walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Use std::string for Downstream::backend_tls_sni_name

This commit is contained in:
Tatsuhiro Tsujikawa 2016-01-17 01:00:15 +09:00
parent 34d5382d66
commit 2c7ed01f0c
4 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/shrpx_config.cc
View File

@ -1599,7 +1599,7 @@ int parse_config(const char *opt, const char *optarg,
return 0; return 0;
case SHRPX_OPTID_BACKEND_TLS_SNI_FIELD: case SHRPX_OPTID_BACKEND_TLS_SNI_FIELD:
mod_config()->backend_tls_sni_name = strcopy(optarg); mod_config()->backend_tls_sni_name = optarg;
return 0; return 0;
case SHRPX_OPTID_PID_FILE: case SHRPX_OPTID_PID_FILE:

2
src/shrpx_config.h
View File

@ -310,6 +310,7 @@ struct Config {
// field. This is only used when user defined static obfuscated // field. This is only used when user defined static obfuscated
// string is provided. // string is provided.
std::string forwarded_for_obfuscated; std::string forwarded_for_obfuscated;
std::string backend_tls_sni_name;
std::chrono::seconds tls_session_timeout; std::chrono::seconds tls_session_timeout;
ev_tstamp http2_upstream_read_timeout; ev_tstamp http2_upstream_read_timeout;
ev_tstamp upstream_read_timeout; ev_tstamp upstream_read_timeout;
@ -329,7 +330,6 @@ struct Config {
std::unique_ptr<char[]> private_key_passwd; std::unique_ptr<char[]> private_key_passwd;
std::unique_ptr<char[]> cert_file; std::unique_ptr<char[]> cert_file;
std::unique_ptr<char[]> dh_param_file; std::unique_ptr<char[]> dh_param_file;
std::unique_ptr<char[]> backend_tls_sni_name;
std::unique_ptr<char[]> pid_file; std::unique_ptr<char[]> pid_file;
std::unique_ptr<char[]> conf_path; std::unique_ptr<char[]> conf_path;
std::unique_ptr<char[]> ciphers; std::unique_ptr<char[]> ciphers;

4
src/shrpx_http2_session.cc
View File

@ -335,8 +335,8 @@ int Http2Session::initiate_connection() {
} }
const char *sni_name = nullptr; const char *sni_name = nullptr;
if (get_config()->backend_tls_sni_name) { if (!get_config()->backend_tls_sni_name.empty()) {
sni_name = get_config()->backend_tls_sni_name.get(); sni_name = get_config()->backend_tls_sni_name.c_str();
} else { } else {
sni_name = downstream_addr.host.c_str(); sni_name = downstream_addr.host.c_str();
} }

9
src/shrpx_ssl.cc
View File

@ -971,10 +971,11 @@ int check_cert(SSL *ssl, const DownstreamAddr *addr) {
<< X509_verify_cert_error_string(verify_res); << X509_verify_cert_error_string(verify_res);
return -1; return -1;
} }
auto hostname = get_config()->backend_tls_sni_name auto hostname = !get_config()->backend_tls_sni_name.empty()
? get_config()->backend_tls_sni_name.get() ? StringAdaptor(get_config()->backend_tls_sni_name)
: addr->host.c_str(); : StringAdaptor(addr->host);
if (verify_hostname(cert, hostname, strlen(hostname), &addr->addr) != 0) { if (verify_hostname(cert, hostname.c_str(), hostname.size(), &addr->addr) !=
0) {
LOG(ERROR) << "Certificate verification failed: hostname does not match"; LOG(ERROR) << "Certificate verification failed: hostname does not match";
return -1; return -1;
} }