From 2c7ed01f0c5ae3d58a9de7780992c9c0e0d850d1 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 17 Jan 2016 01:00:15 +0900
Subject: [PATCH] nghttpx: Use std::string for Downstream::backend_tls_sni_name

---
 src/shrpx_config.cc        | 2 +-
 src/shrpx_config.h         | 2 +-
 src/shrpx_http2_session.cc | 4 ++--
 src/shrpx_ssl.cc           | 9 +++++----
 4 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc
index 46027f94..b3028b8a 100644
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@@ -1599,7 +1599,7 @@ int parse_config(const char *opt, const char *optarg,
 
     return 0;
   case SHRPX_OPTID_BACKEND_TLS_SNI_FIELD:
-    mod_config()->backend_tls_sni_name = strcopy(optarg);
+    mod_config()->backend_tls_sni_name = optarg;
 
     return 0;
   case SHRPX_OPTID_PID_FILE:
diff --git a/src/shrpx_config.h b/src/shrpx_config.h
index 8d5a4e72..bc9c774f 100644
--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@@ -310,6 +310,7 @@ struct Config {
   // field.  This is only used when user defined static obfuscated
   // string is provided.
   std::string forwarded_for_obfuscated;
+  std::string backend_tls_sni_name;
   std::chrono::seconds tls_session_timeout;
   ev_tstamp http2_upstream_read_timeout;
   ev_tstamp upstream_read_timeout;
@@ -329,7 +330,6 @@ struct Config {
   std::unique_ptr<char[]> private_key_passwd;
   std::unique_ptr<char[]> cert_file;
   std::unique_ptr<char[]> dh_param_file;
-  std::unique_ptr<char[]> backend_tls_sni_name;
   std::unique_ptr<char[]> pid_file;
   std::unique_ptr<char[]> conf_path;
   std::unique_ptr<char[]> ciphers;
diff --git a/src/shrpx_http2_session.cc b/src/shrpx_http2_session.cc
index accd20d6..57f406f1 100644
--- a/src/shrpx_http2_session.cc
+++ b/src/shrpx_http2_session.cc
@@ -335,8 +335,8 @@ int Http2Session::initiate_connection() {
       }
 
       const char *sni_name = nullptr;
-      if (get_config()->backend_tls_sni_name) {
-        sni_name = get_config()->backend_tls_sni_name.get();
+      if (!get_config()->backend_tls_sni_name.empty()) {
+        sni_name = get_config()->backend_tls_sni_name.c_str();
       } else {
         sni_name = downstream_addr.host.c_str();
       }
diff --git a/src/shrpx_ssl.cc b/src/shrpx_ssl.cc
index 8da8db36..b6e613e2 100644
--- a/src/shrpx_ssl.cc
+++ b/src/shrpx_ssl.cc
@@ -971,10 +971,11 @@ int check_cert(SSL *ssl, const DownstreamAddr *addr) {
                << X509_verify_cert_error_string(verify_res);
     return -1;
   }
-  auto hostname = get_config()->backend_tls_sni_name
-                      ? get_config()->backend_tls_sni_name.get()
-                      : addr->host.c_str();
-  if (verify_hostname(cert, hostname, strlen(hostname), &addr->addr) != 0) {
+  auto hostname = !get_config()->backend_tls_sni_name.empty()
+                      ? StringAdaptor(get_config()->backend_tls_sni_name)
+                      : StringAdaptor(addr->host);
+  if (verify_hostname(cert, hostname.c_str(), hostname.size(), &addr->addr) !=
+      0) {
     LOG(ERROR) << "Certificate verification failed: hostname does not match";
     return -1;
   }