nghttpx: Use std::unique_ptr<char[]> instead of char*
This commit is contained in:
parent
19ed13c753
commit
14b818efc8
72
src/shrpx.cc
72
src/shrpx.cc
|
@ -144,14 +144,15 @@ evconnlistener* create_evlistener(ListenHandler *handler, int family)
|
|||
hints.ai_flags |= AI_ADDRCONFIG;
|
||||
#endif // AI_ADDRCONFIG
|
||||
|
||||
auto node = strcmp("*", get_config()->host) == 0 ? NULL : get_config()->host;
|
||||
auto node = strcmp("*", get_config()->host.get()) == 0 ?
|
||||
nullptr : get_config()->host.get();
|
||||
|
||||
addrinfo *res, *rp;
|
||||
r = getaddrinfo(node, service.c_str(), &hints, &res);
|
||||
if(r != 0) {
|
||||
if(LOG_ENABLED(INFO)) {
|
||||
LOG(INFO) << "Unable to get IPv" << (family == AF_INET ? "4" : "6")
|
||||
<< " address for " << get_config()->host << ": "
|
||||
<< " address for " << get_config()->host.get() << ": "
|
||||
<< gai_strerror(r);
|
||||
}
|
||||
return NULL;
|
||||
|
@ -240,11 +241,12 @@ void drop_privileges()
|
|||
namespace {
|
||||
void save_pid()
|
||||
{
|
||||
std::ofstream out(get_config()->pid_file, std::ios::binary);
|
||||
std::ofstream out(get_config()->pid_file.get(), std::ios::binary);
|
||||
out << getpid() << "\n";
|
||||
out.close();
|
||||
if(!out) {
|
||||
LOG(ERROR) << "Could not save PID to file " << get_config()->pid_file;
|
||||
LOG(ERROR) << "Could not save PID to file "
|
||||
<< get_config()->pid_file.get();
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
}
|
||||
|
@ -288,7 +290,7 @@ int event_loop()
|
|||
auto evlistener4 = create_evlistener(listener_handler, AF_INET);
|
||||
if(!evlistener6 && !evlistener4) {
|
||||
LOG(FATAL) << "Failed to listen on address "
|
||||
<< get_config()->host << ", port " << get_config()->port;
|
||||
<< get_config()->host.get() << ", port " << get_config()->port;
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
|
@ -347,11 +349,11 @@ void fill_default_config()
|
|||
mod_config()->daemon = false;
|
||||
|
||||
mod_config()->server_name = "nghttpx nghttp2/" NGHTTP2_VERSION;
|
||||
set_config_str(&mod_config()->host, "*");
|
||||
mod_config()->host = strcopy("*");
|
||||
mod_config()->port = 3000;
|
||||
mod_config()->private_key_file = 0;
|
||||
mod_config()->private_key_passwd = 0;
|
||||
mod_config()->cert_file = 0;
|
||||
mod_config()->private_key_file = nullptr;
|
||||
mod_config()->private_key_passwd = nullptr;
|
||||
mod_config()->cert_file = nullptr;
|
||||
|
||||
// Read timeout for HTTP2 upstream connection
|
||||
mod_config()->http2_upstream_read_timeout.tv_sec = 180;
|
||||
|
@ -388,9 +390,9 @@ void fill_default_config()
|
|||
mod_config()->upstream_no_tls = false;
|
||||
mod_config()->downstream_no_tls = false;
|
||||
|
||||
set_config_str(&mod_config()->downstream_host, "127.0.0.1");
|
||||
mod_config()->downstream_host = strcopy("127.0.0.1");
|
||||
mod_config()->downstream_port = 80;
|
||||
mod_config()->downstream_hostport = 0;
|
||||
mod_config()->downstream_hostport = nullptr;
|
||||
mod_config()->downstream_addrlen = 0;
|
||||
|
||||
mod_config()->num_worker = 1;
|
||||
|
@ -398,13 +400,13 @@ void fill_default_config()
|
|||
mod_config()->add_x_forwarded_for = false;
|
||||
mod_config()->no_via = false;
|
||||
