nghttpx: Rename shrpx_ssl.{h,cc} as shrpx_tls.{h,cc}

The namespace shrpx::ssl was also renamed as shrpx::tls.
This commit is contained in:
Tatsuhiro Tsujikawa 2017-04-01 15:07:32 +09:00
parent 69f63c529d
commit 058122b804
23 changed files with 123 additions and 125 deletions

View File

@ -98,7 +98,7 @@ if(ENABLE_APP)
shrpx_log.cc shrpx_log.cc
shrpx_http.cc shrpx_http.cc
shrpx_io_control.cc shrpx_io_control.cc
shrpx_ssl.cc shrpx_tls.cc
shrpx_worker.cc shrpx_worker.cc
shrpx_log_config.cc shrpx_log_config.cc
shrpx_connect_blocker.cc shrpx_connect_blocker.cc
@ -152,7 +152,7 @@ if(ENABLE_APP)
if(HAVE_CUNIT) if(HAVE_CUNIT)
set(NGHTTPX_UNITTEST_SOURCES set(NGHTTPX_UNITTEST_SOURCES
shrpx-unittest.cc shrpx-unittest.cc
shrpx_ssl_test.cc shrpx_tls_test.cc
shrpx_downstream_test.cc shrpx_downstream_test.cc
shrpx_config_test.cc shrpx_config_test.cc
shrpx_worker_test.cc shrpx_worker_test.cc

View File

@ -122,7 +122,7 @@ NGHTTPX_SRCS = \
shrpx_log.cc shrpx_log.h \ shrpx_log.cc shrpx_log.h \
shrpx_http.cc shrpx_http.h \ shrpx_http.cc shrpx_http.h \
shrpx_io_control.cc shrpx_io_control.h \ shrpx_io_control.cc shrpx_io_control.h \
shrpx_ssl.cc shrpx_ssl.h \ shrpx_tls.cc shrpx_tls.h \
shrpx_worker.cc shrpx_worker.h \ shrpx_worker.cc shrpx_worker.h \
shrpx_log_config.cc shrpx_log_config.h \ shrpx_log_config.cc shrpx_log_config.h \
shrpx_connect_blocker.cc shrpx_connect_blocker.h \ shrpx_connect_blocker.cc shrpx_connect_blocker.h \
@ -183,7 +183,7 @@ endif # HAVE_NEVERBLEED
if HAVE_CUNIT if HAVE_CUNIT
check_PROGRAMS += nghttpx-unittest check_PROGRAMS += nghttpx-unittest
nghttpx_unittest_SOURCES = shrpx-unittest.cc \ nghttpx_unittest_SOURCES = shrpx-unittest.cc \
shrpx_ssl_test.cc shrpx_ssl_test.h \ shrpx_tls_test.cc shrpx_tls_test.h \
shrpx_downstream_test.cc shrpx_downstream_test.h \ shrpx_downstream_test.cc shrpx_downstream_test.h \
shrpx_config_test.cc shrpx_config_test.h \ shrpx_config_test.cc shrpx_config_test.h \
shrpx_worker_test.cc shrpx_worker_test.h \ shrpx_worker_test.cc shrpx_worker_test.h \

View File

@ -30,7 +30,7 @@
#include <string.h> #include <string.h>
#include <CUnit/Basic.h> #include <CUnit/Basic.h>
// include test cases' include files here // include test cases' include files here
#include "shrpx_ssl_test.h" #include "shrpx_tls_test.h"
#include "shrpx_downstream_test.h" #include "shrpx_downstream_test.h"
#include "shrpx_config_test.h" #include "shrpx_config_test.h"
#include "shrpx_worker_test.h" #include "shrpx_worker_test.h"
@ -71,12 +71,12 @@ int main(int argc, char *argv[]) {
} }
// add the tests to the suite // add the tests to the suite
if (!CU_add_test(pSuite, "ssl_create_lookup_tree", if (!CU_add_test(pSuite, "tls_create_lookup_tree",
shrpx::test_shrpx_ssl_create_lookup_tree) || shrpx::test_shrpx_tls_create_lookup_tree) ||
!CU_add_test(pSuite, "ssl_cert_lookup_tree_add_ssl_ctx", !CU_add_test(pSuite, "tls_cert_lookup_tree_add_ssl_ctx",
shrpx::test_shrpx_ssl_cert_lookup_tree_add_ssl_ctx) || shrpx::test_shrpx_tls_cert_lookup_tree_add_ssl_ctx) ||
!CU_add_test(pSuite, "ssl_tls_hostname_match", !CU_add_test(pSuite, "tls_tls_hostname_match",
shrpx::test_shrpx_ssl_tls_hostname_match) || shrpx::test_shrpx_tls_tls_hostname_match) ||
!CU_add_test(pSuite, "http2_add_header", shrpx::test_http2_add_header) || !CU_add_test(pSuite, "http2_add_header", shrpx::test_http2_add_header) ||
!CU_add_test(pSuite, "http2_get_header", shrpx::test_http2_get_header) || !CU_add_test(pSuite, "http2_get_header", shrpx::test_http2_get_header) ||
!CU_add_test(pSuite, "http2_copy_headers_to_nva", !CU_add_test(pSuite, "http2_copy_headers_to_nva",

