nghttpx: Use Use std::string instead of std::unique_ptr<char[]> for tls config
This commit is contained in:
Tatsuhiro Tsujikawa
parent
dd8ce1e9d2
commit
a8574fdef2
|
|
@ -283,13 +283,12 @@ std::vector<Range<const char *>> split_config_str_list(const char *s,
|
|||
return list;
|
||||
}
|
||||
|
||||
std::vector<std::unique_ptr<char[]>> parse_config_str_list(const char *s,
|
||||
char delim) {
|
||||
std::vector<std::string> parse_config_str_list(const char *s, char delim) {
|
||||
auto ranges = split_config_str_list(s, delim);
|
||||
auto res = std::vector<std::unique_ptr<char[]>>();
|
||||
auto res = std::vector<std::string>();
|
||||
res.reserve(ranges.size());
|
||||
for (const auto &range : ranges) {
|
||||
res.push_back(strcopy(range.first, range.second));
|
||||
res.emplace_back(range.first, range.second);
|
||||
}
|
||||
return res;
|
||||
}
|
||||
|
|
@ -1687,30 +1686,28 @@ int parse_config(const char *opt, const char *optarg,
|
|||
|
||||
int port;
|
||||
|
||||
if (parse_uint(&port, opt, tokens[1].get()) != 0) {
|
||||
if (parse_uint(&port, opt, tokens[1].c_str()) != 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (port < 1 ||
|
||||
port > static_cast<int>(std::numeric_limits<uint16_t>::max())) {
|
||||
LOG(ERROR) << opt << ": port is invalid: " << tokens[1].get();
|
||||
LOG(ERROR) << opt << ": port is invalid: " << tokens[1];
|
||||
return -1;
|
||||
}
|
||||
|
||||
AltSvc altsvc;
|
||||
|
||||
altsvc.port = port;
|
||||
|
||||
altsvc.protocol_id = std::move(tokens[0]);
|
||||
altsvc.protocol_id_len = strlen(altsvc.protocol_id.get());
|
||||
|
||||
altsvc.port = port;
|
||||
altsvc.service = std::move(tokens[1]);
|
||||
|
||||
if (tokens.size() > 2) {
|
||||
altsvc.host = std::move(tokens[2]);
|
||||
altsvc.host_len = strlen(altsvc.host.get());
|
||||
|
||||
if (tokens.size() > 3) {
|
||||
altsvc.origin = std::move(tokens[3]);
|
||||
altsvc.origin_len = strlen(altsvc.origin.get());
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -184,15 +184,9 @@ union sockaddr_union {
|
|||
enum shrpx_proto { PROTO_HTTP2, PROTO_HTTP };
|
||||
|
||||
struct AltSvc {
|
||||
AltSvc() : protocol_id_len(0), host_len(0), origin_len(0), port(0) {}
|
||||
AltSvc() : port(0) {}
|
||||
|
||||
std::unique_ptr<char[]> protocol_id;
|
||||
std::unique_ptr<char[]> host;
|
||||
std::unique_ptr<char[]> origin;
|
||||
|
||||
size_t protocol_id_len;
|
||||
size_t host_len;
|
||||
size_t origin_len;
|
||||
std::string protocol_id, host, origin, service;
|
||||
|
||||
uint16_t port;
|
||||
};
|
||||
|
|
@ -251,6 +245,11 @@ struct Config {
|
|||
std::vector<LogFragment> accesslog_format;
|
||||
std::vector<DownstreamAddrGroup> downstream_addr_groups;
|
||||
std::vector<std::string> tls_ticket_key_files;
|
||||
// list of supported NPN/ALPN protocol strings in the order of
|
||||
// preference.
|
||||
std::vector<std::string> npn_list;
|
||||
// list of supported SSL/TLS protocol strings.
|
||||
std::vector<std::string> tls_proto_list;
|
||||
// binary form of http proxy host and port
|
||||
sockaddr_union downstream_http_proxy_addr;
|
||||
ev_tstamp http2_upstream_read_timeout;
|
||||
|
|
@ -286,13 +285,6 @@ struct Config {
|
|||
// ev_token_bucket_cfg *rate_limit_cfg;
|
||||
// // Rate limit configuration per worker (thread)
|
||||
// ev_token_bucket_cfg *worker_rate_limit_cfg;
|
||||
// list of supported NPN/ALPN protocol strings in the order of
|
||||
// preference. The each element of this list is a NULL-terminated
|
||||
// string.
|
||||
std::vector<std::unique_ptr<char[]>> npn_list;
|
||||
// list of supported SSL/TLS protocol strings. The each element of
|
||||
// this list is a NULL-terminated string.
|
||||
std::vector<std::unique_ptr<char[]>> tls_proto_list;
|
||||
// Path to file containing CA certificate solely used for client
|
||||
// certificate validation
|
||||
std::unique_ptr<char[]> verify_client_cacert;
|
||||
|
|
@ -413,8 +405,7 @@ template <typename T> using Range = std::pair<T, T>;
|
|||
// Parses delimited strings in |s| and returns the array of substring,
|
||||
// delimited by |delim|. The any white spaces around substring are
|
||||
// treated as a part of substring.
|
||||
std::vector<std::unique_ptr<char[]>> parse_config_str_list(const char *s,
|
||||
char delim = ',');
|
||||
std::vector<std::string> parse_config_str_list(const char *s, char delim = ',');
|
||||
|
||||
// Parses delimited strings in |s| and returns the array of pointers,
|
||||
// each element points to the beginning and one beyond last of
|
||||
|
|
|
|||
|
|
@ -39,29 +39,29 @@ namespace shrpx {
|
|||
void test_shrpx_config_parse_config_str_list(void) {
|
||||
auto res = parse_config_str_list("a");
|
||||
CU_ASSERT(1 == res.size());
|
||||
CU_ASSERT(0 == strcmp("a", res[0].get()));
|
||||
CU_ASSERT("a" == res[0]);
|
||||
|
||||
res = parse_config_str_list("a,");
|
||||
CU_ASSERT(2 == res.size());
|
||||
CU_ASSERT(0 == strcmp("a", res[0].get()));
|
||||
CU_ASSERT(0 == strcmp("", res[1].get()));
|
||||
CU_ASSERT("a" == res[0]);
|
||||
CU_ASSERT("" == res[1]);
|
||||
|
||||
res = parse_config_str_list(":a::", ':');
|
||||
CU_ASSERT(4 == res.size());
|
||||
CU_ASSERT(0 == strcmp("", res[0].get()));
|
||||
CU_ASSERT(0 == strcmp("a", res[1].get()));
|
||||
CU_ASSERT(0 == strcmp("", res[2].get()));
|
||||
CU_ASSERT(0 == strcmp("", res[3].get()));
|
||||
CU_ASSERT("" == res[0]);
|
||||
CU_ASSERT("a" == res[1]);
|
||||
CU_ASSERT("" == res[2]);
|
||||
CU_ASSERT("" == res[3]);
|
||||
|
||||
res = parse_config_str_list("");
|
||||
CU_ASSERT(1 == res.size());
|
||||
CU_ASSERT(0 == strcmp("", res[0].get()));
|
||||
CU_ASSERT("" == res[0]);
|
||||
|
||||
res = parse_config_str_list("alpha,bravo,charlie");