mod_config()->accesslog = false;
|
||||
set_config_str(&mod_config()->conf_path, "/etc/nghttpx/nghttpx.conf");
|
||||
mod_config()->conf_path = strcopy("/etc/nghttpx/nghttpx.conf");
|
||||
mod_config()->syslog = false;
|
||||
mod_config()->syslog_facility = LOG_DAEMON;
|
||||
mod_config()->use_syslog = false;
|
||||
// Default accept() backlog
|
||||
mod_config()->backlog = -1;
|
||||
mod_config()->ciphers = 0;
|
||||
mod_config()->ciphers = nullptr;
|
||||
mod_config()->honor_cipher_order = false;
|
||||
mod_config()->http2_proxy = false;
|
||||
mod_config()->http2_bridge = false;
|
||||
|
@ -412,16 +414,16 @@ void fill_default_config()
|
|||
mod_config()->client = false;
|
||||
mod_config()->client_mode = false;
|
||||
mod_config()->insecure = false;
|
||||
mod_config()->cacert = 0;
|
||||
mod_config()->pid_file = 0;
|
||||
mod_config()->cacert = nullptr;
|
||||
mod_config()->pid_file = nullptr;
|
||||
mod_config()->uid = 0;
|
||||
mod_config()->gid = 0;
|
||||
mod_config()->backend_ipv4 = false;
|
||||
mod_config()->backend_ipv6 = false;
|
||||
mod_config()->tty = isatty(fileno(stderr));
|
||||
mod_config()->cert_tree = 0;
|
||||
mod_config()->downstream_http_proxy_userinfo = 0;
|
||||
mod_config()->downstream_http_proxy_host = 0;
|
||||
mod_config()->downstream_http_proxy_userinfo = nullptr;
|
||||
mod_config()->downstream_http_proxy_host = nullptr;
|
||||
mod_config()->downstream_http_proxy_port = 0;
|
||||
mod_config()->downstream_http_proxy_addrlen = 0;
|
||||
mod_config()->rate_limit_cfg = nullptr;
|
||||
|
@ -497,14 +499,14 @@ Connections:
|
|||
-b, --backend=<HOST,PORT>
|
||||
Set backend host and port.
|
||||
Default: ')"
|
||||
<< get_config()->downstream_host << ","
|
||||
<< get_config()->downstream_host.get() << ","
|
||||
<< get_config()->downstream_port << R"('
|
||||
-f, --frontend=<HOST,PORT>
|
||||
Set frontend host and port. If <HOST> is '*', it
|
||||
assumes all addresses including both IPv4 and
|
||||
IPv6.
|
||||
Default: ')"
|
||||
<< get_config()->host << "," << get_config()->port << R"('
|
||||
<< get_config()->host.get() << "," << get_config()->port << R"('
|
||||
--backlog=<NUM> Set listen backlog size. If -1 is given,
|
||||
libevent will choose suitable value.
|
||||
Default: )"
|
||||
|
@ -798,7 +800,7 @@ Misc:
|
|||
intended to be used to drop root privileges.
|
||||
--conf=<PATH> Load configuration from <PATH>.
|
||||
Default: )"
|
||||
<< get_config()->conf_path << R"(
|
||||
<< get_config()->conf_path.get() << R"(
|
||||
-v, --version Print version and exit.
|
||||
-h, --help Print this help and exit.)"
|
||||
<< std::endl;
|
||||
|
@ -978,7 +980,7 @@ int main(int argc, char **argv)
|
|||
break;
|
||||
case 12:
|
||||
// --conf
|
||||
set_config_str(&mod_config()->conf_path, optarg);
|
||||
mod_config()->conf_path = strcopy(optarg);
|
||||
break;
|
||||
case 13:
|
||||
// --syslog
|
||||
|
@ -1166,10 +1168,10 @@ int main(int argc, char **argv)
|
|||
nghttp2::ssl::LibsslGlobalLock();
|
||||
#endif // NOTHREADS
|
||||
|
||||
if(conf_exists(get_config()->conf_path)) {
|
||||
if(load_config(get_config()->conf_path) == -1) {
|
||||
if(conf_exists(get_config()->conf_path.get())) {
|
||||
