walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Merge branch 'nghttpx-replace-unique-ptr-char-with-immutable-string'

This commit is contained in:
Tatsuhiro Tsujikawa 2016-02-14 22:36:48 +09:00
parent 47106c0756 aa3373a107
commit 02b7116d42
10 changed files with 126 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
src/shrpx.cc
View File

@ -199,18 +199,18 @@ int chown_to_running_user(const char *path) {
namespace {
void save_pid() {
std::ofstream out(get_config()->pid_file.get(), std::ios::binary);
std::ofstream out(get_config()->pid_file.c_str(), std::ios::binary);
out << get_config()->pid << "\n";
out.close();
if (!out) {
LOG(ERROR) << "Could not save PID to file " << get_config()->pid_file.get();
LOG(ERROR) << "Could not save PID to file " << get_config()->pid_file;
exit(EXIT_FAILURE);
}
if (get_config()->uid != 0) {
if (chown_to_running_user(get_config()->pid_file.get()) == -1) {
if (chown_to_running_user(get_config()->pid_file.c_str()) == -1) {
auto error = errno;
LOG(WARN) << "Changing owner of pid file " << get_config()->pid_file.get()
LOG(WARN) << "Changing owner of pid file " << get_config()->pid_file
<< " failed: " << strerror(error);
}
}
@ -946,7 +946,7 @@ int event_loop() {
redirect_stderr_to_errorlog();
}
if (get_config()->pid_file) {
if (!get_config()->pid_file.empty()) {
save_pid();
}
@ -1040,7 +1040,7 @@ void fill_default_config() {
*mod_config() = {};
mod_config()->num_worker = 1;
mod_config()->conf_path = strcopy("/etc/nghttpx/nghttpx.conf");
mod_config()->conf_path = "/etc/nghttpx/nghttpx.conf";
mod_config()->pid = getpid();
auto &tlsconf = mod_config()->tls;
@ -1067,8 +1067,7 @@ void fill_default_config() {
auto &ocspconf = tlsconf.ocsp;
// ocsp update interval = 14400 secs = 4 hours, borrowed from h2o
ocspconf.update_interval = 4_h;
ocspconf.fetch_ocsp_response_file =
strcopy(PKGDATADIR "/fetch-ocsp-response");
ocspconf.fetch_ocsp_response_file = PKGDATADIR "/fetch-ocsp-response";
}
{
@ -1122,7 +1121,7 @@ void fill_default_config() {
accessconf.format = parse_log_format(DEFAULT_ACCESSLOG_FORMAT);
auto &errorconf = loggingconf.error;
errorconf.file = strcopy("/dev/stderr");
errorconf.file = "/dev/stderr";
}
loggingconf.syslog_facility = LOG_DAEMON;
@ -1579,8 +1578,8 @@ SSL/TLS:
--fetch-ocsp-response-file=<PATH>
Path to fetch-ocsp-response script file. It should be
absolute path.
Default: )"
<< get_config()->tls.ocsp.fetch_ocsp_response_file.get() << R"(
Default: )" << get_config()->tls.ocsp.fetch_ocsp_response_file
<< R"(
--ocsp-update-interval=<DURATION>
Set interval to update OCSP response cache.
Default: )"
@ -1753,7 +1752,7 @@ Logging:
Set path to write error log. To reopen file, send USR1
signal to nghttpx. stderr will be redirected to the
error log file unless --errorlog-syslog is used.
Default: )" << get_config()->logging.error.file.get() << R"(
Default: )" << get_config()->logging.error.file << R"(
--errorlog-syslog
Send error log to syslog. If this option is used,
--errorlog-file option is ignored.
@ -1894,7 +1893,7 @@ Scripting:
Misc:
--conf=<PATH>
Load configuration from <PATH>.
Default: )" << get_config()->conf_path.get() << R"(
Default: )" << get_config()->conf_path << R"(
--include=<PATH>
Load additional configurations from <PATH>. File <PATH>
is read when configuration parser encountered this
@ -1920,11 +1919,11 @@ namespace {
