgid(nb, get_config()->user.c_str(), 1);
} }
#endif // HAVE_NEVERBLEED #endif // HAVE_NEVERBLEED
} }
@ -427,7 +427,7 @@ int worker_process_event_loop(WorkerProcessConfig *wpconf) {
auto &ticketconf = get_config()->tls.ticket; auto &ticketconf = get_config()->tls.ticket;
auto &memcachedconf = ticketconf.memcached; auto &memcachedconf = ticketconf.memcached;
if (ticketconf.memcached.host) { if (!memcachedconf.host.empty()) {
SSL_CTX *ssl_ctx = nullptr; SSL_CTX *ssl_ctx = nullptr;
if (memcachedconf.tls) { if (memcachedconf.tls) {
@ -437,7 +437,7 @@ int worker_process_event_loop(WorkerProcessConfig *wpconf) {
conn_handler.set_tls_ticket_key_memcached_dispatcher( conn_handler.set_tls_ticket_key_memcached_dispatcher(
make_unique<MemcachedDispatcher>( make_unique<MemcachedDispatcher>(
&ticketconf.memcached.addr, loop, ssl_ctx, &ticketconf.memcached.addr, loop, ssl_ctx,
StringRef(memcachedconf.host.get()), &mcpool)); StringRef{memcachedconf.host}, &mcpool));
ev_timer_init(&renew_ticket_key_timer, memcached_get_ticket_key_cb, 0., ev_timer_init(&renew_ticket_key_timer, memcached_get_ticket_key_cb, 0.,
0.); 0.);