if(load_config(get_config()->conf_path.get()) == -1) {
|
||||
LOG(FATAL) << "Failed to load configuration from "
|
||||
<< get_config()->conf_path;
|
||||
<< get_config()->conf_path.get();
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
}
|
||||
|
@ -1211,13 +1213,13 @@ int main(int argc, char **argv)
|
|||
|
||||
if(get_config()->cert_file && get_config()->private_key_file) {
|
||||
mod_config()->default_ssl_ctx =
|
||||
ssl::create_ssl_context(get_config()->private_key_file,
|
||||
get_config()->cert_file);
|
||||
ssl::create_ssl_context(get_config()->private_key_file.get(),
|
||||
get_config()->cert_file.get());
|
||||
if(get_config()->cert_tree) {
|
||||
if(ssl::cert_lookup_tree_add_cert_from_file(get_config()->cert_tree,
|
||||
if(ssl::cert_lookup_tree_add_cert_from_file
|
||||
(get_config()->cert_tree,
|
||||
get_config()->default_ssl_ctx,
|
||||
get_config()->cert_file)
|
||||
== -1) {
|
||||
get_config()->cert_file.get()) == -1) {
|
||||
LOG(FATAL) << "Failed to parse command-line argument.";
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
@ -1256,15 +1258,16 @@ int main(int argc, char **argv)
|
|||
}
|
||||
|
||||
bool downstream_ipv6_addr =
|
||||
is_ipv6_numeric_addr(get_config()->downstream_host);
|
||||
is_ipv6_numeric_addr(get_config()->downstream_host.get());
|
||||
|
||||
{
|
||||
std::string hostport;
|
||||
|
||||
if(downstream_ipv6_addr) {
|
||||
hostport += "[";
|
||||
}
|
||||
|
||||
hostport += get_config()->downstream_host;
|
||||
hostport += get_config()->downstream_host.get();
|
||||
|
||||
if(downstream_ipv6_addr) {
|
||||
hostport += "]";
|
||||
|
@ -1273,14 +1276,15 @@ int main(int argc, char **argv)
|
|||
hostport += ":";
|
||||
hostport += util::utos(get_config()->downstream_port);
|
||||
|
||||
set_config_str(&mod_config()->downstream_hostport, hostport.c_str());
|
||||
mod_config()->downstream_hostport = strcopy(hostport);
|
||||
}
|
||||
|
||||
if(LOG_ENABLED(INFO)) {
|
||||
LOG(INFO) << "Resolving backend address";
|
||||
}
|
||||
if(resolve_hostname(&mod_config()->downstream_addr,
|
||||
&mod_config()->downstream_addrlen,
|
||||
get_config()->downstream_host,
|
||||
get_config()->downstream_host.get(),
|
||||
get_config()->downstream_port,
|
||||
get_config()->backend_ipv4 ? AF_INET :
|
||||
(get_config()->backend_ipv6 ?
|
||||
|
@ -1294,7 +1298,7 @@ int main(int argc, char **argv)
|
|||
}
|
||||
if(resolve_hostname(&mod_config()->downstream_http_proxy_addr,
|
||||
&mod_config()->downstream_http_proxy_addrlen,
|
||||
get_config()->downstream_http_proxy_host,
|
||||
get_config()->downstream_http_proxy_host.get(),
|
||||
get_config()->downstream_http_proxy_port,
|
||||
AF_UNSPEC) == -1) {
|
||||
exit(EXIT_FAILURE);
|
||||
|
|
|
@ -222,12 +222,20 @@ std::string read_passwd_from_file(const char *filename)
|
|||
return line;
|
||||
}
|
||||
|
||||
void set_config_str(char **destp, const char *val)
|
||||
std::unique_ptr<char[]> strcopy(const char *val)
|
||||
{
|
||||
if(*destp) {
|
||||
free(*destp);
|
||||
}
|
||||
*destp = strdup(val);
|
||||
auto len = strlen(val);
|
||||
auto res = util::make_unique<char[]>(len + 1);
|
||||
memcpy(res.get(), val, len + 1);
|
||||
return res;
|
||||
}
|
||||
|
||||