View File

@ -76,7 +76,7 @@
#include <nghttp2/nghttp2.h> #include <nghttp2/nghttp2.h>
#include "shrpx_config.h" #include "shrpx_config.h"
#include "shrpx_ssl.h" #include "shrpx_tls.h"
#include "shrpx_log_config.h" #include "shrpx_log_config.h"
#include "shrpx_worker.h" #include "shrpx_worker.h"
#include "shrpx_http2_upstream.h" #include "shrpx_http2_upstream.h"
@ -1441,9 +1441,9 @@ void fill_default_config(Config *config) {
tlsconf.client.ciphers = tlsconf.client.ciphers =
StringRef::from_lit(nghttp2::tls::DEFAULT_CIPHER_LIST); StringRef::from_lit(nghttp2::tls::DEFAULT_CIPHER_LIST);
tlsconf.min_proto_version = tlsconf.min_proto_version =
ssl::proto_version_from_string(DEFAULT_TLS_MIN_PROTO_VERSION); tls::proto_version_from_string(DEFAULT_TLS_MIN_PROTO_VERSION);
tlsconf.max_proto_version = tlsconf.max_proto_version =
ssl::proto_version_from_string(DEFAULT_TLS_MAX_PROTO_VERSION); tls::proto_version_from_string(DEFAULT_TLS_MAX_PROTO_VERSION);
#if OPENSSL_1_1_API || defined(OPENSSL_IS_BORINGSSL) #if OPENSSL_1_1_API || defined(OPENSSL_IS_BORINGSSL)
tlsconf.ecdh_curves = StringRef::from_lit("X25519:P-256:P-384:P-521"); tlsconf.ecdh_curves = StringRef::from_lit("X25519:P-256:P-384:P-521");
#else // !OPENSSL_1_1_API && !defined(OPENSSL_IS_BORINGSSL) #else // !OPENSSL_1_1_API && !defined(OPENSSL_IS_BORINGSSL)
@ -2786,7 +2786,7 @@ int process_options(Config *config,
} }
if (!tlsconf.tls_proto_list.empty()) { if (!tlsconf.tls_proto_list.empty()) {
tlsconf.tls_proto_mask = ssl::create_tls_proto_mask(tlsconf.tls_proto_list); tlsconf.tls_proto_mask = tls::create_tls_proto_mask(tlsconf.tls_proto_list);
} }
// TODO We depends on the ordering of protocol version macro in // TODO We depends on the ordering of protocol version macro in
@ -2797,7 +2797,7 @@ int process_options(Config *config,
return -1; return -1;
} }
if (ssl::set_alpn_prefs(tlsconf.alpn_prefs, tlsconf.npn_list) != 0) { if (tls::set_alpn_prefs(tlsconf.alpn_prefs, tlsconf.npn_list) != 0) {
return -1; return -1;
} }
@ -2821,7 +2821,7 @@ int process_options(Config *config,
upstreamconf.worker_connections = std::numeric_limits<size_t>::max(); upstreamconf.worker_connections = std::numeric_limits<size_t>::max();
} }
if (ssl::upstream_tls_enabled(config->conn) && if (tls::upstream_tls_enabled(config->conn) &&
(tlsconf.private_key_file.empty() || tlsconf.cert_file.empty())) { (tlsconf.private_key_file.empty() || tlsconf.cert_file.empty())) {
LOG(FATAL) << "TLS private key and certificate files are required. " LOG(FATAL) << "TLS private key and certificate files are required. "
"Specify them in command-line, or in configuration file " "Specify them in command-line, or in configuration file "
@ -2829,7 +2829,7 @@ int process_options(Config *config,
return -1; return -1;
} }
if (ssl::upstream_tls_enabled(config->conn) && !tlsconf.ocsp.disabled) { if (tls::upstream_tls_enabled(config->conn) && !tlsconf.ocsp.disabled) {
struct stat buf; struct stat buf;
if (stat(tlsconf.ocsp.fetch_ocsp_response_file.c_str(), &buf) != 0) { if (stat(tlsconf.ocsp.fetch_ocsp_response_file.c_str(), &buf) != 0) {
tlsconf.ocsp.disabled = true; tlsconf.ocsp.disabled = true;

View File

@ -42,7 +42,7 @@
#include "shrpx_config.h" #include "shrpx_config.h"
#include "shrpx_http_downstream_connection.h" #include "shrpx_http_downstream_connection.h"
#include "shrpx_http2_downstream_connection.h" #include "shrpx_http2_downstream_connection.h"
#include "shrpx_ssl.h" #include "shrpx_tls.h"
#include "shrpx_worker.h" #include "shrpx_worker.h"
#include "shrpx_downstream_connection_pool.h" #include "shrpx_downstream_connection_pool.h"
#include "shrpx_downstream.h" #include "shrpx_downstream.h"
@ -576,7 +576,7 @@ int ClientHandler::validate_next_proto() {
CLOG(INFO, this) << "The negotiated next protocol: " << proto; CLOG(INFO, this) << "The negotiated next protocol: " << proto;
} }
if (!ssl::in_proto_list(get_config()->tls.npn_list, proto)) { if (!tls::in_proto_list(get_config()->tls.npn_list, proto)) {
if (LOG_ENABLED(INFO)) { if (LOG_ENABLED(INFO)) {
CLOG(INFO, this) << "The negotiated protocol is not supported: " << proto; CLOG(INFO, this) << "The negotiated protocol is not supported: " << proto;
} }

View File

@ -53,7 +53,7 @@
#include "http-parser/http_parser.h" #include "http-parser/http_parser.h"
#include "shrpx_log.h" #include "shrpx_log.h"
#include "shrpx_ssl.h" #include "shrpx_tls.h"
#include "shrpx_http.h" #include "shrpx_http.h"
#include "util.h" #include "util.h"
#include "base64.h" #include "base64.h"
@ -642,7 +642,7 @@ int parse_duration(ev_tstamp *dest, const StringRef &opt,
namespace { namespace {
int parse_tls_proto_version(int &dest, const StringRef &opt, int parse_tls_proto_version(int &dest, const StringRef &opt,
const StringRef &optarg) { const StringRef &optarg) {
auto v = ssl::proto_version_from_string(optarg); auto v = tls::proto_version_from_string(optarg);
if (v == -1) { if (v == -1) {
LOG(ERROR) << opt << ": invalid TLS protocol version: " << optarg; LOG(ERROR) << opt << ": invalid TLS protocol version: " << optarg;
return -1; return -1;

View File

@ -64,11 +64,11 @@ struct LogFragment;
class ConnectBlocker; class ConnectBlocker;
class Http2Session; class Http2Session;
namespace ssl { namespace tls {
class CertLookupTree; class CertLookupTree;
} // namespace ssl } // namespace tls
constexpr auto SHRPX_OPT_PRIVATE_KEY_FILE = constexpr auto SHRPX_OPT_PRIVATE_KEY_FILE =
StringRef::from_lit("private-key-file"); StringRef::from_lit("private-key-file");

View File

@ -33,7 +33,7 @@
#include <openssl/err.h> #include <openssl/err.h>
#include "shrpx_ssl.h" #include "shrpx_tls.h"
#include "shrpx_memcached_request.h" #include "shrpx_memcached_request.h"
#include "shrpx_log.h" #include "shrpx_log.h"
#include "memchunk.h" #include "memchunk.h"
@ -360,7 +360,7 @@ int Connection::tls_handshake() {
auto ssl_opts = SSL_get_options(tls.ssl); auto ssl_opts = SSL_get_options(tls.ssl);
SSL_free(tls.ssl); SSL_free(tls.ssl);
auto ssl = ssl::create_ssl(ssl_ctx); auto ssl = tls::create_ssl(ssl_ctx);
if (!ssl) { if (!ssl) {
return -1; return -1;
} }