void process_options(
int argc, char **argv,
std::vector<std::pair<const char *, const char *>> &cmdcfgs) {
if (conf_exists(get_config()->conf_path.get())) {
if (conf_exists(get_config()->conf_path.c_str())) {
std::set<std::string> include_set;
if (load_config(get_config()->conf_path.get(), include_set) == -1) {
if (load_config(get_config()->conf_path.c_str(), include_set) == -1) {
LOG(FATAL) << "Failed to load configuration from "
<< get_config()->conf_path.get();
<< get_config()->conf_path;
exit(EXIT_FAILURE);
}
assert(include_set.empty());
@ -1987,8 +1986,8 @@ void process_options(
{
auto &dumpconf = http2conf.upstream.debug.dump;
if (dumpconf.request_header_file) {
auto path = dumpconf.request_header_file.get();
if (!dumpconf.request_header_file.empty()) {
auto path = dumpconf.request_header_file.c_str();
auto f = open_file_for_write(path);
if (f == nullptr) {
@ -2008,8 +2007,8 @@ void process_options(
}
}
if (dumpconf.response_header_file) {
auto path = dumpconf.response_header_file.get();
if (!dumpconf.response_header_file.empty()) {
auto path = dumpconf.response_header_file.c_str();
auto f = open_file_for_write(path);
if (f == nullptr) {
@ -2086,7 +2085,7 @@ void process_options(
}
if (!upstreamconf.no_tls &&
(!tlsconf.private_key_file || !tlsconf.cert_file)) {
(tlsconf.private_key_file.empty() || tlsconf.cert_file.empty())) {
print_usage(std::cerr);
LOG(FATAL) << "Too few arguments";
exit(EXIT_FAILURE);
@ -2094,10 +2093,10 @@ void process_options(
if (!upstreamconf.no_tls && !tlsconf.ocsp.disabled) {
struct stat buf;
if (stat(tlsconf.ocsp.fetch_ocsp_response_file.get(), &buf) != 0) {
if (stat(tlsconf.ocsp.fetch_ocsp_response_file.c_str(), &buf) != 0) {
tlsconf.ocsp.disabled = true;
LOG(WARN) << "--fetch-ocsp-response-file: "
<< tlsconf.ocsp.fetch_ocsp_response_file.get()
<< tlsconf.ocsp.fetch_ocsp_response_file
<< " not found. OCSP stapling has been disabled.";
}
}
@ -2220,10 +2219,10 @@ void process_options(
{
auto &memcachedconf = tlsconf.session_cache.memcached;
if (memcachedconf.host) {
auto hostport =
util::make_hostport(memcachedconf.host.get(), memcachedconf.port);
if (resolve_hostname(&memcachedconf.addr, memcachedconf.host.get(),
if (!memcachedconf.host.empty()) {
auto hostport = util::make_hostport(StringRef{memcachedconf.host},
memcachedconf.port);
if (resolve_hostname(&memcachedconf.addr, memcachedconf.host.c_str(),
memcachedconf.port, memcachedconf.family) == -1) {
LOG(FATAL)
<< "Resolving memcached address for TLS session cache failed: "
@ -2238,10 +2237,10 @@ void process_options(
{
auto &memcachedconf = tlsconf.ticket.memcached;
if (memcachedconf.host) {
auto hostport =
util::make_hostport(memcachedconf.host.get(), memcachedconf.port);
if (resolve_hostname(&memcachedconf.addr, memcachedconf.host.get(),
if (!memcachedconf.host.empty()) {
auto hostport = util::make_hostport(StringRef{memcachedconf.host},
memcachedconf.port);
if (resolve_hostname(&memcachedconf.addr, memcachedconf.host.c_str(),
memcachedconf.port, memcachedconf.family) == -1) {
LOG(FATAL) << "Resolving memcached address for TLS ticket key failed: "
<< hostport;
@ -2564,7 +2563,7 @@ int main(int argc, char **argv) {
break;
case 12:
// --conf
mod_config()->conf_path = strcopy(optarg);
mod_config()->conf_path = optarg;
break;
case 14:
// --syslog-facility