std::unique_ptr<char[]> strcopy(const std::string& val)
|
||||
{
|
||||
auto len = val.size();
|
||||
auto res = util::make_unique<char[]>(len + 1);
|
||||
memcpy(res.get(), val.c_str(), len + 1);
|
||||
return res;
|
||||
}
|
||||
|
||||
std::unique_ptr<char*[]> parse_config_str_list(size_t *outlen, const char *s)
|
||||
|
@ -275,17 +283,17 @@ int parse_config(const char *opt, const char *optarg)
|
|||
if(util::strieq(opt, SHRPX_OPT_BACKEND)) {
|
||||
if(split_host_port(host, sizeof(host), &port, optarg) == -1) {
|
||||
return -1;
|
||||
} else {
|
||||
set_config_str(&mod_config()->downstream_host, host);
|
||||
mod_config()->downstream_port = port;
|
||||
}
|
||||
|
||||
mod_config()->downstream_host = strcopy(host);
|
||||
mod_config()->downstream_port = port;
|
||||
} else if(util::strieq(opt, SHRPX_OPT_FRONTEND)) {
|
||||
if(split_host_port(host, sizeof(host), &port, optarg) == -1) {
|
||||
return -1;
|
||||
} else {
|
||||
set_config_str(&mod_config()->host, host);
|
||||
mod_config()->port = port;
|
||||
}
|
||||
|
||||
mod_config()->host = strcopy(host);
|
||||
mod_config()->port = port;
|
||||
} else if(util::strieq(opt, SHRPX_OPT_WORKERS)) {
|
||||
mod_config()->num_worker = strtol(optarg, nullptr, 10);
|
||||
} else if(util::strieq(opt, SHRPX_OPT_HTTP2_MAX_CONCURRENT_STREAMS)) {
|
||||
|
@ -374,9 +382,9 @@ int parse_config(const char *opt, const char *optarg)
|
|||
} else if(util::strieq(opt, SHRPX_OPT_BACKEND_NO_TLS)) {
|
||||
mod_config()->downstream_no_tls = util::strieq(optarg, "yes");
|
||||
} else if(util::strieq(opt, SHRPX_OPT_BACKEND_TLS_SNI_FIELD)) {
|
||||
set_config_str(&mod_config()->backend_tls_sni_name, optarg);
|
||||
mod_config()->backend_tls_sni_name = strcopy(optarg);
|
||||
} else if(util::strieq(opt, SHRPX_OPT_PID_FILE)) {
|
||||
set_config_str(&mod_config()->pid_file, optarg);
|
||||
mod_config()->pid_file = strcopy(optarg);
|
||||
} else if(util::strieq(opt, SHRPX_OPT_USER)) {
|
||||
auto pwd = getpwnam(optarg);
|
||||
if(!pwd) {
|
||||
|
@ -387,18 +395,18 @@ int parse_config(const char *opt, const char *optarg)
|
|||
mod_config()->uid = pwd->pw_uid;
|
||||
mod_config()->gid = pwd->pw_gid;
|
||||
} else if(util::strieq(opt, SHRPX_OPT_PRIVATE_KEY_FILE)) {
|
||||
set_config_str(&mod_config()->private_key_file, optarg);
|
||||
mod_config()->private_key_file = strcopy(optarg);
|
||||
} else if(util::strieq(opt, SHRPX_OPT_PRIVATE_KEY_PASSWD_FILE)) {
|
||||
auto passwd = read_passwd_from_file(optarg);
|
||||
if (passwd.empty()) {
|
||||
LOG(ERROR) << "Couldn't read key file's passwd from " << optarg;
|
||||
return -1;
|
||||
}
|
||||
set_config_str(&mod_config()->private_key_passwd, passwd.c_str());
|
||||
mod_config()->private_key_passwd = strcopy(passwd);
|
||||
} else if(util::strieq(opt, SHRPX_OPT_CERTIFICATE_FILE)) {
|
||||
set_config_str(&mod_config()->cert_file, optarg);
|
||||
mod_config()->cert_file = strcopy(optarg);
|
||||
} else if(util::strieq(opt, SHRPX_OPT_DH_PARAM_FILE)) {
|
||||
set_config_str(&mod_config()->dh_param_file, optarg);
|
||||
mod_config()->dh_param_file = strcopy(optarg);
|
||||
} else if(util::strieq(opt, SHRPX_OPT_SUBCERT)) {
|
||||
// Private Key file and certificate file separated by ':'.