View File

@ -41,9 +41,9 @@ namespace shrpx {
struct MemcachedRequest; struct MemcachedRequest;
namespace ssl { namespace tls {
struct TLSSessionCache; struct TLSSessionCache;
} // namespace ssl } // namespace tls
enum { enum {
TLS_CONN_NORMAL, TLS_CONN_NORMAL,
@ -59,7 +59,7 @@ struct TLSConnection {
SSL *ssl; SSL *ssl;
SSL_SESSION *cached_session; SSL_SESSION *cached_session;
MemcachedRequest *cached_session_lookup_req; MemcachedRequest *cached_session_lookup_req;
ssl::TLSSessionCache *client_session_cache; tls::TLSSessionCache *client_session_cache;
ev_tstamp last_write_idle; ev_tstamp last_write_idle;
size_t warmup_writelen; size_t warmup_writelen;
// length passed to SSL_write and SSL_read last time. This is // length passed to SSL_write and SSL_read last time. This is

View File

@ -35,7 +35,7 @@
#include <random> #include <random>
#include "shrpx_client_handler.h" #include "shrpx_client_handler.h"
#include "shrpx_ssl.h" #include "shrpx_tls.h"
#include "shrpx_worker.h" #include "shrpx_worker.h"
#include "shrpx_config.h" #include "shrpx_config.h"
#include "shrpx_http2_session.h" #include "shrpx_http2_session.h"
@ -154,7 +154,7 @@ ConnectionHandler::~ConnectionHandler() {
for (auto ssl_ctx : all_ssl_ctx_) { for (auto ssl_ctx : all_ssl_ctx_) {
auto tls_ctx_data = auto tls_ctx_data =
static_cast<ssl::TLSContextData *>(SSL_CTX_get_app_data(ssl_ctx)); static_cast<tls::TLSContextData *>(SSL_CTX_get_app_data(ssl_ctx));
if (tls_ctx_data) { if (tls_ctx_data) {
delete tls_ctx_data; delete tls_ctx_data;
} }
@ -199,15 +199,15 @@ void ConnectionHandler::worker_replace_downstream(
} }
int ConnectionHandler::create_single_worker() { int ConnectionHandler::create_single_worker() {
cert_tree_ = ssl::create_cert_lookup_tree(); cert_tree_ = tls::create_cert_lookup_tree();
auto sv_ssl_ctx = ssl::setup_server_ssl_context( auto sv_ssl_ctx = tls::setup_server_ssl_context(
all_ssl_ctx_, indexed_ssl_ctx_, cert_tree_.get() all_ssl_ctx_, indexed_ssl_ctx_, cert_tree_.get()
#ifdef HAVE_NEVERBLEED #ifdef HAVE_NEVERBLEED
, ,
nb_.get() nb_.get()
#endif // HAVE_NEVERBLEED #endif // HAVE_NEVERBLEED
); );
auto cl_ssl_ctx = ssl::setup_downstream_client_ssl_context( auto cl_ssl_ctx = tls::setup_downstream_client_ssl_context(
#ifdef HAVE_NEVERBLEED #ifdef HAVE_NEVERBLEED
nb_.get() nb_.get()
#endif // HAVE_NEVERBLEED #endif // HAVE_NEVERBLEED
@ -223,7 +223,7 @@ int ConnectionHandler::create_single_worker() {
SSL_CTX *session_cache_ssl_ctx = nullptr; SSL_CTX *session_cache_ssl_ctx = nullptr;
if (memcachedconf.tls) { if (memcachedconf.tls) {
session_cache_ssl_ctx = ssl::create_ssl_client_context( session_cache_ssl_ctx = tls::create_ssl_client_context(
#ifdef HAVE_NEVERBLEED #ifdef HAVE_NEVERBLEED
nb_.get(), nb_.get(),
#endif // HAVE_NEVERBLEED #endif // HAVE_NEVERBLEED
@ -248,15 +248,15 @@ int ConnectionHandler::create_worker_thread(size_t num) {
#ifndef NOTHREADS #ifndef NOTHREADS
assert(workers_.size() == 0); assert(workers_.size() == 0);
cert_tree_ = ssl::create_cert_lookup_tree(); cert_tree_ = tls::create_cert_lookup_tree();
auto sv_ssl_ctx = ssl::setup_server_ssl_context( auto sv_ssl_ctx = tls::setup_server_ssl_context(
all_ssl_ctx_, indexed_ssl_ctx_, cert_tree_.get() all_ssl_ctx_, indexed_ssl_ctx_, cert_tree_.get()
#ifdef HAVE_NEVERBLEED #ifdef HAVE_NEVERBLEED
, ,
nb_.get() nb_.get()
#endif // HAVE_NEVERBLEED #endif // HAVE_NEVERBLEED
); );
auto cl_ssl_ctx = ssl::setup_downstream_client_ssl_context( auto cl_ssl_ctx = tls::setup_downstream_client_ssl_context(
#ifdef HAVE_NEVERBLEED #ifdef HAVE_NEVERBLEED
nb_.get() nb_.get()
#endif // HAVE_NEVERBLEED #endif // HAVE_NEVERBLEED
@ -281,7 +281,7 @@ int ConnectionHandler::create_worker_thread(size_t num) {
SSL_CTX *session_cache_ssl_ctx = nullptr; SSL_CTX *session_cache_ssl_ctx = nullptr;
if (memcachedconf.tls) { if (memcachedconf.tls) {
session_cache_ssl_ctx = ssl::create_ssl_client_context( session_cache_ssl_ctx = tls::create_ssl_client_context(
#ifdef HAVE_NEVERBLEED #ifdef HAVE_NEVERBLEED
nb_.get(), nb_.get(),
#endif // HAVE_NEVERBLEED #endif // HAVE_NEVERBLEED
@ -384,7 +384,7 @@ int ConnectionHandler::handle_connection(int fd, sockaddr *addr, int addrlen,
} }
auto client = auto client =
ssl::accept_connection(single_worker_.get(), fd, addr, addrlen, faddr); tls::accept_connection(single_worker_.get(), fd, addr, addrlen, faddr);
if (!client) { if (!client) {
LLOG(ERROR, this) << "ClientHandler creation failed"; LLOG(ERROR, this) << "ClientHandler creation failed";
@ -592,7 +592,7 @@ void ConnectionHandler::handle_ocsp_complete() {
auto ssl_ctx = all_ssl_ctx_[ocsp_.next]; auto ssl_ctx = all_ssl_ctx_[ocsp_.next];
auto tls_ctx_data = auto tls_ctx_data =
static_cast<ssl::TLSContextData *>(SSL_CTX_get_app_data(ssl_ctx)); static_cast<tls::TLSContextData *>(SSL_CTX_get_app_data(ssl_ctx));
auto rstatus = ocsp_.chldev.rstatus; auto rstatus = ocsp_.chldev.rstatus;
auto status = WEXITSTATUS(rstatus); auto status = WEXITSTATUS(rstatus);
@ -655,7 +655,7 @@ void ConnectionHandler::proceed_next_cert_ocsp() {
auto ssl_ctx = all_ssl_ctx_[ocsp_.next]; auto ssl_ctx = all_ssl_ctx_[ocsp_.next];
auto tls_ctx_data = auto tls_ctx_data =
static_cast<ssl::TLSContextData *>(SSL_CTX_get_app_data(ssl_ctx)); static_cast<tls::TLSContextData *>(SSL_CTX_get_app_data(ssl_ctx));
// client SSL_CTX is also included in all_ssl_ctx_, but has no // client SSL_CTX is also included in all_ssl_ctx_, but has no
// tls_ctx_data. // tls_ctx_data.
@ -777,7 +777,7 @@ SSL_CTX *ConnectionHandler::create_tls_ticket_key_memcached_ssl_ctx() {
auto &tlsconf = config->tls; auto &tlsconf = config->tls;
auto &memcachedconf = config->tls.ticket.memcached; auto &memcachedconf = config->tls.ticket.memcached;
auto ssl_ctx = ssl::create_ssl_client_context( auto ssl_ctx = tls::create_ssl_client_context(
#ifdef HAVE_NEVERBLEED #ifdef HAVE_NEVERBLEED
nb_.get(), nb_.get(),
#endif // HAVE_NEVERBLEED #endif // HAVE_NEVERBLEED

