From 14b818efc89d3e968189e7756bafc76ad16e4beb Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Sun, 8 Jun 2014 21:02:40 +0900 Subject: [PATCH] nghttpx: Use std::unique_ptr instead of char* --- src/shrpx.cc | 98 ++++++++++++++++++++------------------ src/shrpx_config.cc | 57 ++++++++++++---------- src/shrpx_config.h | 42 ++++++++-------- src/shrpx_http2_session.cc | 23 +++++---- src/shrpx_ssl.cc | 44 +++++++++-------- 5 files changed, 141 insertions(+), 123 deletions(-) diff --git a/src/shrpx.cc b/src/shrpx.cc index c4a96deb..73ddbb01 100644 --- a/src/shrpx.cc +++ b/src/shrpx.cc @@ -144,14 +144,15 @@ evconnlistener* create_evlistener(ListenHandler *handler, int family) hints.ai_flags |= AI_ADDRCONFIG; #endif // AI_ADDRCONFIG - auto node = strcmp("*", get_config()->host) == 0 ? NULL : get_config()->host; + auto node = strcmp("*", get_config()->host.get()) == 0 ? + nullptr : get_config()->host.get(); addrinfo *res, *rp; r = getaddrinfo(node, service.c_str(), &hints, &res); if(r != 0) { if(LOG_ENABLED(INFO)) { LOG(INFO) << "Unable to get IPv" << (family == AF_INET ? "4" : "6") - << " address for " << get_config()->host << ": " + << " address for " << get_config()->host.get() << ": " << gai_strerror(r); } return NULL; @@ -240,11 +241,12 @@ void drop_privileges() namespace { void save_pid() { - std::ofstream out(get_config()->pid_file, std::ios::binary); + std::ofstream out(get_config()->pid_file.get(), std::ios::binary); out << getpid() << "\n"; out.close(); if(!out) { - LOG(ERROR) << "Could not save PID to file " << get_config()->pid_file; + LOG(ERROR) << "Could not save PID to file " + << get_config()->pid_file.get(); exit(EXIT_FAILURE); } } @@ -288,7 +290,7 @@ int event_loop() auto evlistener4 = create_evlistener(listener_handler, AF_INET); if(!evlistener6 && !evlistener4) { LOG(FATAL) << "Failed to listen on address " - << get_config()->host << ", port " << get_config()->port; + << get_config()->host.get() << ", port " << get_config()->port; exit(EXIT_FAILURE); } @@ -347,11 +349,11 @@ void fill_default_config() mod_config()->daemon = false; mod_config()->server_name = "nghttpx nghttp2/" NGHTTP2_VERSION; - set_config_str(&mod_config()->host, "*"); + mod_config()->host = strcopy("*"); mod_config()->port = 3000; - mod_config()->private_key_file = 0; - mod_config()->private_key_passwd = 0; - mod_config()->cert_file = 0; + mod_config()->private_key_file = nullptr; + mod_config()->private_key_passwd = nullptr; + mod_config()->cert_file = nullptr; // Read timeout for HTTP2 upstream connection mod_config()->http2_upstream_read_timeout.tv_sec = 180; @@ -388,9 +390,9 @@ void fill_default_config() mod_config()->upstream_no_tls = false; mod_config()->downstream_no_tls = false; - set_config_str(&mod_config()->downstream_host, "127.0.0.1"); + mod_config()->downstream_host = strcopy("127.0.0.1"); mod_config()->downstream_port = 80; - mod_config()->downstream_hostport = 0; + mod_config()->downstream_hostport = nullptr; mod_config()->downstream_addrlen = 0; mod_config()->num_worker = 1; @@ -398,13 +400,13 @@ void fill_default_config() mod_config()->add_x_forwarded_for = false; mod_config()->no_via = false; mod_config()->accesslog = false; - set_config_str(&mod_config()->conf_path, "/etc/nghttpx/nghttpx.conf"); + mod_config()->conf_path = strcopy("/etc/nghttpx/nghttpx.conf"); mod_config()->syslog = false; mod_config()->syslog_facility = LOG_DAEMON; mod_config()->use_syslog = false; // Default accept() backlog mod_config()->backlog = -1; - mod_config()->ciphers = 0; + mod_config()->ciphers = nullptr; mod_config()->honor_cipher_order = false; mod_config()->http2_proxy = false; mod_config()->http2_bridge = false; @@ -412,16 +414,16 @@ void fill_default_config() mod_config()->client = false; mod_config()->client_mode = false; mod_config()->insecure = false; - mod_config()->cacert = 0; - mod_config()->pid_file = 0; + mod_config()->cacert = nullptr; + mod_config()->pid_file = nullptr; mod_config()->uid = 0; mod_config()->gid = 0; mod_config()->backend_ipv4 = false; mod_config()->backend_ipv6 = false; mod_config()->tty = isatty(fileno(stderr)); mod_config()->cert_tree = 0; - mod_config()->downstream_http_proxy_userinfo = 0; - mod_config()->downstream_http_proxy_host = 0; + mod_config()->downstream_http_proxy_userinfo = nullptr; + mod_config()->downstream_http_proxy_host = nullptr; mod_config()->downstream_http_proxy_port = 0; mod_config()->downstream_http_proxy_addrlen = 0; mod_config()->rate_limit_cfg = nullptr; @@ -497,14 +499,14 @@ Connections: -b, --backend= Set backend host and port. Default: ')" - << get_config()->downstream_host << "," + << get_config()->downstream_host.get() << "," << get_config()->downstream_port << R"(' -f, --frontend= Set frontend host and port. If is '*', it assumes all addresses including both IPv4 and IPv6. Default: ')" - << get_config()->host << "," << get_config()->port << R"(' + << get_config()->host.get() << "," << get_config()->port << R"(' --backlog= Set listen backlog size. If -1 is given, libevent will choose suitable value. Default: )" @@ -798,7 +800,7 @@ Misc: intended to be used to drop root privileges. --conf= Load configuration from . Default: )" - << get_config()->conf_path << R"( + << get_config()->conf_path.get() << R"( -v, --version Print version and exit. -h, --help Print this help and exit.)" << std::endl; @@ -978,7 +980,7 @@ int main(int argc, char **argv) break; case 12: // --conf - set_config_str(&mod_config()->conf_path, optarg); + mod_config()->conf_path = strcopy(optarg); break; case 13: // --syslog @@ -1166,10 +1168,10 @@ int main(int argc, char **argv) nghttp2::ssl::LibsslGlobalLock(); #endif // NOTHREADS - if(conf_exists(get_config()->conf_path)) { - if(load_config(get_config()->conf_path) == -1) { + if(conf_exists(get_config()->conf_path.get())) { + if(load_config(get_config()->conf_path.get()) == -1) { LOG(FATAL) << "Failed to load configuration from " - << get_config()->conf_path; + << get_config()->conf_path.get(); exit(EXIT_FAILURE); } } @@ -1211,13 +1213,13 @@ int main(int argc, char **argv) if(get_config()->cert_file && get_config()->private_key_file) { mod_config()->default_ssl_ctx = - ssl::create_ssl_context(get_config()->private_key_file, - get_config()->cert_file); + ssl::create_ssl_context(get_config()->private_key_file.get(), + get_config()->cert_file.get()); if(get_config()->cert_tree) { - if(ssl::cert_lookup_tree_add_cert_from_file(get_config()->cert_tree, - get_config()->default_ssl_ctx, - get_config()->cert_file) - == -1) { + if(ssl::cert_lookup_tree_add_cert_from_file + (get_config()->cert_tree, + get_config()->default_ssl_ctx, + get_config()->cert_file.get()) == -1) { LOG(FATAL) << "Failed to parse command-line argument."; exit(EXIT_FAILURE); } @@ -1256,31 +1258,33 @@ int main(int argc, char **argv) } bool downstream_ipv6_addr = - is_ipv6_numeric_addr(get_config()->downstream_host); + is_ipv6_numeric_addr(get_config()->downstream_host.get()); - std::string hostport; + { + std::string hostport; - if(downstream_ipv6_addr) { - hostport += "["; + if(downstream_ipv6_addr) { + hostport += "["; + } + + hostport += get_config()->downstream_host.get(); + + if(downstream_ipv6_addr) { + hostport += "]"; + } + + hostport += ":"; + hostport += util::utos(get_config()->downstream_port); + + mod_config()->downstream_hostport = strcopy(hostport); } - hostport += get_config()->downstream_host; - - if(downstream_ipv6_addr) { - hostport += "]"; - } - - hostport += ":"; - hostport += util::utos(get_config()->downstream_port); - - set_config_str(&mod_config()->downstream_hostport, hostport.c_str()); - if(LOG_ENABLED(INFO)) { LOG(INFO) << "Resolving backend address"; } if(resolve_hostname(&mod_config()->downstream_addr, &mod_config()->downstream_addrlen, - get_config()->downstream_host, + get_config()->downstream_host.get(), get_config()->downstream_port, get_config()->backend_ipv4 ? AF_INET : (get_config()->backend_ipv6 ? @@ -1294,7 +1298,7 @@ int main(int argc, char **argv) } if(resolve_hostname(&mod_config()->downstream_http_proxy_addr, &mod_config()->downstream_http_proxy_addrlen, - get_config()->downstream_http_proxy_host, + get_config()->downstream_http_proxy_host.get(), get_config()->downstream_http_proxy_port, AF_UNSPEC) == -1) { exit(EXIT_FAILURE); diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc index 0c6e125b..3c0bbe1f 100644 --- a/src/shrpx_config.cc +++ b/src/shrpx_config.cc @@ -222,12 +222,20 @@ std::string read_passwd_from_file(const char *filename) return line; } -void set_config_str(char **destp, const char *val) +std::unique_ptr strcopy(const char *val) { - if(*destp) { - free(*destp); - } - *destp = strdup(val); + auto len = strlen(val); + auto res = util::make_unique(len + 1); + memcpy(res.get(), val, len + 1); + return res; +} + +std::unique_ptr strcopy(const std::string& val) +{ + auto len = val.size(); + auto res = util::make_unique(len + 1); + memcpy(res.get(), val.c_str(), len + 1); + return res; } std::unique_ptr parse_config_str_list(size_t *outlen, const char *s) @@ -275,17 +283,17 @@ int parse_config(const char *opt, const char *optarg) if(util::strieq(opt, SHRPX_OPT_BACKEND)) { if(split_host_port(host, sizeof(host), &port, optarg) == -1) { return -1; - } else { - set_config_str(&mod_config()->downstream_host, host); - mod_config()->downstream_port = port; } + + mod_config()->downstream_host = strcopy(host); + mod_config()->downstream_port = port; } else if(util::strieq(opt, SHRPX_OPT_FRONTEND)) { if(split_host_port(host, sizeof(host), &port, optarg) == -1) { return -1; - } else { - set_config_str(&mod_config()->host, host); - mod_config()->port = port; } + + mod_config()->host = strcopy(host); + mod_config()->port = port; } else if(util::strieq(opt, SHRPX_OPT_WORKERS)) { mod_config()->num_worker = strtol(optarg, nullptr, 10); } else if(util::strieq(opt, SHRPX_OPT_HTTP2_MAX_CONCURRENT_STREAMS)) { @@ -374,9 +382,9 @@ int parse_config(const char *opt, const char *optarg) } else if(util::strieq(opt, SHRPX_OPT_BACKEND_NO_TLS)) { mod_config()->downstream_no_tls = util::strieq(optarg, "yes"); } else