40
src/shrpx_config.cc
View File

@ -1622,7 +1622,7 @@ int parse_config(const char *opt, const char *optarg,
return parse_duration(&mod_config()->http2.timeout.stream_write, opt,
optarg);
case SHRPX_OPTID_ACCESSLOG_FILE:
mod_config()->logging.access.file = strcopy(optarg);
mod_config()->logging.access.file = optarg;
return 0;
case SHRPX_OPTID_ACCESSLOG_SYSLOG:
@ -1634,7 +1634,7 @@ int parse_config(const char *opt, const char *optarg,
return 0;
case SHRPX_OPTID_ERRORLOG_FILE:
mod_config()->logging.error.file = strcopy(optarg);
mod_config()->logging.error.file = optarg;
return 0;
case SHRPX_OPTID_ERRORLOG_SYSLOG:
@ -1728,7 +1728,7 @@ int parse_config(const char *opt, const char *optarg,
return 0;
case SHRPX_OPTID_PID_FILE:
mod_config()->pid_file = strcopy(optarg);
mod_config()->pid_file = optarg;
return 0;
case SHRPX_OPTID_USER: {
@ -1738,14 +1738,14 @@ int parse_config(const char *opt, const char *optarg,
<< strerror(errno);
return -1;
}
mod_config()->user = strcopy(pwd->pw_name);
mod_config()->user = pwd->pw_name;
mod_config()->uid = pwd->pw_uid;
mod_config()->gid = pwd->pw_gid;
return 0;
}
case SHRPX_OPTID_PRIVATE_KEY_FILE:
mod_config()->tls.private_key_file = strcopy(optarg);
mod_config()->tls.private_key_file = optarg;
return 0;
case SHRPX_OPTID_PRIVATE_KEY_PASSWD_FILE: {
@ -1754,16 +1754,16 @@ int parse_config(const char *opt, const char *optarg,
LOG(ERROR) << opt << ": Couldn't read key file's passwd from " << optarg;
return -1;
}
mod_config()->tls.private_key_passwd = strcopy(passwd);
mod_config()->tls.private_key_passwd = passwd;
return 0;
}
case SHRPX_OPTID_CERTIFICATE_FILE:
mod_config()->tls.cert_file = strcopy(optarg);
mod_config()->tls.cert_file = optarg;
return 0;
case SHRPX_OPTID_DH_PARAM_FILE:
mod_config()->tls.dh_param_file = strcopy(optarg);
mod_config()->tls.dh_param_file = optarg;
return 0;
case SHRPX_OPTID_SUBCERT: {
@ -1804,7 +1804,7 @@ int parse_config(const char *opt, const char *optarg,
return 0;
}
case SHRPX_OPTID_CIPHERS:
mod_config()->tls.ciphers = strcopy(optarg);
mod_config()->tls.ciphers = optarg;
return 0;
case SHRPX_OPTID_CLIENT:
@ -1816,7 +1816,7 @@ int parse_config(const char *opt, const char *optarg,
return 0;
case SHRPX_OPTID_CACERT:
mod_config()->tls.cacert = strcopy(optarg);
mod_config()->tls.cacert = optarg;
return 0;
case SHRPX_OPTID_BACKEND_IPV4:
@ -1907,25 +1907,23 @@ int parse_config(const char *opt, const char *optarg,
return 0;
case SHRPX_OPTID_VERIFY_CLIENT_CACERT:
mod_config()->tls.client_verify.cacert = strcopy(optarg);
mod_config()->tls.client_verify.cacert = optarg;
return 0;
case SHRPX_OPTID_CLIENT_PRIVATE_KEY_FILE:
mod_config()->tls.client.private_key_file = strcopy(optarg);
mod_config()->tls.client.private_key_file = optarg;
return 0;
case SHRPX_OPTID_CLIENT_CERT_FILE:
mod_config()->tls.client.cert_file = strcopy(optarg);
mod_config()->tls.client.cert_file = optarg;
return 0;
case SHRPX_OPTID_FRONTEND_HTTP2_DUMP_REQUEST_HEADER:
mod_config()->http2.upstream.debug.dump.request_header_file =
strcopy(optarg);
mod_config()->http2.upstream.debug.dump.request_header_file = optarg;
return 0;
case SHRPX_OPTID_FRONTEND_HTTP2_DUMP_RESPONSE_HEADER:
mod_config()->http2.upstream.debug.dump.response_header_file =
strcopy(optarg);
mod_config()->http2.upstream.debug.dump.response_header_file = optarg;
return 0;
case SHRPX_OPTID_HTTP2_NO_COOKIE_CRUMBLING:
@ -2086,7 +2084,7 @@ int parse_config(const char *opt, const char *optarg,
return parse_uint(&mod_config()->http2.downstream.connections_per_worker,
opt, optarg);
case SHRPX_OPTID_FETCH_OCSP_RESPONSE_FILE:
mod_config()->tls.ocsp.fetch_ocsp_response_file = strcopy(optarg);
mod_config()->tls.ocsp.fetch_ocsp_response_file = optarg;
return 0;
case SHRPX_OPTID_OCSP_UPDATE_INTERVAL:
@ -2154,7 +2152,7 @@ int parse_config(const char *opt, const char *optarg,
}
auto &memcachedconf = mod_config()->tls.session_cache.memcached;
memcachedconf.host = strcopy(host);
memcachedconf.host = host;
memcachedconf.port = port;
return 0;
@ -2166,7 +2164,7 @@ int parse_config(const char *opt, const char *optarg,
}
auto &memcachedconf = mod_config()->tls.ticket.memcached;
memcachedconf.host = strcopy(host);
memcachedconf.host = host;
memcachedconf.port = port;
return 0;
@ -2207,7 +2205,7 @@ int parse_config(const char *opt, const char *optarg,
case SHRPX_OPTID_MRUBY_FILE:
#ifdef HAVE_MRUBY
mod_config()->mruby_file = strcopy(optarg);
mod_config()->mruby_file = optarg;
#else // !HAVE_MRUBY
LOG(WARN) << opt
<< ": ignored because mruby support is disabled at build time.";