|
||||
CU_ASSERT(3 == res.size());
|
||||
CU_ASSERT(0 == strcmp("alpha", res[0].get()));
|
||||
CU_ASSERT(0 == strcmp("bravo", res[1].get()));
|
||||
CU_ASSERT(0 == strcmp("charlie", res[2].get()));
|
||||
CU_ASSERT("alpha" == res[0]);
|
||||
CU_ASSERT("bravo" == res[1]);
|
||||
CU_ASSERT("charlie" == res[2]);
|
||||
}
|
||||
|
||||
void test_shrpx_config_parse_header(void) {
|
||||
|
|
|
|||
|
|
@ -844,13 +844,12 @@ int HttpsUpstream::on_downstream_header_complete(Downstream *downstream) {
|
|||
if (!get_config()->altsvcs.empty()) {
|
||||
hdrs += "Alt-Svc: ";
|
||||
|
||||
for (auto &altsvc : get_config()->altsvcs) {
|
||||
hdrs += util::percent_encode_token(altsvc.protocol_id.get());
|
||||
for (const auto &altsvc : get_config()->altsvcs) {
|
||||
hdrs += util::percent_encode_token(altsvc.protocol_id);
|
||||
hdrs += "=\"";
|
||||
hdrs +=
|
||||
util::quote_string(std::string(altsvc.host.get(), altsvc.host_len));
|
||||
hdrs += util::quote_string(altsvc.host);
|
||||
hdrs += ":";
|
||||
hdrs += util::utos(altsvc.port);
|
||||
hdrs += altsvc.service;
|
||||
hdrs += "\", ";
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -87,18 +87,16 @@ int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) {
|
|||
} // namespace
|
||||
|
||||
std::vector<unsigned char>
|
||||
set_alpn_prefs(const std::vector<std::unique_ptr<char[]>> &protos) {
|
||||
set_alpn_prefs(const std::vector<std::string> &protos) {
|
||||
size_t len = 0;
|
||||
|
||||
for (auto &proto : protos) {
|
||||
auto n = strlen(proto.get());
|
||||
|
||||
if (n > 255) {
|
||||
LOG(FATAL) << "Too long ALPN identifier: " << n;
|
||||
for (const auto &proto : protos) {
|
||||
if (proto.size() > 255) {
|
||||
LOG(FATAL) << "Too long ALPN identifier: " << proto.size();
|
||||
DIE();
|
||||
}
|
||||
|
||||
len += 1 + n;
|
||||
len += 1 + proto.size();
|
||||
}
|
||||
|
||||
if (len > (1 << 16) - 1) {
|
||||
|
|
@ -109,12 +107,10 @@ set_alpn_prefs(const std::vector<std::unique_ptr<char[]>> &protos) {
|
|||
auto out = std::vector<unsigned char>(len);
|
||||
auto ptr = out.data();
|
||||
|
||||
for (auto &proto : protos) {
|
||||
auto proto_len = strlen(proto.get());
|
||||
|
||||
*ptr++ = proto_len;
|
||||
memcpy(ptr, proto.get(), proto_len);
|
||||
ptr += proto_len;
|
||||
for (const auto &proto : protos) {
|
||||
*ptr++ = proto.size();
|
||||
memcpy(ptr, proto.c_str(), proto.size());
|
||||
ptr += proto.size();
|
||||
}
|
||||
|
||||
return out;
|
||||
|
|
@ -282,15 +278,14 @@ int alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
|
|||
// We assume that get_config()->npn_list contains ALPN protocol
|
||||
// identifier sorted by preference order. So we just break when we
|
||||
// found the first overlap.
|
||||
for (auto &target_proto_id : get_config()->npn_list) {
|
||||
auto target_proto_len = strlen(target_proto_id.get());
|
||||
|
||||
for (const auto &target_proto_id : get_config()->npn_list) {
|
||||
for (auto p = in, end = in + inlen; p < end;) {
|
||||
auto proto_id = p + 1;
|
||||
auto proto_len = *p;
|
||||
|
||||
if (proto_id + proto_len <= end && target_proto_len == proto_len &&
|
||||
memcmp(target_proto_id.get(), proto_id, proto_len) == 0) {
|
||||
if (proto_id + proto_len <= end &&
|
||||
util::streq(target_proto_id.c_str(), target_proto_id.size(), proto_id,
|
||||
proto_len)) {
|
||||
|
||||
*out = reinterpret_cast<const unsigned char *>(proto_id);
|
||||
*outlen = proto_len;
|
||||
|
|
@ -314,14 +309,13 @@ constexpr long int tls_masks[] = {SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_1,
|
|||
SSL_OP_NO_TLSv1};
|
||||
} // namespace
|
||||
|
||||
long int create_tls_proto_mask(
|
||||
const std::vector<std::unique_ptr<char[]>> &tls_proto_list) {
|
||||
long int create_tls_proto_mask(const std::vector<std::string> &tls_proto_list) {
|
||||
long int res = 0;
|
||||
|
||||
for (size_t i = 0; i < tls_namelen; ++i) {
|
||||
size_t j;
|
||||
for (j = 0; j < tls_proto_list.size(); ++j) {
|
||||
if (util::strieq(tls_names[i], tls_proto_list[j].get())) {
|
||||
if (util::strieq(tls_names[i], tls_proto_list[j])) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
|
@ -950,10 +944,10 @@ int cert_lookup_tree_add_cert_from_file(CertLookupTree *lt, SSL_CTX *ssl_ctx,
|
|||
return 0;
|
||||
}
|
||||
|
||||
bool in_proto_list(const std::vector<std::unique_ptr<char[]>> &protos,
|
||||
bool in_proto_list(const std::vector<std::string> &protos,
|
||||
const unsigned char *needle, size_t len) {
|
||||
for (auto &proto : protos) {
|
||||
if (strlen(proto.get()) == len && memcmp(proto.get(), needle, len) == 0) {
|
||||
if (util::streq(proto.c_str(), proto.size(), needle, len)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -140,7 +140,7 @@ int cert_lookup_tree_add_cert_from_file(CertLookupTree *lt, SSL_CTX *ssl_ctx,
|
|||
|
||||
// Returns true if |needle| which has |len| bytes is included in the
|
||||
// protocol list |protos|.
|
||||
bool in_proto_list(const std::vector<std::unique_ptr<char[]>> &protos,
|
||||
bool in_proto_list(const std::vector<std::string> &protos,
|
||||
const unsigned char *needle, size_t len);
|
||||
|
||||
// Returns true if security requirement for HTTP/2 is fulfilled.
|
||||
|
|
@ -149,11 +149,10 @@ bool check_http2_requirement(SSL *ssl);
|
|||
// Returns SSL/TLS option mask to disable SSL/TLS protocol version not
|
||||
// included in |tls_proto_list|. The returned mask can be directly
|
||||
// passed to SSL_CTX_set_options().
|
||||
long int create_tls_proto_mask(
|
||||
const std::vector<std::unique_ptr<char[]>> &tls_proto_list);
|
||||
long int create_tls_proto_mask(const std::vector<std::string> &tls_proto_list);
|
||||
|
||||
std::vector<unsigned char>
|
||||
set_alpn_prefs(const std::vector<std::unique_ptr<char[]>> &protos);
|
||||
set_alpn_prefs(const std::vector<std::string> &protos);
|
||||
|
||||
// Setups server side SSL_CTX. This function inspects get_config()
|
||||
// and if upstream_no_tls is true, returns nullptr. Otherwise
|
||||
|
|
|
|||
|
|
@ -349,6 +349,10 @@ inline bool strieq(const std::string &a, const std::string &b) {
|
|||
|
||||
bool strieq(const char *a, const char *b);
|
||||
|
||||
inline bool strieq(const char *a, const std::string &b) {
|
||||
return strieq(a, b.c_str(), b.size());
|
||||
}
|
||||
|
||||
template <typename InputIt, size_t N>
|
||||
bool strieq_l(const char (&a)[N], InputIt b, size_t blen) {
|
||||
return strieq(a, N - 1, b, blen);
|
||||
|
|
|
|||
Loading…
Reference in New Issue