if(util::strieq(opt, SHRPX_OPT_BACKEND_TLS_SNI_FIELD)) { - set_config_str(&mod_config()->backend_tls_sni_name, optarg); + mod_config()->backend_tls_sni_name = strcopy(optarg); } else if(util::strieq(opt, SHRPX_OPT_PID_FILE)) { - set_config_str(&mod_config()->pid_file, optarg); + mod_config()->pid_file = strcopy(optarg); } else if(util::strieq(opt, SHRPX_OPT_USER)) { auto pwd = getpwnam(optarg); if(!pwd) { @@ -387,18 +395,18 @@ int parse_config(const char *opt, const char *optarg) mod_config()->uid = pwd->pw_uid; mod_config()->gid = pwd->pw_gid; } else if(util::strieq(opt, SHRPX_OPT_PRIVATE_KEY_FILE)) { - set_config_str(&mod_config()->private_key_file, optarg); + mod_config()->private_key_file = strcopy(optarg); } else if(util::strieq(opt, SHRPX_OPT_PRIVATE_KEY_PASSWD_FILE)) { auto passwd = read_passwd_from_file(optarg); if (passwd.empty()) { LOG(ERROR) << "Couldn't read key file's passwd from " << optarg; return -1; } - set_config_str(&mod_config()->private_key_passwd, passwd.c_str()); + mod_config()->private_key_passwd = strcopy(passwd); } else if(util::strieq(opt, SHRPX_OPT_CERTIFICATE_FILE)) { - set_config_str(&mod_config()->cert_file, optarg); + mod_config()->cert_file = strcopy(optarg); } else if(util::strieq(opt, SHRPX_OPT_DH_PARAM_FILE)) { - set_config_str(&mod_config()->dh_param_file, optarg); + mod_config()->dh_param_file = strcopy(optarg); } else if(util::strieq(opt, SHRPX_OPT_SUBCERT)) { // Private Key file and certificate file separated by ':'. const char *sp = strchr(optarg, ':'); @@ -419,7 +427,7 @@ int parse_config(const char *opt, const char *optarg) } else if(util::strieq(opt, SHRPX_OPT_BACKLOG)) { mod_config()->backlog = strtol(optarg, nullptr, 10); } else if(util::strieq(opt, SHRPX_OPT_CIPHERS)) { - set_config_str(&mod_config()->ciphers, optarg); + mod_config()->ciphers = strcopy(optarg); } else if(util::strieq(opt, SHRPX_OPT_HONOR_CIPHER_ORDER)) { mod_config()->honor_cipher_order = util::strieq(optarg, "yes"); } else if(util::strieq(opt, SHRPX_OPT_CLIENT)) { @@ -427,7 +435,7 @@ int parse_config(const char *opt, const char *optarg) } else if(util::strieq(opt, SHRPX_OPT_INSECURE)) { mod_config()->insecure = util::strieq(optarg, "yes"); } else if(util::strieq(opt, SHRPX_OPT_CACERT)) { - set_config_str(&mod_config()->cacert, optarg); + mod_config()->cacert = strcopy(optarg); } else if(util::strieq(opt, SHRPX_OPT_BACKEND_IPV4)) { mod_config()->backend_ipv4 = util::strieq(optarg, "yes"); } else if(util::strieq(opt, SHRPX_OPT_BACKEND_IPV6)) { @@ -445,13 +453,12 @@ int parse_config(const char *opt, const char *optarg) // userinfo component is empty string. if(!val.empty()) { val = util::percentDecode(val.begin(), val.end()); - set_config_str(&mod_config()->downstream_http_proxy_userinfo, - val.c_str()); + mod_config()->downstream_http_proxy_userinfo = strcopy(val); } } if(u.field_set & UF_HOST) { http2::copy_url_component(val, &u, UF_HOST, optarg); - set_config_str(&mod_config()->downstream_http_proxy_host, val.c_str()); + mod_config()->downstream_http_proxy_host = strcopy(val); } else { LOG(ERROR) << "backend-http-proxy-uri does not contain hostname"; return -1; @@ -493,11 +500,11 @@ int parse_config(const char *opt, const char *optarg) } else if(util::strieq(opt, SHRPX_OPT_VERIFY_CLIENT)) { mod_config()->verify_client = util::strieq(optarg, "yes"); } else