nghttpx: Reorganize client side TLS configuration

This commit is contained in:
Tatsuhiro Tsujikawa 2017-01-08 22:25:30 +09:00
parent 55bf6cdb15
commit 36dfc0a56a
3 changed files with 12 additions and 13 deletions

View File

@ -1265,7 +1265,7 @@ int parse_psk_secrets(Config *config, const StringRef &path) {
namespace { namespace {
// Reads PSK secrets from path, and parses each line. The result is // Reads PSK secrets from path, and parses each line. The result is
// directly stored into config->tls.client_psk. This function returns // directly stored into config->tls.client.psk. This function returns
// 0 if it succeeds, or -1. // 0 if it succeeds, or -1.
int parse_client_psk_secrets(Config *config, const StringRef &path) { int parse_client_psk_secrets(Config *config, const StringRef &path) {
auto &tlsconf = config->tls; auto &tlsconf = config->tls;
@ -1310,10 +1310,10 @@ int parse_client_psk_secrets(Config *config, const StringRef &path) {
return -1; return -1;
} }
tlsconf.client_psk.identity = tlsconf.client.psk.identity =
make_string_ref(config->balloc, StringRef{std::begin(line), sep_it}); make_string_ref(config->balloc, StringRef{std::begin(line), sep_it});
tlsconf.client_psk.secret = tlsconf.client.psk.secret =
util::decode_hex(config->balloc, StringRef{sep_it + 1, std::end(line)}); util::decode_hex(config->balloc, StringRef{sep_it + 1, std::end(line)});
return 0; return 0;

View File

@ -546,18 +546,17 @@ struct TLSConfig {
bool enabled; bool enabled;
} client_verify; } client_verify;
// Client private key and certificate used in backend connections. // Client (backend connection) TLS configuration.
struct { struct {
StringRef private_key_file;
StringRef cert_file;
} client;
// Client PSK configuration // Client PSK configuration
struct { struct {
// identity must be NULL terminated string. // identity must be NULL terminated string.
StringRef identity; StringRef identity;
StringRef secret; StringRef secret;
} client_psk; } psk;
StringRef private_key_file;
StringRef cert_file;
} client;
// PSK secrets. The key is identity, and the associated value is // PSK secrets. The key is identity, and the associated value is
// its secret. // its secret.

View File

@ -556,8 +556,8 @@ unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity_out,
auto config = get_config(); auto config = get_config();
auto &tlsconf = config->tls; auto &tlsconf = config->tls;
auto &identity = tlsconf.client_psk.identity; auto &identity = tlsconf.client.psk.identity;
auto &secret = tlsconf.client_psk.secret; auto &secret = tlsconf.client.psk.secret;
if (identity.empty()) { if (identity.empty()) {
return 0; return 0;