|
||||
const char *sp = strchr(optarg, ':');
|
||||
|
@ -419,7 +427,7 @@ int parse_config(const char *opt, const char *optarg)
|
|||
} else if(util::strieq(opt, SHRPX_OPT_BACKLOG)) {
|
||||
mod_config()->backlog = strtol(optarg, nullptr, 10);
|
||||
} else if(util::strieq(opt, SHRPX_OPT_CIPHERS)) {
|
||||
set_config_str(&mod_config()->ciphers, optarg);
|
||||
mod_config()->ciphers = strcopy(optarg);
|
||||
} else if(util::strieq(opt, SHRPX_OPT_HONOR_CIPHER_ORDER)) {
|
||||
mod_config()->honor_cipher_order = util::strieq(optarg, "yes");
|
||||
} else if(util::strieq(opt, SHRPX_OPT_CLIENT)) {
|
||||
|
@ -427,7 +435,7 @@ int parse_config(const char *opt, const char *optarg)
|
|||
} else if(util::strieq(opt, SHRPX_OPT_INSECURE)) {
|
||||
mod_config()->insecure = util::strieq(optarg, "yes");
|
||||
} else if(util::strieq(opt, SHRPX_OPT_CACERT)) {
|
||||
set_config_str(&mod_config()->cacert, optarg);
|
||||
mod_config()->cacert = strcopy(optarg);
|
||||
} else if(util::strieq(opt, SHRPX_OPT_BACKEND_IPV4)) {
|
||||
mod_config()->backend_ipv4 = util::strieq(optarg, "yes");
|
||||
} else if(util::strieq(opt, SHRPX_OPT_BACKEND_IPV6)) {
|
||||
|
@ -445,13 +453,12 @@ int parse_config(const char *opt, const char *optarg)
|
|||
// userinfo component is empty string.
|
||||
if(!val.empty()) {
|
||||
val = util::percentDecode(val.begin(), val.end());
|
||||
set_config_str(&mod_config()->downstream_http_proxy_userinfo,
|
||||
val.c_str());
|
||||
mod_config()->downstream_http_proxy_userinfo = strcopy(val);
|
||||
}
|
||||
}
|
||||
if(u.field_set & UF_HOST) {
|
||||
http2::copy_url_component(val, &u, UF_HOST, optarg);
|
||||
set_config_str(&mod_config()->downstream_http_proxy_host, val.c_str());
|
||||
mod_config()->downstream_http_proxy_host = strcopy(val);
|
||||
} else {
|
||||
LOG(ERROR) << "backend-http-proxy-uri does not contain hostname";
|
||||
return -1;
|
||||
|
@ -493,11 +500,11 @@ int parse_config(const char *opt, const char *optarg)
|
|||
} else if(util::strieq(opt, SHRPX_OPT_VERIFY_CLIENT)) {
|
||||
mod_config()->verify_client = util::strieq(optarg, "yes");
|
||||
} else if(util::strieq(opt, SHRPX_OPT_VERIFY_CLIENT_CACERT)) {
|
||||
set_config_str(&mod_config()->verify_client_cacert, optarg);
|
||||
mod_config()->verify_client_cacert = strcopy(optarg);
|
||||
} else if(util::strieq(opt, SHRPX_OPT_CLIENT_PRIVATE_KEY_FILE)) {
|
||||
set_config_str(&mod_config()->client_private_key_file, optarg);
|
||||
mod_config()->client_private_key_file = strcopy(optarg);
|
||||
} else if(util::strieq(opt, SHRPX_OPT_CLIENT_CERT_FILE)) {
|
||||
set_config_str(&mod_config()->client_cert_file, optarg);
|
||||
mod_config()->client_cert_file = strcopy(optarg);
|
||||
} else if(util::strieq(opt, SHRPX_OPT_FRONTEND_HTTP2_DUMP_REQUEST_HEADER)) {
|
||||
auto f = open_file_for_write(optarg);
|
||||
if(f == NULL) {
|
||||
|
|
|
@ -162,25 +162,25 @@ struct Config {
|
|||
timeval downstream_read_timeout;
|
||||
timeval downstream_write_timeout;
|
||||
timeval downstream_idle_read_timeout;
|
||||
char *host;
|
||||
char *private_key_file;
|
||||
char *private_key_passwd;
|
||||
char *cert_file;
|
||||
char *dh_param_file;
|
||||
std::unique_ptr<char[]> host;
|
||||
std::unique_ptr<char[]> private_key_file;
|
||||
std::unique_ptr<char[]> private_key_passwd;
|
||||
std::unique_ptr<char[]> cert_file;
|
||||
std::unique_ptr<char[]> dh_param_file;
|
||||
SSL_CTX *default_ssl_ctx;
|
||||