if(util::strieq(opt, SHRPX_OPT_VERIFY_CLIENT_CACERT)) { - set_config_str(&mod_config()->verify_client_cacert, optarg); + mod_config()->verify_client_cacert = strcopy(optarg); } else if(util::strieq(opt, SHRPX_OPT_CLIENT_PRIVATE_KEY_FILE)) { - set_config_str(&mod_config()->client_private_key_file, optarg); + mod_config()->client_private_key_file = strcopy(optarg); } else if(util::strieq(opt, SHRPX_OPT_CLIENT_CERT_FILE)) { - set_config_str(&mod_config()->client_cert_file, optarg); + mod_config()->client_cert_file = strcopy(optarg); } else if(util::strieq(opt, SHRPX_OPT_FRONTEND_HTTP2_DUMP_REQUEST_HEADER)) { auto f = open_file_for_write(optarg); if(f == NULL) { diff --git a/src/shrpx_config.h b/src/shrpx_config.h index 0e26db12..2d556cf0 100644 --- a/src/shrpx_config.h +++ b/src/shrpx_config.h @@ -162,25 +162,25 @@ struct Config { timeval downstream_read_timeout; timeval downstream_write_timeout; timeval downstream_idle_read_timeout; - char *host; - char *private_key_file; - char *private_key_passwd; - char *cert_file; - char *dh_param_file; + std::unique_ptr host; + std::unique_ptr private_key_file; + std::unique_ptr private_key_passwd; + std::unique_ptr cert_file; + std::unique_ptr dh_param_file; SSL_CTX *default_ssl_ctx; ssl::CertLookupTree *cert_tree; const char *server_name; - char *downstream_host; - char *downstream_hostport; - char *backend_tls_sni_name; - char *pid_file; - char *conf_path; - char *ciphers; - char *cacert; + std::unique_ptr downstream_host; + std::unique_ptr downstream_hostport; + std::unique_ptr backend_tls_sni_name; + std::unique_ptr pid_file; + std::unique_ptr conf_path; + std::unique_ptr ciphers; + std::unique_ptr cacert; // userinfo in http proxy URI, not percent-encoded form - char *downstream_http_proxy_userinfo; + std::unique_ptr downstream_http_proxy_userinfo; // host in http proxy URI - char *downstream_http_proxy_host; + std::unique_ptr downstream_http_proxy_host; // Rate limit configuration per connection ev_token_bucket_cfg *rate_limit_cfg; // Rate limit configuration per worker (thread) @@ -194,9 +194,9 @@ struct Config { char **tls_proto_list; // Path to file containing CA certificate solely used for client // certificate validation - char *verify_client_cacert; - char *client_private_key_file; - char *client_cert_file; + std::unique_ptr verify_client_cacert; + std::unique_ptr client_private_key_file; + std::unique_ptr client_cert_file; FILE *http2_upstream_dump_request_header; FILE *http2_upstream_dump_response_header; nghttp2_option *http2_option; @@ -293,9 +293,11 @@ std::unique_ptr parse_config_str_list(size_t *outlen, const char *s); // allowed. This function returns pair of NAME and VALUE. std::pair parse_header(const char *optarg); -// Copies NULL-terminated string |val| to |*destp|. If |*destp| is not -// NULL, it is freed before copying. -void set_config_str(char **destp, const char *val); +// Returns a copy of NULL-terminated string |val|. +std::unique_ptr strcopy(const char *val); + +// Returns a copy of val.c_str(). +std::unique_ptr strcopy(const std::string& val); // Returns string for syslog |facility|. const char* str_syslog_facility(int facility); diff --git a/src/shrpx_http2_session.cc b/src/shrpx_http2_session.cc index 42167028..d44ec3ee 100644 --- a/src/shrpx_http2_session.cc +++ b/src/shrpx_http2_session.cc @@ -338,15 +338,16 @@ void proxy_eventcb(bufferevent *bev, short events, void *ptr) SSLOG(INFO, http2session) << "Connected to the proxy"; } std::string req = "CONNECT "; - req += get_config()->downstream_hostport; + req += get_config()->downstream_hostport.get(); req += " HTTP/1.1\r\nHost: "; - req += get_config()->downstream_host; + req += get_config()->downstream_host.get(); req += "\r\n"; if(get_config()->downstream_http_proxy_userinfo) { req += "Proxy-Authorization: Basic "; - size_t len = strlen(get_config()->downstream_http_proxy_userinfo); - req += base64::encode(get_config()->downstream_http_proxy_userinfo, - get_config()->downstream_http_proxy_userinfo+len); + size_t len = strlen(get_config()->downstream_http_proxy_userinfo.get()); + req += base64::encode + (get_config()->downstream_http_proxy_userinfo.get(), + get_config()->downstream_http_proxy_userinfo.get() + len); req += "\r\n"; } req += "\r\n"; @@ -393,7 +394,8 @@ int Http2Session::initiate_connection() if(get_config()->downstream_http_proxy_host && state_ == DISCONNECTED) { if(LOG_ENABLED(INFO)) { SSLOG(INFO, this) << "Connecting to the proxy " - << get_config()->downstream_http_proxy_host << ":" + << get_config()->downstream_http_proxy_host.get() + << ":" << get_config()->downstream_http_proxy_port; } bev_ = bufferevent_socket_new(evbase_, -1, BEV_OPT_DEFER_CALLBACKS); @@ -414,7 +416,8 @@ int Http2Session::initiate_connection() get_config()->downstream_http_proxy_addrlen); if(rv != 0) { SSLOG(ERROR, this) << "Failed to connect to the proxy " - << get_config()->downstream_http_proxy_host << ":" + << get_config()->downstream_http_proxy_host.get() + << ":" << get_config()->downstream_http_proxy_port; return SHRPX_ERR_NETWORK; } @@ -442,13 +445,13 @@ int Http2Session::initiate_connection() const char *sni_name = nullptr; if ( get_config()->backend_tls_sni_name ) { - sni_name = get_config()->backend_tls_sni_name; + sni_name = get_config()->backend_tls_sni_name.get(); } else { - sni_name = get_config()->downstream_host; + sni_name = get_config()->downstream_host.get(); } - if(!util::numeric_host(sni_name)) { + if(sni_name && !util::numeric_host(sni_name)) { // TLS extensions: SNI. There is no documentation about the return // code for this function (actually this is macro wrapping SSL_ctrl // at the time of this writing). diff --git a/src/shrpx_ssl.cc b/src/shrpx_ssl.cc index a53c6493..7a3f2118 100644 --- a/src/shrpx_ssl.cc +++ b/src/shrpx_ssl.cc @@ -107,13 +107,13 @@ namespace { int ssl_pem_passwd_cb(char *buf, int size, int rwflag, void *user_data) { auto config = static_cast(user_data); - int len = (int)strlen(config->private_key_passwd); + int len = (int)strlen(config->private_key_passwd.get()); if (size < len + 1) { LOG(ERROR) << "ssl_pem_passwd_cb: buf is too small " << size; return 0; } // Copy string including last '\0'. - memcpy(buf, config->private_key_passwd, len+1); + memcpy(buf, config->private_key_passwd.get(), len + 1); return len; } } // namespace @@ -252,7 +252,7 @@ SSL_CTX* create_ssl_context(const char *private_key_file, const char *ciphers; if(get_config()->ciphers) { - ciphers = get_config()->ciphers; + ciphers = get_config()->ciphers.get(); // If ciphers are given, honor its order unconditionally SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); } else { @@ -291,7 +291,7 @@ SSL_CTX* create_ssl_context(const char *private_key_file, if(get_config()->dh_param_file) { // Read DH parameters from