44
src/shrpx_config.h
View File

@ -343,7 +343,9 @@ struct TLSConfig {
struct {
Address addr;
uint16_t port;
std::unique_ptr<char[]> host;
// Hostname of memcached server. This is also used as SNI field
// if TLS is enabled.
ImmutableString host;
// Client private key and certificate for authentication
ImmutableString private_key_file;
ImmutableString cert_file;
@ -370,7 +372,9 @@ struct TLSConfig {
struct {
Address addr;
uint16_t port;
std::unique_ptr<char[]> host;
// Hostname of memcached server. This is also used as SNI field
// if TLS is enabled.
ImmutableString host;
// Client private key and certificate for authentication
ImmutableString private_key_file;
ImmutableString cert_file;
@ -390,7 +394,7 @@ struct TLSConfig {
// OCSP realted configurations
struct {
ev_tstamp update_interval;
std::unique_ptr<char[]> fetch_ocsp_response_file;
ImmutableString fetch_ocsp_response_file;
bool disabled;
} ocsp;
@ -398,14 +402,14 @@ struct TLSConfig {
struct {
// Path to file containing CA certificate solely used for client
// certificate validation
std::unique_ptr<char[]> cacert;
ImmutableString cacert;
bool enabled;
} client_verify;
// Client private key and certificate used in backend connections.
struct {
std::unique_ptr<char[]> private_key_file;
std::unique_ptr<char[]> cert_file;
ImmutableString private_key_file;
ImmutableString cert_file;
} client;
// The list of (private key file, certificate file) pair
@ -422,12 +426,12 @@ struct TLSConfig {
long int tls_proto_mask;
std::string backend_sni_name;
std::chrono::seconds session_timeout;
std::unique_ptr<char[]> private_key_file;
std::unique_ptr<char[]> private_key_passwd;
std::unique_ptr<char[]> cert_file;
std::unique_ptr<char[]> dh_param_file;
std::unique_ptr<char[]> ciphers;
std::unique_ptr<char[]> cacert;
ImmutableString private_key_file;
ImmutableString private_key_passwd;
ImmutableString cert_file;
ImmutableString dh_param_file;
ImmutableString ciphers;
ImmutableString cacert;
bool insecure;
bool no_http2_cipher_black_list;
};
@ -469,8 +473,8 @@ struct Http2Config {
struct {
struct {
struct {
std::unique_ptr<char[]> request_header_file;
std::unique_ptr<char[]> response_header_file;
ImmutableString request_header_file;
ImmutableString response_header_file;
FILE *request_header;
FILE *response_header;
} dump;
@ -500,12 +504,12 @@ struct Http2Config {
struct LoggingConfig {
struct {
std::vector<LogFragment> format;
std::unique_ptr<char[]> file;
ImmutableString file;
// Send accesslog to syslog, ignoring accesslog_file.
bool syslog;
} access;
struct {
std::unique_ptr<char[]> file;
ImmutableString file;
// Send errorlog to syslog, ignoring errorlog_file.
bool syslog;
} error;
@ -577,10 +581,10 @@ struct Config {
TLSConfig tls;
LoggingConfig logging;
ConnectionConfig conn;
std::unique_ptr<char[]> pid_file;
std::unique_ptr<char[]> conf_path;
std::unique_ptr<char[]> user;
std::unique_ptr<char[]> mruby_file;
ImmutableString pid_file;
ImmutableString conf_path;
ImmutableString user;
ImmutableString mruby_file;
char **original_argv;
char **argv;
char *cwd;