ssl::CertLookupTree *cert_tree;
|
||||
const char *server_name;
|
||||
char *downstream_host;
|
||||
char *downstream_hostport;
|
||||
char *backend_tls_sni_name;
|
||||
char *pid_file;
|
||||
char *conf_path;
|
||||
char *ciphers;
|
||||
char *cacert;
|
||||
std::unique_ptr<char[]> downstream_host;
|
||||
std::unique_ptr<char[]> downstream_hostport;
|
||||
std::unique_ptr<char[]> backend_tls_sni_name;
|
||||
std::unique_ptr<char[]> pid_file;
|
||||
std::unique_ptr<char[]> conf_path;
|
||||
std::unique_ptr<char[]> ciphers;
|
||||
std::unique_ptr<char[]> cacert;
|
||||
// userinfo in http proxy URI, not percent-encoded form
|
||||
char *downstream_http_proxy_userinfo;
|
||||
std::unique_ptr<char[]> downstream_http_proxy_userinfo;
|
||||
// host in http proxy URI
|
||||
char *downstream_http_proxy_host;
|
||||
std::unique_ptr<char[]> downstream_http_proxy_host;
|
||||
// Rate limit configuration per connection
|
||||
ev_token_bucket_cfg *rate_limit_cfg;
|
||||
// Rate limit configuration per worker (thread)
|
||||
|
@ -194,9 +194,9 @@ struct Config {
|
|||
char **tls_proto_list;
|
||||
// Path to file containing CA certificate solely used for client
|
||||
// certificate validation
|
||||
char *verify_client_cacert;
|
||||
char *client_private_key_file;
|
||||
char *client_cert_file;
|
||||
std::unique_ptr<char[]> verify_client_cacert;
|
||||
std::unique_ptr<char[]> client_private_key_file;
|
||||
std::unique_ptr<char[]> client_cert_file;
|
||||
FILE *http2_upstream_dump_request_header;
|
||||
FILE *http2_upstream_dump_response_header;
|
||||
nghttp2_option *http2_option;
|
||||
|
@ -293,9 +293,11 @@ std::unique_ptr<char*[]> parse_config_str_list(size_t *outlen, const char *s);
|
|||
// allowed. This function returns pair of NAME and VALUE.
|
||||
std::pair<std::string, std::string> parse_header(const char *optarg);
|
||||
|
||||
// Copies NULL-terminated string |val| to |*destp|. If |*destp| is not
|
||||
// NULL, it is freed before copying.
|
||||
void set_config_str(char **destp, const char *val);
|
||||
// Returns a copy of NULL-terminated string |val|.
|
||||
std::unique_ptr<char[]> strcopy(const char *val);
|
||||
|
||||
// Returns a copy of val.c_str().
|
||||
std::unique_ptr<char[]> strcopy(const std::string& val);
|
||||
|
||||
// Returns string for syslog |facility|.
|
||||
const char* str_syslog_facility(int facility);
|
||||
|
|
|
@ -338,15 +338,16 @@ void proxy_eventcb(bufferevent *bev, short events, void *ptr)
|
|||
SSLOG(INFO, http2session) << "Connected to the proxy";
|
||||
}
|
||||
std::string req = "CONNECT ";
|
||||
req += get_config()->downstream_hostport;
|
||||
req += get_config()->downstream_hostport.get();
|
||||
req += " HTTP/1.1\r\nHost: ";
|
||||
req += get_config()->downstream_host;
|
||||
req += get_config()->downstream_host.get();
|
||||
req += "\r\n";
|
||||
if(get_config()->downstream_http_proxy_userinfo) {
|
||||
req += "Proxy-Authorization: Basic ";
|
||||
size_t len = strlen(get_config()->downstream_http_proxy_userinfo);
|
||||
req += base64::encode(get_config()->downstream_http_proxy_userinfo,
|
||||
get_config()->downstream_http_proxy_userinfo+len);
|
||||
size_t len = strlen(get_config()->downstream_http_proxy_userinfo.get());
|
||||
req += base64::encode
|
||||
(get_config()->downstream_http_proxy_userinfo.get(),
|
||||
get_config()->downstream_http_proxy_userinfo.get() + len);
|
||||
req += "\r\n";
|
||||
}
|
||||
req += "\r\n";