View File

@ -63,11 +63,11 @@ struct TicketKeys;
class MemcachedDispatcher; class MemcachedDispatcher;
struct UpstreamAddr; struct UpstreamAddr;
namespace ssl { namespace tls {
class CertLookupTree; class CertLookupTree;
} // namespace ssl } // namespace tls
struct OCSPUpdateContext { struct OCSPUpdateContext {
// ocsp response buffer // ocsp response buffer
@ -198,7 +198,7 @@ private:
// Worker instance used when single threaded mode (-n1) is used. // Worker instance used when single threaded mode (-n1) is used.
// Otherwise, nullptr and workers_ has instances of Worker instead. // Otherwise, nullptr and workers_ has instances of Worker instead.
std::unique_ptr<Worker> single_worker_; std::unique_ptr<Worker> single_worker_;
std::unique_ptr<ssl::CertLookupTree> cert_tree_; std::unique_ptr<tls::CertLookupTree> cert_tree_;
std::unique_ptr<MemcachedDispatcher> tls_ticket_key_memcached_dispatcher_; std::unique_ptr<MemcachedDispatcher> tls_ticket_key_memcached_dispatcher_;
// Current TLS session ticket keys. Note that TLS connection does // Current TLS session ticket keys. Note that TLS connection does
// not refer to this field directly. They use TicketKeys object in // not refer to this field directly. They use TicketKeys object in

View File

@ -39,7 +39,7 @@
#include "shrpx_error.h" #include "shrpx_error.h"
#include "shrpx_http2_downstream_connection.h" #include "shrpx_http2_downstream_connection.h"
#include "shrpx_client_handler.h" #include "shrpx_client_handler.h"
#include "shrpx_ssl.h" #include "shrpx_tls.h"
#include "shrpx_http.h" #include "shrpx_http.h"
#include "shrpx_worker.h" #include "shrpx_worker.h"
#include "shrpx_connect_blocker.h" #include "shrpx_connect_blocker.h"
@ -422,12 +422,12 @@ int Http2Session::initiate_connection() {
assert(ssl_ctx_); assert(ssl_ctx_);
if (state_ != RESOLVING_NAME) { if (state_ != RESOLVING_NAME) {
auto ssl = ssl::create_ssl(ssl_ctx_); auto ssl = tls::create_ssl(ssl_ctx_);
if (!ssl) { if (!ssl) {
return -1; return -1;
} }
ssl::setup_downstream_http2_alpn(ssl); tls::setup_downstream_http2_alpn(ssl);
conn_.set_ssl(ssl); conn_.set_ssl(ssl);
conn_.tls.client_session_cache = &addr_->tls_session_cache; conn_.tls.client_session_cache = &addr_->tls_session_cache;
@ -442,7 +442,7 @@ int Http2Session::initiate_connection() {
SSL_set_tlsext_host_name(conn_.tls.ssl, sni_name.c_str()); SSL_set_tlsext_host_name(conn_.tls.ssl, sni_name.c_str());
} }
auto tls_session = ssl::reuse_tls_session(addr_->tls_session_cache); auto tls_session = tls::reuse_tls_session(addr_->tls_session_cache);
if (tls_session) { if (tls_session) {
SSL_set_session(conn_.tls.ssl, tls_session); SSL_set_session(conn_.tls.ssl, tls_session);
SSL_SESSION_free(tls_session); SSL_SESSION_free(tls_session);
@ -2064,7 +2064,7 @@ int Http2Session::tls_handshake() {
} }
if (!get_config()->tls.insecure && if (!get_config()->tls.insecure &&
ssl::check_cert(conn_.tls.ssl, addr_, raddr_) != 0) { tls::check_cert(conn_.tls.ssl, addr_, raddr_) != 0) {
downstream_failure(addr_, raddr_); downstream_failure(addr_, raddr_);
return -1; return -1;

View File

@ -35,7 +35,7 @@
#include "shrpx_downstream_connection_pool.h" #include "shrpx_downstream_connection_pool.h"
#include "shrpx_worker.h" #include "shrpx_worker.h"
#include "shrpx_http2_session.h" #include "shrpx_http2_session.h"
#include "shrpx_ssl.h" #include "shrpx_tls.h"
#include "shrpx_log.h" #include "shrpx_log.h"
#include "http2.h" #include "http2.h"
#include "util.h" #include "util.h"
@ -423,12 +423,12 @@ int HttpDownstreamConnection::initiate_connection() {
if (addr_->tls) { if (addr_->tls) {
assert(ssl_ctx_); assert(ssl_ctx_);
auto ssl = ssl::create_ssl(ssl_ctx_); auto ssl = tls::create_ssl(ssl_ctx_);
if (!ssl) { if (!ssl) {
return -1; return -1;
} }
ssl::setup_downstream_http1_alpn(ssl); tls::setup_downstream_http1_alpn(ssl);
conn_.set_ssl(ssl); conn_.set_ssl(ssl);
conn_.tls.client_session_cache = &addr_->tls_session_cache; conn_.tls.client_session_cache = &addr_->tls_session_cache;
@ -439,7 +439,7 @@ int HttpDownstreamConnection::initiate_connection() {
SSL_set_tlsext_host_name(conn_.tls.ssl, sni_name.c_str()); SSL_set_tlsext_host_name(conn_.tls.ssl, sni_name.c_str());
} }
auto session = ssl::reuse_tls_session(addr_->tls_session_cache); auto session = tls::reuse_tls_session(addr_->tls_session_cache);
if (session) { if (session) {
SSL_set_session(conn_.tls.ssl, session); SSL_set_session(conn_.tls.ssl, session);
SSL_SESSION_free(session); SSL_SESSION_free(session);
@ -1224,7 +1224,7 @@ int HttpDownstreamConnection::tls_handshake() {
} }
if (!get_config()->tls.insecure && if (!get_config()->tls.insecure &&
ssl::check_cert(conn_.tls.ssl, addr_, raddr_) != 0) { tls::check_cert(conn_.tls.ssl, addr_, raddr_) != 0) {
downstream_failure(addr_, raddr_); downstream_failure(addr_, raddr_);
return -1; return -1;