18
src/shrpx_connection_handler.cc
View File

@ -202,9 +202,8 @@ int ConnectionHandler::create_single_worker() {
#ifdef HAVE_NEVERBLEED
nb_.get(),
#endif // HAVE_NEVERBLEED
StringRef::from_maybe_nullptr(tlsconf.cacert.get()),
StringRef(memcachedconf.cert_file),
StringRef(memcachedconf.private_key_file), StringRef(), nullptr);
StringRef{tlsconf.cacert}, StringRef{memcachedconf.cert_file},
StringRef{memcachedconf.private_key_file}, StringRef(), nullptr);
all_ssl_ctx_.push_back(session_cache_ssl_ctx);
}
@ -253,9 +252,8 @@ int ConnectionHandler::create_worker_thread(size_t num) {
#ifdef HAVE_NEVERBLEED
nb_.get(),
#endif // HAVE_NEVERBLEED
StringRef::from_maybe_nullptr(tlsconf.cacert.get()),
StringRef(memcachedconf.cert_file),
StringRef(memcachedconf.private_key_file), StringRef(), nullptr);
StringRef{tlsconf.cacert}, StringRef{memcachedconf.cert_file},
StringRef{memcachedconf.private_key_file}, StringRef{}, nullptr);
all_ssl_ctx_.push_back(session_cache_ssl_ctx);
}
auto worker =
@ -463,7 +461,8 @@ int ConnectionHandler::start_ocsp_update(const char *cert_file) {
assert(!ev_is_active(&ocsp_.chldev));
char *const argv[] = {
const_cast<char *>(get_config()->tls.ocsp.fetch_ocsp_response_file.get()),
const_cast<char *>(
get_config()->tls.ocsp.fetch_ocsp_response_file.c_str()),
const_cast<char *>(cert_file), nullptr};
char *const envp[] = {nullptr};
@ -767,9 +766,8 @@ SSL_CTX *ConnectionHandler::create_tls_ticket_key_memcached_ssl_ctx() {
#ifdef HAVE_NEVERBLEED
nb_.get(),
#endif // HAVE_NEVERBLEED
StringRef::from_maybe_nullptr(tlsconf.cacert.get()),
StringRef(memcachedconf.cert_file),
StringRef(memcachedconf.private_key_file), StringRef(), nullptr);
StringRef{tlsconf.cacert}, StringRef{memcachedconf.cert_file},
StringRef{memcachedconf.private_key_file}, StringRef{}, nullptr);
all_ssl_ctx_.push_back(ssl_ctx);