|
||||
|
@ -393,7 +394,8 @@ int Http2Session::initiate_connection()
|
|||
if(get_config()->downstream_http_proxy_host && state_ == DISCONNECTED) {
|
||||
if(LOG_ENABLED(INFO)) {
|
||||
SSLOG(INFO, this) << "Connecting to the proxy "
|
||||
<< get_config()->downstream_http_proxy_host << ":"
|
||||
<< get_config()->downstream_http_proxy_host.get()
|
||||
<< ":"
|
||||
<< get_config()->downstream_http_proxy_port;
|
||||
}
|
||||
bev_ = bufferevent_socket_new(evbase_, -1, BEV_OPT_DEFER_CALLBACKS);
|
||||
|
@ -414,7 +416,8 @@ int Http2Session::initiate_connection()
|
|||
get_config()->downstream_http_proxy_addrlen);
|
||||
if(rv != 0) {
|
||||
SSLOG(ERROR, this) << "Failed to connect to the proxy "
|
||||
<< get_config()->downstream_http_proxy_host << ":"
|
||||
<< get_config()->downstream_http_proxy_host.get()
|
||||
<< ":"
|
||||
<< get_config()->downstream_http_proxy_port;
|
||||
return SHRPX_ERR_NETWORK;
|
||||
}
|
||||
|
@ -442,13 +445,13 @@ int Http2Session::initiate_connection()
|
|||
|
||||
const char *sni_name = nullptr;
|
||||
if ( get_config()->backend_tls_sni_name ) {
|
||||
sni_name = get_config()->backend_tls_sni_name;
|
||||
sni_name = get_config()->backend_tls_sni_name.get();
|
||||
}
|
||||
else {
|
||||
sni_name = get_config()->downstream_host;
|
||||
sni_name = get_config()->downstream_host.get();
|
||||
}
|
||||
|
||||
if(!util::numeric_host(sni_name)) {
|
||||
if(sni_name && !util::numeric_host(sni_name)) {
|
||||
// TLS extensions: SNI. There is no documentation about the return
|
||||
// code for this function (actually this is macro wrapping SSL_ctrl
|
||||
// at the time of this writing).
|
||||
|
|
|
@ -107,13 +107,13 @@ namespace {
|
|||
int ssl_pem_passwd_cb(char *buf, int size, int rwflag, void *user_data)
|
||||
{
|
||||
auto config = static_cast<Config*>(user_data);
|
||||
int len = (int)strlen(config->private_key_passwd);
|
||||
int len = (int)strlen(config->private_key_passwd.get());
|
||||
if (size < len + 1) {
|
||||
LOG(ERROR) << "ssl_pem_passwd_cb: buf is too small " << size;
|
||||
return 0;
|
||||
}
|
||||
// Copy string including last '\0'.
|
||||
memcpy(buf, config->private_key_passwd, len+1);
|
||||
memcpy(buf, config->private_key_passwd.get(), len + 1);
|
||||
return len;
|
||||
}
|
||||
} // namespace
|
||||
|
@ -252,7 +252,7 @@ SSL_CTX* create_ssl_context(const char *private_key_file,
|
|||
|
||||
const char *ciphers;
|
||||
if(get_config()->ciphers) {
|
||||
ciphers = get_config()->ciphers;
|
||||
ciphers = get_config()->ciphers.get();
|
||||
// If ciphers are given, honor its order unconditionally
|
||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||
} else {
|
||||
|
@ -291,7 +291,7 @@ SSL_CTX* create_ssl_context(const char *private_key_file,
|
|||
|
||||
if(get_config()->dh_param_file) {
|
||||
// Read DH parameters from file
|
||||
auto bio = BIO_new_file(get_config()->dh_param_file, "r");
|
||||
auto bio = BIO_new_file(get_config()->dh_param_file.get(), "r");
|
||||
if(bio == nullptr) {
|
||||
LOG(FATAL) << "BIO_new_file() failed: "
|
||||
<< ERR_error_string(ERR_get_error(), nullptr);
|
||||
|
@ -333,11 +333,11 @@ SSL_CTX* create_ssl_context(const char *private_key_file,
|
|||
}
|
||||
if(get_config()->verify_client) {
|
||||
if(get_config()->verify_client_cacert) {
|
||||
if(SSL_CTX_load_verify_locations(ssl_ctx,
|
||||
get_config()->verify_client_cacert,
|
||||
nullptr) != 1) {
|
||||