file - auto bio = BIO_new_file(get_config()->dh_param_file, "r"); + auto bio = BIO_new_file(get_config()->dh_param_file.get(), "r"); if(bio == nullptr) { LOG(FATAL) << "BIO_new_file() failed: " << ERR_error_string(ERR_get_error(), nullptr); @@ -333,11 +333,11 @@ SSL_CTX* create_ssl_context(const char *private_key_file, } if(get_config()->verify_client) { if(get_config()->verify_client_cacert) { - if(SSL_CTX_load_verify_locations(ssl_ctx, - get_config()->verify_client_cacert, - nullptr) != 1) { + if(SSL_CTX_load_verify_locations + (ssl_ctx, get_config()->verify_client_cacert.get(), nullptr) != 1) { + LOG(FATAL) << "Could not load trusted ca certificates from " - << get_config()->verify_client_cacert << ": " + << get_config()->verify_client_cacert.get() << ": " << ERR_error_string(ERR_get_error(), nullptr); DIE(); } @@ -345,10 +345,11 @@ SSL_CTX* create_ssl_context(const char *private_key_file, // error even though it returns success. See // http://forum.nginx.org/read.php?29,242540 ERR_clear_error(); - auto list = SSL_load_client_CA_file(get_config()->verify_client_cacert); + auto list = SSL_load_client_CA_file + (get_config()->verify_client_cacert.get()); if(!list) { LOG(FATAL) << "Could not load ca certificates from " - << get_config()->verify_client_cacert << ": " + << get_config()->verify_client_cacert.get() << ": " << ERR_error_string(ERR_get_error(), nullptr); DIE(); } @@ -405,7 +406,7 @@ SSL_CTX* create_ssl_client_context() const char *ciphers; if(get_config()->ciphers) { - ciphers = get_config()->ciphers; + ciphers = get_config()->ciphers.get(); } else { ciphers = "HIGH:!aNULL:!eNULL"; } @@ -425,10 +426,11 @@ SSL_CTX* create_ssl_client_context() } if(get_config()->cacert) { - if(SSL_CTX_load_verify_locations(ssl_ctx, get_config()->cacert, nullptr) - != 1) { + if(SSL_CTX_load_verify_locations + (ssl_ctx, get_config()->cacert.get(), nullptr) != 1) { + LOG(FATAL) << "Could not load trusted ca certificates from " - << get_config()->cacert << ": " + << get_config()->cacert.get() << ": " << ERR_error_string(ERR_get_error(), nullptr); DIE(); } @@ -436,20 +438,20 @@ SSL_CTX* create_ssl_client_context() if(get_config()->client_private_key_file) { if(SSL_CTX_use_PrivateKey_file(ssl_ctx, - get_config()->client_private_key_file, + get_config()->client_private_key_file.get(), SSL_FILETYPE_PEM) != 1) { LOG(FATAL) << "Could not load client private key from " - << get_config()->client_private_key_file << ": " + << get_config()->client_private_key_file.get() << ": " << ERR_error_string(ERR_get_error(), nullptr); DIE(); } } if(get_config()->client_cert_file) { - if(SSL_CTX_use_certificate_chain_file(ssl_ctx, - get_config()->client_cert_file) - != 1) { + if(SSL_CTX_use_certificate_chain_file + (ssl_ctx, get_config()->client_cert_file.get()) != 1) { + LOG(FATAL) << "Could not load client certificate from " - << get_config()->client_cert_file << ": " + << get_config()->client_cert_file.get() << ": " << ERR_error_string(ERR_get_error(), nullptr); DIE(); } @@ -686,7 +688,7 @@ int check_cert(SSL *ssl) std::vector dns_names; std::vector ip_addrs; get_altnames(cert, dns_names, ip_addrs, common_name); - if(verify_hostname(get_config()->downstream_host, + if(verify_hostname(get_config()->downstream_host.get(), &get_config()->downstream_addr, get_config()->downstream_addrlen, dns_names, ip_addrs, common_name) != 0) {