14
src/shrpx_log.cc
View File

@ -393,23 +393,23 @@ int reopen_log_files() {
auto &accessconf = get_config()->logging.access;
auto &errorconf = get_config()->logging.error;
if (!accessconf.syslog && accessconf.file) {
new_accesslog_fd = util::open_log_file(accessconf.file.get());
if (!accessconf.syslog && !accessconf.file.empty()) {
new_accesslog_fd = util::open_log_file(accessconf.file.c_str());
if (new_accesslog_fd == -1) {
LOG(ERROR) << "Failed to open accesslog file " << accessconf.file.get();
LOG(ERROR) << "Failed to open accesslog file " << accessconf.file;
res = -1;
}
}
if (!errorconf.syslog && errorconf.file) {
new_errorlog_fd = util::open_log_file(errorconf.file.get());
if (!errorconf.syslog && !errorconf.file.empty()) {
new_errorlog_fd = util::open_log_file(errorconf.file.c_str());
if (new_errorlog_fd == -1) {
if (lgconf->errorlog_fd != -1) {
LOG(ERROR) << "Failed to open errorlog file " << errorconf.file.get();
LOG(ERROR) << "Failed to open errorlog file " << errorconf.file;
} else {
std::cerr << "Failed to open errorlog file " << errorconf.file.get()
std::cerr << "Failed to open errorlog file " << errorconf.file
<< std::endl;
}

11
src/shrpx_mruby.cc
View File

@ -31,7 +31,6 @@
#include "shrpx_config.h"
#include "shrpx_mruby_module.h"
#include "shrpx_downstream_connection.h"
#include "template.h"
namespace shrpx {
@ -146,12 +145,12 @@ mrb_value instantiate_app(mrb_state *mrb, RProc *proc) {
// very hard to write these kind of code because mruby has almost no
// documentation aobut compiling or generating code, at least at the
// time of this writing.
RProc *compile(mrb_state *mrb, const char *filename) {
if (filename == nullptr) {
RProc *compile(mrb_state *mrb, const StringRef &filename) {
if (filename.empty()) {
return nullptr;
}
auto infile = fopen(filename, "rb");
auto infile = fopen(filename.c_str(), "rb");
if (infile == nullptr) {
return nullptr;
}
@ -185,8 +184,8 @@ RProc *compile(mrb_state *mrb, const char *filename) {
return proc;
}
std::unique_ptr<MRubyContext> create_mruby_context(const char *filename) {
if (!filename) {
std::unique_ptr<MRubyContext> create_mruby_context(const StringRef &filename) {
if (filename.empty()) {
return make_unique<MRubyContext>(nullptr, mrb_nil_value(), mrb_nil_value());
}

6
src/shrpx_mruby.h
View File

@ -32,6 +32,8 @@
#include <mruby.h>
#include <mruby/proc.h>
#include "template.h"
using namespace nghttp2;
namespace shrpx {
@ -69,9 +71,9 @@ struct MRubyAssocData {
bool response_headers_dirty;
};
RProc *compile(mrb_state *mrb, const char *filename);
RProc *compile(mrb_state *mrb, const StringRef &filename);
std::unique_ptr<MRubyContext> create_mruby_context(const char *filename);
std::unique_ptr<MRubyContext> create_mruby_context(const StringRef &filename);
// Return interned |ptr|.
mrb_sym intern_ptr(mrb_state *mrb, void *ptr);