if(SSL_CTX_load_verify_locations
|
||||
(ssl_ctx, get_config()->verify_client_cacert.get(), nullptr) != 1) {
|
||||
|
||||
LOG(FATAL) << "Could not load trusted ca certificates from "
|
||||
<< get_config()->verify_client_cacert << ": "
|
||||
<< get_config()->verify_client_cacert.get() << ": "
|
||||
<< ERR_error_string(ERR_get_error(), nullptr);
|
||||
DIE();
|
||||
}
|
||||
|
@ -345,10 +345,11 @@ SSL_CTX* create_ssl_context(const char *private_key_file,
|
|||
// error even though it returns success. See
|
||||
// http://forum.nginx.org/read.php?29,242540
|
||||
ERR_clear_error();
|
||||
auto list = SSL_load_client_CA_file(get_config()->verify_client_cacert);
|
||||
auto list = SSL_load_client_CA_file
|
||||
(get_config()->verify_client_cacert.get());
|
||||
if(!list) {
|
||||
LOG(FATAL) << "Could not load ca certificates from "
|
||||
<< get_config()->verify_client_cacert << ": "
|
||||
<< get_config()->verify_client_cacert.get() << ": "
|
||||
<< ERR_error_string(ERR_get_error(), nullptr);
|
||||
DIE();
|
||||
}
|
||||
|
@ -405,7 +406,7 @@ SSL_CTX* create_ssl_client_context()
|
|||
|
||||
const char *ciphers;
|
||||
if(get_config()->ciphers) {
|
||||
ciphers = get_config()->ciphers;
|
||||
ciphers = get_config()->ciphers.get();
|
||||
} else {
|
||||
ciphers = "HIGH:!aNULL:!eNULL";
|
||||
}
|
||||
|
@ -425,10 +426,11 @@ SSL_CTX* create_ssl_client_context()
|
|||
}
|
||||
|
||||
if(get_config()->cacert) {
|
||||
if(SSL_CTX_load_verify_locations(ssl_ctx, get_config()->cacert, nullptr)
|
||||
!= 1) {
|
||||
if(SSL_CTX_load_verify_locations
|
||||
(ssl_ctx, get_config()->cacert.get(), nullptr) != 1) {
|
||||
|
||||
LOG(FATAL) << "Could not load trusted ca certificates from "
|
||||
<< get_config()->cacert << ": "
|
||||
<< get_config()->cacert.get() << ": "
|
||||
<< ERR_error_string(ERR_get_error(), nullptr);
|
||||
DIE();
|
||||
}
|
||||
|
@ -436,20 +438,20 @@ SSL_CTX* create_ssl_client_context()
|
|||
|
||||
if(get_config()->client_private_key_file) {
|
||||
if(SSL_CTX_use_PrivateKey_file(ssl_ctx,
|
||||
get_config()->client_private_key_file,
|
||||
get_config()->client_private_key_file.get(),
|
||||
SSL_FILETYPE_PEM) != 1) {
|
||||
LOG(FATAL) << "Could not load client private key from "
|
||||
<< get_config()->client_private_key_file << ": "
|
||||
<< get_config()->client_private_key_file.get() << ": "
|
||||
<< ERR_error_string(ERR_get_error(), nullptr);
|
||||
DIE();
|
||||
}
|
||||
}
|
||||
if(get_config()->client_cert_file) {
|
||||
if(SSL_CTX_use_certificate_chain_file(ssl_ctx,
|
||||
get_config()->client_cert_file)
|
||||
!= 1) {
|
||||
if(SSL_CTX_use_certificate_chain_file
|
||||
(ssl_ctx, get_config()->client_cert_file.get()) != 1) {
|
||||
|
||||
LOG(FATAL) << "Could not load client certificate from "
|
||||
<< get_config()->client_cert_file << ": "
|
||||
<< get_config()->client_cert_file.get() << ": "
|
||||
<< ERR_error_string(ERR_get_error(), nullptr);
|
||||
DIE();
|
||||
}
|
||||
|
@ -686,7 +688,7 @@ int check_cert(SSL *ssl)
|
|||
std::vector<std::string> dns_names;
|
||||
std::vector<std::string> ip_addrs;
|
||||
get_altnames(cert, dns_names, ip_addrs, common_name);
|
||||
if(verify_hostname(get_config()->downstream_host,
|
||||
if(verify_hostname(get_config()->downstream_host.get(),
|
||||
&get_config()->downstream_addr,
|
||||
get_config()->downstream_addrlen,
|
||||
dns_names, ip_addrs, common_name) != 0) {
|
||||
|
|
Loading…
Reference in New Issue