nghttpx: Reorganize client side TLS configuration
This commit is contained in:
parent
55bf6cdb15
commit
36dfc0a56a
|
@ -1265,7 +1265,7 @@ int parse_psk_secrets(Config *config, const StringRef &path) {
|
||||||
|
|
||||||
namespace {
|
namespace {
|
||||||
// Reads PSK secrets from path, and parses each line. The result is
|
// Reads PSK secrets from path, and parses each line. The result is
|
||||||
// directly stored into config->tls.client_psk. This function returns
|
// directly stored into config->tls.client.psk. This function returns
|
||||||
// 0 if it succeeds, or -1.
|
// 0 if it succeeds, or -1.
|
||||||
int parse_client_psk_secrets(Config *config, const StringRef &path) {
|
int parse_client_psk_secrets(Config *config, const StringRef &path) {
|
||||||
auto &tlsconf = config->tls;
|
auto &tlsconf = config->tls;
|
||||||
|
@ -1310,10 +1310,10 @@ int parse_client_psk_secrets(Config *config, const StringRef &path) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsconf.client_psk.identity =
|
tlsconf.client.psk.identity =
|
||||||
make_string_ref(config->balloc, StringRef{std::begin(line), sep_it});
|
make_string_ref(config->balloc, StringRef{std::begin(line), sep_it});
|
||||||
|
|
||||||
tlsconf.client_psk.secret =
|
tlsconf.client.psk.secret =
|
||||||
util::decode_hex(config->balloc, StringRef{sep_it + 1, std::end(line)});
|
util::decode_hex(config->balloc, StringRef{sep_it + 1, std::end(line)});
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
@ -546,18 +546,17 @@ struct TLSConfig {
|
||||||
bool enabled;
|
bool enabled;
|
||||||
} client_verify;
|
} client_verify;
|
||||||
|
|
||||||
// Client private key and certificate used in backend connections.
|
// Client (backend connection) TLS configuration.
|
||||||
struct {
|
struct {
|
||||||
StringRef private_key_file;
|
|
||||||
StringRef cert_file;
|
|
||||||
} client;
|
|
||||||
|
|
||||||
// Client PSK configuration
|
// Client PSK configuration
|
||||||
struct {
|
struct {
|
||||||
// identity must be NULL terminated string.
|
// identity must be NULL terminated string.
|
||||||
StringRef identity;
|
StringRef identity;
|
||||||
StringRef secret;
|
StringRef secret;
|
||||||
} client_psk;
|
} psk;
|
||||||
|
StringRef private_key_file;
|
||||||
|
StringRef cert_file;
|
||||||
|
} client;
|
||||||
|
|
||||||
// PSK secrets. The key is identity, and the associated value is
|
// PSK secrets. The key is identity, and the associated value is
|
||||||
// its secret.
|
// its secret.
|
||||||
|
|
|
@ -556,8 +556,8 @@ unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity_out,
|
||||||
auto config = get_config();
|
auto config = get_config();
|
||||||
auto &tlsconf = config->tls;
|
auto &tlsconf = config->tls;
|
||||||
|
|
||||||
auto &identity = tlsconf.client_psk.identity;
|
auto &identity = tlsconf.client.psk.identity;
|
||||||
auto &secret = tlsconf.client_psk.secret;
|
auto &secret = tlsconf.client.psk.secret;
|
||||||
|
|
||||||
if (identity.empty()) {
|
if (identity.empty()) {
|
||||||
return 0;
|
return 0;
|
||||||
|
|
Loading…
Reference in New Issue