44
src/shrpx_ssl.cc
View File

@ -124,13 +124,13 @@ set_alpn_prefs(const std::vector<std::string> &protos) {
namespace {
int ssl_pem_passwd_cb(char *buf, int size, int rwflag, void *user_data) {
auto config = static_cast<Config *>(user_data);
int len = (int)strlen(config->tls.private_key_passwd.get());
auto len = static_cast<int>(config->tls.private_key_passwd.size());
if (size < len + 1) {
LOG(ERROR) << "ssl_pem_passwd_cb: buf is too small " << size;
return 0;
}
// Copy string including last '\0'.
memcpy(buf, config->tls.private_key_passwd.get(), len + 1);
memcpy(buf, config->tls.private_key_passwd.c_str(), len + 1);
return len;
}
} // namespace
@ -485,7 +485,7 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
SSL_CTX_set_session_id_context(ssl_ctx, sid_ctx, sizeof(sid_ctx) - 1);
SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_SERVER);
if (tlsconf.session_cache.memcached.host) {
if (!tlsconf.session_cache.memcached.host.empty()) {
SSL_CTX_sess_set_new_cb(ssl_ctx, tls_session_new_cb);
SSL_CTX_sess_set_get_cb(ssl_ctx, tls_session_get_cb);
}
@ -493,8 +493,8 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
SSL_CTX_set_timeout(ssl_ctx, tlsconf.session_timeout.count());
const char *ciphers;
if (tlsconf.ciphers) {
ciphers = tlsconf.ciphers.get();
if (!tlsconf.ciphers.empty()) {
ciphers = tlsconf.ciphers.c_str();
} else {
ciphers = nghttp2::ssl::DEFAULT_CIPHER_LIST;
}
@ -527,9 +527,9 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
#endif // OPENSSL_NO_EC
if (tlsconf.dh_param_file) {
if (!tlsconf.dh_param_file.empty()) {
// Read DH parameters from file
auto bio = BIO_new_file(tlsconf.dh_param_file.get(), "r");
auto bio = BIO_new_file(tlsconf.dh_param_file.c_str(), "r");
if (bio == nullptr) {
LOG(FATAL) << "BIO_new_file() failed: "
<< ERR_error_string(ERR_get_error(), nullptr);
@ -548,7 +548,7 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
if (tlsconf.private_key_passwd) {
if (!tlsconf.private_key_passwd.empty()) {
SSL_CTX_set_default_passwd_cb(ssl_ctx, ssl_pem_passwd_cb);
SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, (void *)get_config());
}
@ -579,12 +579,12 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
DIE();
}
if (tlsconf.client_verify.enabled) {
if (tlsconf.client_verify.cacert) {
if (!tlsconf.client_verify.cacert.empty()) {
if (SSL_CTX_load_verify_locations(
ssl_ctx, tlsconf.client_verify.cacert.get(), nullptr) != 1) {
ssl_ctx, tlsconf.client_verify.cacert.c_str(), nullptr) != 1) {
LOG(FATAL) << "Could not load trusted ca certificates from "
<< tlsconf.client_verify.cacert.get() << ": "
<< tlsconf.client_verify.cacert << ": "
<< ERR_error_string(ERR_get_error(), nullptr);
DIE();
}
@ -592,10 +592,10 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
// error even though it returns success. See
// http://forum.nginx.org/read.php?29,242540
ERR_clear_error();
auto list = SSL_load_client_CA_file(tlsconf.client_verify.cacert.get());
auto list = SSL_load_client_CA_file(tlsconf.client_verify.cacert.c_str());
if (!list) {
LOG(FATAL) << "Could not load ca certificates from "
<< tlsconf.client_verify.cacert.get() << ": "
<< tlsconf.client_verify.cacert << ": "
<< ERR_error_string(ERR_get_error(), nullptr);
DIE();
}
@ -683,8 +683,8 @@ SSL_CTX *create_ssl_client_context(
SSL_CTX_set_options(ssl_ctx, ssl_opts | tlsconf.tls_proto_mask);
const char *ciphers;
if (tlsconf.ciphers) {
ciphers = tlsconf.ciphers.get();
if (!tlsconf.ciphers.empty()) {
ciphers = tlsconf.ciphers.c_str();
} else {
ciphers = nghttp2::ssl::DEFAULT_CIPHER_LIST;
}
@ -1245,8 +1245,8 @@ SSL_CTX *setup_server_ssl_context(std::vector<SSL_CTX *> &all_ssl_ctx,
auto &tlsconf = get_config()->tls;
auto ssl_ctx = ssl::create_ssl_context(tlsconf.private_key_file.get(),
tlsconf.cert_file.get()
auto ssl_ctx = ssl::create_ssl_context(tlsconf.private_key_file.c_str(),
tlsconf.cert_file.c_str()
#ifdef HAVE_NEVERBLEED
,
nb
@ -1281,8 +1281,8 @@ SSL_CTX *setup_server_ssl_context(std::vector<SSL_CTX *> &all_ssl_ctx,
}
}
if (ssl::cert_lookup_tree_add_cert_from_file(cert_tree, ssl_ctx,
tlsconf.cert_file.get()) == -1) {
if (ssl::cert_lookup_tree_add_cert_from_file(
cert_tree, ssl_ctx, tlsconf.cert_file.c_str()) == -1) {
LOG(FATAL) << "Failed to add default certificate.";
DIE();
}
@ -1323,10 +1323,8 @@ SSL_CTX *setup_downstream_client_ssl_context(
#ifdef HAVE_NEVERBLEED
nb,
#endif // HAVE_NEVERBLEED
StringRef::from_maybe_nullptr(tlsconf.cacert.get()),
StringRef::from_maybe_nullptr(tlsconf.client.cert_file.get()),
StringRef::from_maybe_nullptr(tlsconf.client.private_key_file.get()),
alpn, next_proto_select_cb);
StringRef{tlsconf.cacert}, StringRef{tlsconf.client.cert_file},
StringRef{tlsconf.client.private_key_file}, alpn, next_proto_select_cb);
}
CertLookupTree *create_cert_lookup_tree() {

