walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Reorganize client side TLS configuration

This commit is contained in:
Tatsuhiro Tsujikawa 2017-01-08 22:25:30 +09:00
parent 55bf6cdb15
commit 36dfc0a56a
3 changed files with 12 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/shrpx_config.cc
View File

@ -1265,7 +1265,7 @@ int parse_psk_secrets(Config *config, const StringRef &path) {
namespace { namespace {
// Reads PSK secrets from path, and parses each line. The result is // Reads PSK secrets from path, and parses each line. The result is
// directly stored into config->tls.client_psk. This function returns // directly stored into config->tls.client.psk. This function returns
// 0 if it succeeds, or -1. // 0 if it succeeds, or -1.
int parse_client_psk_secrets(Config *config, const StringRef &path) { int parse_client_psk_secrets(Config *config, const StringRef &path) {
auto &tlsconf = config->tls; auto &tlsconf = config->tls;
@ -1310,10 +1310,10 @@ int parse_client_psk_secrets(Config *config, const StringRef &path) {
return -1; return -1;
} }
tlsconf.client_psk.identity = tlsconf.client.psk.identity =
make_string_ref(config->balloc, StringRef{std::begin(line), sep_it}); make_string_ref(config->balloc, StringRef{std::begin(line), sep_it});
tlsconf.client_psk.secret = tlsconf.client.psk.secret =
util::decode_hex(config->balloc, StringRef{sep_it + 1, std::end(line)}); util::decode_hex(config->balloc, StringRef{sep_it + 1, std::end(line)});
return 0; return 0;

15
src/shrpx_config.h
View File

@ -546,19 +546,18 @@ struct TLSConfig {
bool enabled; bool enabled;
} client_verify; } client_verify;
// Client private key and certificate used in backend connections. // Client (backend connection) TLS configuration.
struct { struct {
// Client PSK configuration
struct {
// identity must be NULL terminated string.
StringRef identity;
StringRef secret;
} psk;
StringRef private_key_file; StringRef private_key_file;
StringRef cert_file; StringRef cert_file;
} client; } client;
// Client PSK configuration
struct {
// identity must be NULL terminated string.
StringRef identity;
StringRef secret;
} client_psk;
// PSK secrets. The key is identity, and the associated value is // PSK secrets. The key is identity, and the associated value is
// its secret. // its secret.
std::map<StringRef, StringRef> psk_secrets; std::map<StringRef, StringRef> psk_secrets;

4
src/shrpx_ssl.cc
View File

@ -556,8 +556,8 @@ unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity_out,
auto config = get_config(); auto config = get_config();
auto &tlsconf = config->tls; auto &tlsconf = config->tls;
auto &identity = tlsconf.client_psk.identity; auto &identity = tlsconf.client.psk.identity;
auto &secret = tlsconf.client_psk.secret; auto &secret = tlsconf.client.psk.secret;
if (identity.empty()) { if (identity.empty()) {
return 0; return 0;