nghttpx: Use ImmutableString for tls.client_verify.cacert

2016-02-14 21:09:15 +09:00 · 2016-02-14 21:09:15 +09:00 · 529a59d309
parent 52f6417813
commit 529a59d309
3 changed files with 7 additions and 7 deletions
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@ -1907,7 +1907,7 @@ int parse_config(const char *opt, const char *optarg,

    return 0;
  case SHRPX_OPTID_VERIFY_CLIENT_CACERT:
-    mod_config()->tls.client_verify.cacert = strcopy(optarg);
+    mod_config()->tls.client_verify.cacert = optarg;

    return 0;
  case SHRPX_OPTID_CLIENT_PRIVATE_KEY_FILE:
--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@ -402,7 +402,7 @@ struct TLSConfig {
  struct {
    // Path to file containing CA certificate solely used for client
    // certificate validation
-    std::unique_ptr<char[]> cacert;
+    ImmutableString cacert;
    bool enabled;
  } client_verify;

--- a/src/shrpx_ssl.cc
+++ b/src/shrpx_ssl.cc
@ -579,12 +579,12 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
    DIE();
  }
  if (tlsconf.client_verify.enabled) {
-    if (tlsconf.client_verify.cacert) {
+    if (!tlsconf.client_verify.cacert.empty()) {
      if (SSL_CTX_load_verify_locations(
-              ssl_ctx, tlsconf.client_verify.cacert.get(), nullptr) != 1) {
+              ssl_ctx, tlsconf.client_verify.cacert.c_str(), nullptr) != 1) {

        LOG(FATAL) << "Could not load trusted ca certificates from "
-                   << tlsconf.client_verify.cacert.get() << ": "
+                   << tlsconf.client_verify.cacert << ": "
                   << ERR_error_string(ERR_get_error(), nullptr);
        DIE();
      }
@ -592,10 +592,10 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
      // error even though it returns success. See
      // http://forum.nginx.org/read.php?29,242540
      ERR_clear_error();
-      auto list = SSL_load_client_CA_file(tlsconf.client_verify.cacert.get());
+      auto list = SSL_load_client_CA_file(tlsconf.client_verify.cacert.c_str());
      if (!list) {
        LOG(FATAL) << "Could not load ca certificates from "
-                   << tlsconf.client_verify.cacert.get() << ": "
+                   << tlsconf.client_verify.cacert << ": "
                   << ERR_error_string(ERR_get_error(), nullptr);
        DIE();
      }