nghttpx: Reorganize client side TLS configuration
This commit is contained in:
parent
55bf6cdb15
commit
36dfc0a56a
|
@ -1265,7 +1265,7 @@ int parse_psk_secrets(Config *config, const StringRef &path) {
|
|||
|
||||
namespace {
|
||||
// Reads PSK secrets from path, and parses each line. The result is
|
||||
// directly stored into config->tls.client_psk. This function returns
|
||||
// directly stored into config->tls.client.psk. This function returns
|
||||
// 0 if it succeeds, or -1.
|
||||
int parse_client_psk_secrets(Config *config, const StringRef &path) {
|
||||
auto &tlsconf = config->tls;
|
||||
|
@ -1310,10 +1310,10 @@ int parse_client_psk_secrets(Config *config, const StringRef &path) {
|
|||
return -1;
|
||||
}
|
||||
|
||||
tlsconf.client_psk.identity =
|
||||
tlsconf.client.psk.identity =
|
||||
make_string_ref(config->balloc, StringRef{std::begin(line), sep_it});
|
||||
|
||||
tlsconf.client_psk.secret =
|
||||
tlsconf.client.psk.secret =
|
||||
util::decode_hex(config->balloc, StringRef{sep_it + 1, std::end(line)});
|
||||
|
||||
return 0;
|
||||
|
|
|
@ -546,18 +546,17 @@ struct TLSConfig {
|
|||
bool enabled;
|
||||
} client_verify;
|
||||
|
||||
// Client private key and certificate used in backend connections.
|
||||
// Client (backend connection) TLS configuration.
|
||||
struct {
|
||||
StringRef private_key_file;
|
||||
StringRef cert_file;
|
||||
} client;
|
||||
|
||||
// Client PSK configuration
|
||||
struct {
|
||||
// identity must be NULL terminated string.
|
||||
StringRef identity;
|
||||
StringRef secret;
|
||||
} client_psk;
|
||||
} psk;
|
||||
StringRef private_key_file;
|
||||
StringRef cert_file;
|
||||
} client;
|
||||
|
||||
// PSK secrets. The key is identity, and the associated value is
|
||||
// its secret.
|
||||
|
|
|
@ -556,8 +556,8 @@ unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity_out,
|
|||
auto config = get_config();
|
||||
auto &tlsconf = config->tls;
|
||||
|
||||
auto &identity = tlsconf.client_psk.identity;
|
||||
auto &secret = tlsconf.client_psk.secret;
|
||||
auto &identity = tlsconf.client.psk.identity;
|
||||
auto &secret = tlsconf.client.psk.secret;
|
||||
|
||||
if (identity.empty()) {
|
||||
return 0;
|
||||
|
|
Loading…
Reference in New Issue