View File

@ -25,7 +25,7 @@
#include "shrpx_live_check.h" #include "shrpx_live_check.h"
#include "shrpx_worker.h" #include "shrpx_worker.h"
#include "shrpx_connect_blocker.h" #include "shrpx_connect_blocker.h"
#include "shrpx_ssl.h" #include "shrpx_tls.h"
#include "shrpx_log.h" #include "shrpx_log.h"
namespace shrpx { namespace shrpx {
@ -205,17 +205,17 @@ int LiveCheck::initiate_connection() {
if (!dns_query_ && addr_->tls) { if (!dns_query_ && addr_->tls) {
assert(ssl_ctx_); assert(ssl_ctx_);
auto ssl = ssl::create_ssl(ssl_ctx_); auto ssl = tls::create_ssl(ssl_ctx_);
if (!ssl) { if (!ssl) {
return -1; return -1;
} }
switch (addr_->proto) { switch (addr_->proto) {
case PROTO_HTTP1: case PROTO_HTTP1:
ssl::setup_downstream_http1_alpn(ssl); tls::setup_downstream_http1_alpn(ssl);
break; break;
case PROTO_HTTP2: case PROTO_HTTP2:
ssl::setup_downstream_http2_alpn(ssl); tls::setup_downstream_http2_alpn(ssl);
break; break;
default: default:
assert(0); assert(0);
@ -304,7 +304,7 @@ int LiveCheck::initiate_connection() {
SSL_set_tlsext_host_name(conn_.tls.ssl, sni_name.c_str()); SSL_set_tlsext_host_name(conn_.tls.ssl, sni_name.c_str());
} }
auto session = ssl::reuse_tls_session(addr_->tls_session_cache); auto session = tls::reuse_tls_session(addr_->tls_session_cache);
if (session) { if (session) {
SSL_set_session(conn_.tls.ssl, session); SSL_set_session(conn_.tls.ssl, session);
SSL_SESSION_free(session); SSL_SESSION_free(session);
@ -397,7 +397,7 @@ int LiveCheck::tls_handshake() {
} }
if (!get_config()->tls.insecure && if (!get_config()->tls.insecure &&
ssl::check_cert(conn_.tls.ssl, addr_, raddr_) != 0) { tls::check_cert(conn_.tls.ssl, addr_, raddr_) != 0) {
return -1; return -1;
} }

View File

@ -32,7 +32,7 @@
#include "shrpx_memcached_request.h" #include "shrpx_memcached_request.h"
#include "shrpx_memcached_result.h" #include "shrpx_memcached_result.h"
#include "shrpx_config.h" #include "shrpx_config.h"
#include "shrpx_ssl.h" #include "shrpx_tls.h"
#include "shrpx_log.h" #include "shrpx_log.h"
#include "util.h" #include "util.h"
@ -150,7 +150,7 @@ int MemcachedConnection::initiate_connection() {
assert(conn_.fd == -1); assert(conn_.fd == -1);
if (ssl_ctx_) { if (ssl_ctx_) {
auto ssl = ssl::create_ssl(ssl_ctx_); auto ssl = tls::create_ssl(ssl_ctx_);
if (!ssl) { if (!ssl) {
return -1; return -1;
} }
@ -184,7 +184,7 @@ int MemcachedConnection::initiate_connection() {
SSL_set_tlsext_host_name(conn_.tls.ssl, sni_name_.c_str()); SSL_set_tlsext_host_name(conn_.tls.ssl, sni_name_.c_str());
} }
auto session = ssl::reuse_tls_session(tls_session_cache_); auto session = tls::reuse_tls_session(tls_session_cache_);
if (session) { if (session) {
SSL_set_session(conn_.tls.ssl, session); SSL_set_session(conn_.tls.ssl, session);
SSL_SESSION_free(session); SSL_SESSION_free(session);
@ -276,7 +276,7 @@ int MemcachedConnection::tls_handshake() {
auto &tlsconf = get_config()->tls; auto &tlsconf = get_config()->tls;
if (!tlsconf.insecure && if (!tlsconf.insecure &&
ssl::check_cert(conn_.tls.ssl, addr_, sni_name_) != 0) { tls::check_cert(conn_.tls.ssl, addr_, sni_name_) != 0) {
connect_blocker_.on_failure(); connect_blocker_.on_failure();
return -1; return -1;
} }

View File

@ -33,7 +33,7 @@
#include <ev.h> #include <ev.h>
#include "shrpx_connection.h" #include "shrpx_connection.h"
#include "shrpx_ssl.h" #include "shrpx_tls.h"
#include "shrpx_connect_blocker.h" #include "shrpx_connect_blocker.h"
#include "buffer.h" #include "buffer.h"
#include "network.h" #include "network.h"
@ -136,7 +136,7 @@ private:
std::deque<MemcachedSendbuf> sendbufv_; std::deque<MemcachedSendbuf> sendbufv_;
std::function<int(MemcachedConnection &)> do_read_, do_write_; std::function<int(MemcachedConnection &)> do_read_, do_write_;
StringRef sni_name_; StringRef sni_name_;
ssl::TLSSessionCache tls_session_cache_; tls::TLSSessionCache tls_session_cache_;
ConnectBlocker connect_blocker_; ConnectBlocker connect_blocker_;
MemcachedParseState parse_state_; MemcachedParseState parse_state_;
const Address *addr_; const Address *addr_;

View File

@ -22,7 +22,7 @@
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/ */
#include "shrpx_ssl.h" #include "shrpx_tls.h"
#ifdef HAVE_SYS_SOCKET_H #ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h> #include <sys/socket.h>
@ -70,7 +70,7 @@ using namespace nghttp2;
namespace shrpx { namespace shrpx {
namespace ssl { namespace tls {
#if !OPENSSL_1_1_API #if !OPENSSL_1_1_API
namespace { namespace {
@ -1596,14 +1596,13 @@ setup_server_ssl_context(std::vector<SSL_CTX *> &all_ssl_ctx,
auto &tlsconf = config->tls; auto &tlsconf = config->tls;
auto ssl_ctx = auto ssl_ctx = create_ssl_context(tlsconf.private_key_file.c_str(),
ssl::create_ssl_context(tlsconf.private_key_file.c_str(), tlsconf.cert_file.c_str(), tlsconf.sct_data
tlsconf.cert_file.c_str(), tlsconf.sct_data
#ifdef HAVE_NEVERBLEED #ifdef HAVE_NEVERBLEED
, ,
nb nb
#endif // HAVE_NEVERBLEED #endif // HAVE_NEVERBLEED
); );
all_ssl_ctx.push_back(ssl_ctx); all_ssl_ctx.push_back(ssl_ctx);
@ -1617,24 +1616,23 @@ setup_server_ssl_context(std::vector<SSL_CTX *> &all_ssl_ctx,
return ssl_ctx; return ssl_ctx;
} }
if (ssl::cert_lookup_tree_add_ssl_ctx(cert_tree, indexed_ssl_ctx, ssl_ctx) == if (cert_lookup_tree_add_ssl_ctx(cert_tree, indexed_ssl_ctx, ssl_ctx) == -1) {
-1) {
LOG(FATAL) << "Failed to add default certificate."; LOG(FATAL) << "Failed to add default certificate.";
DIE(); DIE();
} }
for (auto &c : tlsconf.subcerts) { for (auto &c : tlsconf.subcerts) {
auto ssl_ctx = ssl::create_ssl_context(c.private_key_file.c_str(), auto ssl_ctx = create_ssl_context(c.private_key_file.c_str(),
c.cert_file.c_str(), c.sct_data c.cert_file.c_str(), c.sct_data
#ifdef HAVE_NEVERBLEED #ifdef HAVE_NEVERBLEED
, ,
nb nb
#endif // HAVE_NEVERBLEED #endif // HAVE_NEVERBLEED
); );
all_ssl_ctx.push_back(ssl_ctx); all_ssl_ctx.push_back(ssl_ctx);
if (ssl::cert_lookup_tree_add_ssl_ctx(cert_tree, indexed_ssl_ctx, if (cert_lookup_tree_add_ssl_ctx(cert_tree, indexed_ssl_ctx, ssl_ctx) ==
ssl_ctx) == -1) { -1) {
LOG(FATAL) << "Failed to add sub certificate."; LOG(FATAL) << "Failed to add sub certificate.";
DIE(); DIE();
} }
@ -1650,7 +1648,7 @@ SSL_CTX *setup_downstream_client_ssl_context(
) { ) {
auto &tlsconf = get_config()->tls; auto &tlsconf = get_config()->tls;
return ssl::create_ssl_client_context( return create_ssl_client_context(
#ifdef HAVE_NEVERBLEED #ifdef HAVE_NEVERBLEED
nb, nb,
#endif // HAVE_NEVERBLEED #endif // HAVE_NEVERBLEED
@ -1737,6 +1735,6 @@ int proto_version_from_string(const StringRef &v) {
return -1; return -1;
} }
} // namespace ssl } // namespace tls
} // namespace shrpx } // namespace shrpx

View File

@ -22,8 +22,8 @@
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/ */
#ifndef SHRPX_SSL_H #ifndef SHRPX_TLS_H
#define SHRPX_SSL_H #define SHRPX_TLS_H
#include "shrpx.h" #include "shrpx.h"
@ -51,7 +51,7 @@ class DownstreamConnectionPool;
struct DownstreamAddr; struct DownstreamAddr;
struct UpstreamAddr; struct UpstreamAddr;
namespace ssl { namespace tls {
struct TLSSessionCache { struct TLSSessionCache {
// ASN1 representation of SSL_SESSION object. See // ASN1 representation of SSL_SESSION object. See
@ -264,8 +264,8 @@ X509 *load_certificate(const char *filename);
// TLS version string. // TLS version string.
int proto_version_from_string(const StringRef &v); int proto_version_from_string(const StringRef &v);
} // namespace ssl } // namespace tls
} // namespace shrpx } // namespace shrpx
#endif // SHRPX_SSL_H #endif // SHRPX_TLS_H

View File

@ -22,11 +22,11 @@
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/ */
#include "shrpx_ssl_test.h" #include "shrpx_tls_test.h"
#include <CUnit/CUnit.h> #include <CUnit/CUnit.h>
#include "shrpx_ssl.h" #include "shrpx_tls.h"
#include "shrpx_log.h" #include "shrpx_log.h"
#include "util.h" #include "util.h"
#include "template.h" #include "template.h"
@ -35,8 +35,8 @@ using namespace nghttp2;
namespace shrpx { namespace shrpx {
void test_shrpx_ssl_create_lookup_tree(void) { void test_shrpx_tls_create_lookup_tree(void) {
auto tree = make_unique<ssl::CertLookupTree>(); auto tree = make_unique<tls::CertLookupTree>();
constexpr StringRef hostnames[] = { constexpr StringRef hostnames[] = {
StringRef::from_lit("example.com"), // 0 StringRef::from_lit("example.com"), // 0
@ -85,7 +85,7 @@ void test_shrpx_ssl_create_lookup_tree(void) {
}; };
num = array_size(names); num = array_size(names);
tree = make_unique<ssl::CertLookupTree>(); tree = make_unique<tls::CertLookupTree>();
for (size_t idx = 0; idx < num; ++idx) { for (size_t idx = 0; idx < num; ++idx) {
tree->add_cert(names[idx], idx); tree->add_cert(names[idx], idx);
} }
@ -116,13 +116,13 @@ void test_shrpx_ssl_create_lookup_tree(void) {
// -config=ca-config.json -profile=server test.example.com.csr | // -config=ca-config.json -profile=server test.example.com.csr |
// cfssljson -bare test.example.com // cfssljson -bare test.example.com
// //
void test_shrpx_ssl_cert_lookup_tree_add_ssl_ctx(void) { void test_shrpx_tls_cert_lookup_tree_add_ssl_ctx(void) {
int rv; int rv;
constexpr char nghttp2_certfile[] = NGHTTP2_SRC_DIR "/test.nghttp2.org.pem"; constexpr char nghttp2_certfile[] = NGHTTP2_SRC_DIR "/test.nghttp2.org.pem";
auto nghttp2_ssl_ctx = SSL_CTX_new(SSLv23_server_method()); auto nghttp2_ssl_ctx = SSL_CTX_new(SSLv23_server_method());
auto nghttp2_ssl_ctx_del = defer(SSL_CTX_free, nghttp2_ssl_ctx); auto nghttp2_ssl_ctx_del = defer(SSL_CTX_free, nghttp2_ssl_ctx);
auto nghttp2_tls_ctx_data = make_unique<ssl::TLSContextData>(); auto nghttp2_tls_ctx_data = make_unique<tls::TLSContextData>();
nghttp2_tls_ctx_data->cert_file = nghttp2_certfile; nghttp2_tls_ctx_data->cert_file = nghttp2_certfile;
SSL_CTX_set_app_data(nghttp2_ssl_ctx, nghttp2_tls_ctx_data.get()); SSL_CTX_set_app_data(nghttp2_ssl_ctx, nghttp2_tls_ctx_data.get());
rv = SSL_CTX_use_certificate_chain_file(nghttp2_ssl_ctx, nghttp2_certfile); rv = SSL_CTX_use_certificate_chain_file(nghttp2_ssl_ctx, nghttp2_certfile);
@ -132,22 +132,22 @@ void test_shrpx_ssl_cert_lookup_tree_add_ssl_ctx(void) {
constexpr char examples_certfile[] = NGHTTP2_SRC_DIR "/test.example.com.pem"; constexpr char examples_certfile[] = NGHTTP2_SRC_DIR "/test.example.com.pem";
auto examples_ssl_ctx = SSL_CTX_new(SSLv23_server_method()); auto examples_ssl_ctx = SSL_CTX_new(SSLv23_server_method());
auto examples_ssl_ctx_del = defer(SSL_CTX_free, examples_ssl_ctx); auto examples_ssl_ctx_del = defer(SSL_CTX_free, examples_ssl_ctx);
auto examples_tls_ctx_data = make_unique<ssl::TLSContextData>(); auto examples_tls_ctx_data = make_unique<tls::TLSContextData>();
examples_tls_ctx_data->cert_file = examples_certfile; examples_tls_ctx_data->cert_file = examples_certfile;
SSL_CTX_set_app_data(examples_ssl_ctx, examples_tls_ctx_data.get()); SSL_CTX_set_app_data(examples_ssl_ctx, examples_tls_ctx_data.get());
rv = SSL_CTX_use_certificate_chain_file(examples_ssl_ctx, examples_certfile); rv = SSL_CTX_use_certificate_chain_file(examples_ssl_ctx, examples_certfile);
CU_ASSERT(1 == rv); CU_ASSERT(1 == rv);
ssl::CertLookupTree tree; tls::CertLookupTree tree;
std::vector<std::vector<SSL_CTX *>> indexed_ssl_ctx; std::vector<std::vector<SSL_CTX *>> indexed_ssl_ctx;
rv = ssl::cert_lookup_tree_add_ssl_ctx(&tree, indexed_ssl_ctx, rv = tls::cert_lookup_tree_add_ssl_ctx(&tree, indexed_ssl_ctx,
nghttp2_ssl_ctx); nghttp2_ssl_ctx);
CU_ASSERT(0 == rv); CU_ASSERT(0 == rv);
rv = ssl::cert_lookup_tree_add_ssl_ctx(&tree, indexed_ssl_ctx, rv = tls::cert_lookup_tree_add_ssl_ctx(&tree, indexed_ssl_ctx,
examples_ssl_ctx); examples_ssl_ctx);
CU_ASSERT(0 == rv); CU_ASSERT(0 == rv);
@ -162,10 +162,10 @@ void test_shrpx_ssl_cert_lookup_tree_add_ssl_ctx(void) {
template <size_t N, size_t M> template <size_t N, size_t M>
bool tls_hostname_match_wrapper(const char (&pattern)[N], bool tls_hostname_match_wrapper(const char (&pattern)[N],
const char (&hostname)[M]) { const char (&hostname)[M]) {
return ssl::tls_hostname_match(StringRef{pattern, N}, StringRef{hostname, M}); return tls::tls_hostname_match(StringRef{pattern, N}, StringRef{hostname, M});
} }
void test_shrpx_ssl_tls_hostname_match(void) { void test_shrpx_tls_tls_hostname_match(void) {
CU_ASSERT(tls_hostname_match_wrapper("example.com", "example.com")); CU_ASSERT(tls_hostname_match_wrapper("example.com", "example.com"));
CU_ASSERT(tls_hostname_match_wrapper("example.com", "EXAMPLE.com")); CU_ASSERT(tls_hostname_match_wrapper("example.com", "EXAMPLE.com"));

View File

@ -22,8 +22,8 @@
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/ */
#ifndef SHRPX_SSL_TEST_H #ifndef SHRPX_TLS_TEST_H
#define SHRPX_SSL_TEST_H #define SHRPX_TLS_TEST_H
#ifdef HAVE_CONFIG_H #ifdef HAVE_CONFIG_H
#include <config.h> #include <config.h>
@ -31,10 +31,10 @@
namespace shrpx { namespace shrpx {
void test_shrpx_ssl_create_lookup_tree(void); void test_shrpx_tls_create_lookup_tree(void);
void test_shrpx_ssl_cert_lookup_tree_add_ssl_ctx(void); void test_shrpx_tls_cert_lookup_tree_add_ssl_ctx(void);
void test_shrpx_ssl_tls_hostname_match(void); void test_shrpx_tls_tls_hostname_match(void);
} // namespace shrpx } // namespace shrpx
#endif // SHRPX_SSL_TEST_H #endif // SHRPX_TLS_TEST_H

View File

@ -30,7 +30,7 @@
#include <memory> #include <memory>
#include "shrpx_ssl.h" #include "shrpx_tls.h"
#include "shrpx_log.h" #include "shrpx_log.h"
#include "shrpx_client_handler.h" #include "shrpx_client_handler.h"
#include "shrpx_http2_session.h" #include "shrpx_http2_session.h"
@ -111,7 +111,7 @@ bool match_shared_downstream_addr(
Worker::Worker(struct ev_loop *loop, SSL_CTX *sv_ssl_ctx, SSL_CTX *cl_ssl_ctx, Worker::Worker(struct ev_loop *loop, SSL_CTX *sv_ssl_ctx, SSL_CTX *cl_ssl_ctx,
SSL_CTX *tls_session_cache_memcached_ssl_ctx, SSL_CTX *tls_session_cache_memcached_ssl_ctx,
ssl::CertLookupTree *cert_tree, tls::CertLookupTree *cert_tree,
const std::shared_ptr<TicketKeys> &ticket_keys, const std::shared_ptr<TicketKeys> &ticket_keys,
ConnectionHandler *conn_handler, ConnectionHandler *conn_handler,
std::shared_ptr<DownstreamConfig> downstreamconf) std::shared_ptr<DownstreamConfig> downstreamconf)
@ -368,7 +368,7 @@ void Worker::process_events() {
} }
auto client_handler = auto client_handler =
ssl::accept_connection(this, wev.client_fd, &wev.client_addr.sa, tls::accept_connection(this, wev.client_fd, &wev.client_addr.sa,
wev.client_addrlen, wev.faddr); wev.client_addrlen, wev.faddr);
if (!client_handler) { if (!client_handler) {
if (LOG_ENABLED(INFO)) { if (LOG_ENABLED(INFO)) {
@ -416,7 +416,7 @@ void Worker::process_events() {
} }
} }
ssl::CertLookupTree *Worker::get_cert_lookup_tree() const { return cert_tree_; } tls::CertLookupTree *Worker::get_cert_lookup_tree() const { return cert_tree_; }
std::shared_ptr<TicketKeys> Worker::get_ticket_keys() { std::shared_ptr<TicketKeys> Worker::get_ticket_keys() {
#ifdef HAVE_ATOMIC_STD_SHARED_PTR #ifdef HAVE_ATOMIC_STD_SHARED_PTR

View File

@ -45,7 +45,7 @@
#include "shrpx_config.h" #include "shrpx_config.h"
#include "shrpx_downstream_connection_pool.h" #include "shrpx_downstream_connection_pool.h"
#include "memchunk.h" #include "memchunk.h"
#include "shrpx_ssl.h" #include "shrpx_tls.h"
#include "shrpx_live_check.h" #include "shrpx_live_check.h"
#include "shrpx_connect_blocker.h" #include "shrpx_connect_blocker.h"
#include "shrpx_dns_tracker.h" #include "shrpx_dns_tracker.h"
@ -69,9 +69,9 @@ class MRubyContext;
} // namespace mruby } // namespace mruby
#endif // HAVE_MRUBY #endif // HAVE_MRUBY
namespace ssl { namespace tls {
class CertLookupTree; class CertLookupTree;
} // namespace ssl } // namespace tls
struct DownstreamAddr { struct DownstreamAddr {
Address addr; Address addr;
@ -95,7 +95,7 @@ struct DownstreamAddr {
size_t fall; size_t fall;
size_t rise; size_t rise;
// Client side TLS session cache // Client side TLS session cache
ssl::TLSSessionCache tls_session_cache; tls::TLSSessionCache tls_session_cache;
// Http2Session object created for this address. This list chains // Http2Session object created for this address. This list chains
// all Http2Session objects that is not in group scope // all Http2Session objects that is not in group scope
// http2_avail_freelist, and is not reached in maximum concurrency. // http2_avail_freelist, and is not reached in maximum concurrency.
@ -220,7 +220,7 @@ class Worker {
public: public:
Worker(struct ev_loop *loop, SSL_CTX *sv_ssl_ctx, SSL_CTX *cl_ssl_ctx, Worker(struct ev_loop *loop, SSL_CTX *sv_ssl_ctx, SSL_CTX *cl_ssl_ctx,
SSL_CTX *tls_session_cache_memcached_ssl_ctx, SSL_CTX *tls_session_cache_memcached_ssl_ctx,
ssl::CertLookupTree *cert_tree, tls::CertLookupTree *cert_tree,
const std::shared_ptr<TicketKeys> &ticket_keys, const std::shared_ptr<TicketKeys> &ticket_keys,
ConnectionHandler *conn_handler, ConnectionHandler *conn_handler,
std::shared_ptr<DownstreamConfig> downstreamconf); std::shared_ptr<DownstreamConfig> downstreamconf);
@ -230,7 +230,7 @@ public:
void process_events(); void process_events();
void send(const WorkerEvent &event); void send(const WorkerEvent &event);
ssl::CertLookupTree *get_cert_lookup_tree() const; tls::CertLookupTree *get_cert_lookup_tree() const;
// These 2 functions make a lock m_ to get/set ticket keys // These 2 functions make a lock m_ to get/set ticket keys
// atomically. // atomically.
@ -297,7 +297,7 @@ private:
// get_config()->tls_ctx_per_worker == true. // get_config()->tls_ctx_per_worker == true.
SSL_CTX *sv_ssl_ctx_; SSL_CTX *sv_ssl_ctx_;
SSL_CTX *cl_ssl_ctx_; SSL_CTX *cl_ssl_ctx_;
ssl::CertLookupTree *cert_tree_; tls::CertLookupTree *cert_tree_;
ConnectionHandler *conn_handler_; ConnectionHandler *conn_handler_;
#ifndef HAVE_ATOMIC_STD_SHARED_PTR #ifndef HAVE_ATOMIC_STD_SHARED_PTR

View File

@ -51,7 +51,7 @@
#include "shrpx_memcached_dispatcher.h" #include "shrpx_memcached_dispatcher.h"
#include "shrpx_memcached_request.h" #include "shrpx_memcached_request.h"
#include "shrpx_process.h" #include "shrpx_process.h"
#include "shrpx_ssl.h" #include "shrpx_tls.h"
#include "shrpx_log.h" #include "shrpx_log.h"
#include "util.h" #include "util.h"
#include "app_helper.h" #include "app_helper.h"
@ -448,7 +448,7 @@ int worker_process_event_loop(WorkerProcessConfig *wpconf) {
MemchunkPool mcpool; MemchunkPool mcpool;
ev_timer renew_ticket_key_timer; ev_timer renew_ticket_key_timer;
if (ssl::upstream_tls_enabled(config->conn)) { if (tls::upstream_tls_enabled(config->conn)) {
auto &ticketconf = config->tls.ticket; auto &ticketconf = config->tls.ticket;
auto &memcachedconf = ticketconf.memcached; auto &memcachedconf = ticketconf.memcached;
@ -547,7 +547,7 @@ int worker_process_event_loop(WorkerProcessConfig *wpconf) {
ipcev.data = &conn_handler; ipcev.data = &conn_handler;
ev_io_start(loop, &ipcev); ev_io_start(loop, &ipcev);
if (ssl::upstream_tls_enabled(config->conn) && !config->tls.ocsp.disabled) { if (tls::upstream_tls_enabled(config->conn) && !config->tls.ocsp.disabled) {
conn_handler.proceed_next_cert_ocsp(); conn_handler.proceed_next_cert_ocsp();
} }