walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Use ImmutableString for tls.client_verify.cacert

This commit is contained in:
Tatsuhiro Tsujikawa 2016-02-14 21:09:15 +09:00
parent 52f6417813
commit 529a59d309
3 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/shrpx_config.cc
View File

@ -1907,7 +1907,7 @@ int parse_config(const char *opt, const char *optarg,
return 0;
case SHRPX_OPTID_VERIFY_CLIENT_CACERT:
mod_config()->tls.client_verify.cacert = strcopy(optarg);
mod_config()->tls.client_verify.cacert = optarg;
return 0;
case SHRPX_OPTID_CLIENT_PRIVATE_KEY_FILE:

2
src/shrpx_config.h
View File

@ -402,7 +402,7 @@ struct TLSConfig {
struct {
// Path to file containing CA certificate solely used for client
// certificate validation
std::unique_ptr<char[]> cacert;
ImmutableString cacert;
bool enabled;
} client_verify;

10
src/shrpx_ssl.cc
View File

@ -579,12 +579,12 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
DIE();
}
if (tlsconf.client_verify.enabled) {
if (tlsconf.client_verify.cacert) {
if (!tlsconf.client_verify.cacert.empty()) {
if (SSL_CTX_load_verify_locations(
ssl_ctx, tlsconf.client_verify.cacert.get(), nullptr) != 1) {
ssl_ctx, tlsconf.client_verify.cacert.c_str(), nullptr) != 1) {
LOG(FATAL) << "Could not load trusted ca certificates from "
<< tlsconf.client_verify.cacert.get() << ": "
<< tlsconf.client_verify.cacert << ": "
<< ERR_error_string(ERR_get_error(), nullptr);
DIE();
}
@ -592,10 +592,10 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
// error even though it returns success. See
// http://forum.nginx.org/read.php?29,242540
ERR_clear_error();
auto list = SSL_load_client_CA_file(tlsconf.client_verify.cacert.get());
auto list = SSL_load_client_CA_file(tlsconf.client_verify.cacert.c_str());
if (!list) {
LOG(FATAL) << "Could not load ca certificates from "
<< tlsconf.client_verify.cacert.get() << ": "
<< tlsconf.client_verify.cacert << ": "
<< ERR_error_string(ERR_get_error(), nullptr);
DIE();
}