7
src/shrpx_worker.cc
View File

@ -91,11 +91,11 @@ Worker::Worker(struct ev_loop *loop, SSL_CTX *sv_ssl_ctx, SSL_CTX *cl_ssl_ctx,
auto &session_cacheconf = get_config()->tls.session_cache;
if (session_cacheconf.memcached.host) {
if (!session_cacheconf.memcached.host.empty()) {
session_cache_memcached_dispatcher_ = make_unique<MemcachedDispatcher>(
&session_cacheconf.memcached.addr, loop,
tls_session_cache_memcached_ssl_ctx,
session_cacheconf.memcached.host.get(), &mcpool_);
StringRef{session_cacheconf.memcached.host}, &mcpool_);
}
auto &downstreamconf = get_config()->conn.downstream;
@ -290,8 +290,7 @@ std::mt19937 &Worker::get_randgen() { return randgen_; }
#ifdef HAVE_MRUBY
int Worker::create_mruby_context() {
auto mruby_file = get_config()->mruby_file.get();
mruby_ctx_ = mruby::create_mruby_context(mruby_file);
mruby_ctx_ = mruby::create_mruby_context(StringRef{get_config()->mruby_file});
if (!mruby_ctx_) {
return -1;
}

8
src/shrpx_worker_process.cc
View File

@ -64,7 +64,7 @@ void drop_privileges(
#endif // HAVE_NEVERBLEED
) {
if (getuid() == 0 && get_config()->uid != 0) {
if (initgroups(get_config()->user.get(), get_config()->gid) != 0) {
if (initgroups(get_config()->user.c_str(), get_config()->gid) != 0) {
auto error = errno;
LOG(FATAL) << "Could not change supplementary groups: "
<< strerror(error);
@ -86,7 +86,7 @@ void drop_privileges(
}
#ifdef HAVE_NEVERBLEED
if (nb) {
neverbleed_setuidgid(nb, get_config()->user.get(), 1);
neverbleed_setuidgid(nb, get_config()->user.c_str(), 1);
}
#endif // HAVE_NEVERBLEED
}
@ -427,7 +427,7 @@ int worker_process_event_loop(WorkerProcessConfig *wpconf) {
auto &ticketconf = get_config()->tls.ticket;
auto &memcachedconf = ticketconf.memcached;
if (ticketconf.memcached.host) {
if (!memcachedconf.host.empty()) {
SSL_CTX *ssl_ctx = nullptr;
if (memcachedconf.tls) {
@ -437,7 +437,7 @@ int worker_process_event_loop(WorkerProcessConfig *wpconf) {
conn_handler.set_tls_ticket_key_memcached_dispatcher(
make_unique<MemcachedDispatcher>(
&ticketconf.memcached.addr, loop, ssl_ctx,
StringRef(memcachedconf.host.get()), &mcpool));
StringRef{memcachedconf.host}, &mcpool));
ev_timer_init(&renew_ticket_key_timer, memcached_get_ticket_key_cb, 0.,
0.);