nghttpx: Fix memory leak from CertLookupTree
This commit is contained in:
parent
97d8bb16e6
commit
aced5b3b6c
|
@ -202,8 +202,8 @@ void ConnectionHandler::worker_replace_downstream(
|
||||||
}
|
}
|
||||||
|
|
||||||
int ConnectionHandler::create_single_worker() {
|
int ConnectionHandler::create_single_worker() {
|
||||||
auto cert_tree = ssl::create_cert_lookup_tree();
|
cert_tree_ = ssl::create_cert_lookup_tree();
|
||||||
auto sv_ssl_ctx = ssl::setup_server_ssl_context(all_ssl_ctx_, cert_tree
|
auto sv_ssl_ctx = ssl::setup_server_ssl_context(all_ssl_ctx_, cert_tree_.get()
|
||||||
#ifdef HAVE_NEVERBLEED
|
#ifdef HAVE_NEVERBLEED
|
||||||
,
|
,
|
||||||
nb_.get()
|
nb_.get()
|
||||||
|
@ -234,7 +234,7 @@ int ConnectionHandler::create_single_worker() {
|
||||||
}
|
}
|
||||||
|
|
||||||
single_worker_ = make_unique<Worker>(
|
single_worker_ = make_unique<Worker>(
|
||||||
loop_, sv_ssl_ctx, cl_ssl_ctx, session_cache_ssl_ctx, cert_tree,
|
loop_, sv_ssl_ctx, cl_ssl_ctx, session_cache_ssl_ctx, cert_tree_.get(),
|
||||||
ticket_keys_, this, get_config()->conn.downstream);
|
ticket_keys_, this, get_config()->conn.downstream);
|
||||||
#ifdef HAVE_MRUBY
|
#ifdef HAVE_MRUBY
|
||||||
if (single_worker_->create_mruby_context() != 0) {
|
if (single_worker_->create_mruby_context() != 0) {
|
||||||
|
@ -249,8 +249,8 @@ int ConnectionHandler::create_worker_thread(size_t num) {
|
||||||
#ifndef NOTHREADS
|
#ifndef NOTHREADS
|
||||||
assert(workers_.size() == 0);
|
assert(workers_.size() == 0);
|
||||||
|
|
||||||
auto cert_tree = ssl::create_cert_lookup_tree();
|
cert_tree_ = ssl::create_cert_lookup_tree();
|
||||||
auto sv_ssl_ctx = ssl::setup_server_ssl_context(all_ssl_ctx_, cert_tree
|
auto sv_ssl_ctx = ssl::setup_server_ssl_context(all_ssl_ctx_, cert_tree_.get()
|
||||||
#ifdef HAVE_NEVERBLEED
|
#ifdef HAVE_NEVERBLEED
|
||||||
,
|
,
|
||||||
nb_.get()
|
nb_.get()
|
||||||
|
@ -289,7 +289,7 @@ int ConnectionHandler::create_worker_thread(size_t num) {
|
||||||
all_ssl_ctx_.push_back(session_cache_ssl_ctx);
|
all_ssl_ctx_.push_back(session_cache_ssl_ctx);
|
||||||
}
|
}
|
||||||
auto worker = make_unique<Worker>(
|
auto worker = make_unique<Worker>(
|
||||||
loop, sv_ssl_ctx, cl_ssl_ctx, session_cache_ssl_ctx, cert_tree,
|
loop, sv_ssl_ctx, cl_ssl_ctx, session_cache_ssl_ctx, cert_tree_.get(),
|
||||||
ticket_keys_, this, get_config()->conn.downstream);
|
ticket_keys_, this, get_config()->conn.downstream);
|
||||||
#ifdef HAVE_MRUBY
|
#ifdef HAVE_MRUBY
|
||||||
if (worker->create_mruby_context() != 0) {
|
if (worker->create_mruby_context() != 0) {
|
||||||
|
|
|
@ -61,6 +61,12 @@ struct TicketKeys;
|
||||||
class MemcachedDispatcher;
|
class MemcachedDispatcher;
|
||||||
struct UpstreamAddr;
|
struct UpstreamAddr;
|
||||||
|
|
||||||
|
namespace ssl {
|
||||||
|
|
||||||
|
class CertLookupTree;
|
||||||
|
|
||||||
|
} // namespace ssl
|
||||||
|
|
||||||
struct OCSPUpdateContext {
|
struct OCSPUpdateContext {
|
||||||
// ocsp response buffer
|
// ocsp response buffer
|
||||||
std::vector<uint8_t> resp;
|
std::vector<uint8_t> resp;
|
||||||
|
@ -184,6 +190,7 @@ private:
|
||||||
// Worker instance used when single threaded mode (-n1) is used.
|
// Worker instance used when single threaded mode (-n1) is used.
|
||||||
// Otherwise, nullptr and workers_ has instances of Worker instead.
|
// Otherwise, nullptr and workers_ has instances of Worker instead.
|
||||||
std::unique_ptr<Worker> single_worker_;
|
std::unique_ptr<Worker> single_worker_;
|
||||||
|
std::unique_ptr<ssl::CertLookupTree> cert_tree_;
|
||||||
std::unique_ptr<MemcachedDispatcher> tls_ticket_key_memcached_dispatcher_;
|
std::unique_ptr<MemcachedDispatcher> tls_ticket_key_memcached_dispatcher_;
|
||||||
// Current TLS session ticket keys. Note that TLS connection does
|
// Current TLS session ticket keys. Note that TLS connection does
|
||||||
// not refer to this field directly. They use TicketKeys object in
|
// not refer to this field directly. They use TicketKeys object in
|
||||||
|
|
|
@ -1444,11 +1444,11 @@ void setup_downstream_http1_alpn(SSL *ssl) {
|
||||||
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
|
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||||
}
|
}
|
||||||
|
|
||||||
CertLookupTree *create_cert_lookup_tree() {
|
std::unique_ptr<CertLookupTree> create_cert_lookup_tree() {
|
||||||
if (!upstream_tls_enabled() || get_config()->tls.subcerts.empty()) {
|
if (!upstream_tls_enabled() || get_config()->tls.subcerts.empty()) {
|
||||||
return nullptr;
|
return nullptr;
|
||||||
}
|
}
|
||||||
return new ssl::CertLookupTree();
|
return make_unique<CertLookupTree>();
|
||||||
}
|
}
|
||||||
|
|
||||||
namespace {
|
namespace {
|
||||||
|
|
|
@ -212,7 +212,7 @@ void setup_downstream_http1_alpn(SSL *ssl);
|
||||||
|
|
||||||
// Creates CertLookupTree. If frontend is configured not to use TLS,
|
// Creates CertLookupTree. If frontend is configured not to use TLS,
|
||||||
// this function returns nullptr.
|
// this function returns nullptr.
|
||||||
CertLookupTree *create_cert_lookup_tree();
|
std::unique_ptr<CertLookupTree> create_cert_lookup_tree();
|
||||||
|
|
||||||
SSL *create_ssl(SSL_CTX *ssl_ctx);
|
SSL *create_ssl(SSL_CTX *ssl_ctx);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue