nghttpx: Fix memory leak from CertLookupTree
This commit is contained in:
parent
97d8bb16e6
commit
aced5b3b6c
|
@ -202,8 +202,8 @@ void ConnectionHandler::worker_replace_downstream(
|
|||
}
|
||||
|
||||
int ConnectionHandler::create_single_worker() {
|
||||
auto cert_tree = ssl::create_cert_lookup_tree();
|
||||
auto sv_ssl_ctx = ssl::setup_server_ssl_context(all_ssl_ctx_, cert_tree
|
||||
cert_tree_ = ssl::create_cert_lookup_tree();
|
||||
auto sv_ssl_ctx = ssl::setup_server_ssl_context(all_ssl_ctx_, cert_tree_.get()
|
||||
#ifdef HAVE_NEVERBLEED
|
||||
,
|
||||
nb_.get()
|
||||
|
@ -234,7 +234,7 @@ int ConnectionHandler::create_single_worker() {
|
|||
}
|
||||
|
||||
single_worker_ = make_unique<Worker>(
|
||||
loop_, sv_ssl_ctx, cl_ssl_ctx, session_cache_ssl_ctx, cert_tree,
|
||||
loop_, sv_ssl_ctx, cl_ssl_ctx, session_cache_ssl_ctx, cert_tree_.get(),
|
||||
ticket_keys_, this, get_config()->conn.downstream);
|
||||
#ifdef HAVE_MRUBY
|
||||
if (single_worker_->create_mruby_context() != 0) {
|
||||
|
@ -249,8 +249,8 @@ int ConnectionHandler::create_worker_thread(size_t num) {
|
|||
#ifndef NOTHREADS
|
||||
assert(workers_.size() == 0);
|
||||
|
||||
auto cert_tree = ssl::create_cert_lookup_tree();
|
||||
auto sv_ssl_ctx = ssl::setup_server_ssl_context(all_ssl_ctx_, cert_tree
|
||||
cert_tree_ = ssl::create_cert_lookup_tree();
|
||||
auto sv_ssl_ctx = ssl::setup_server_ssl_context(all_ssl_ctx_, cert_tree_.get()
|
||||
#ifdef HAVE_NEVERBLEED
|
||||
,
|
||||
nb_.get()
|
||||
|
@ -289,7 +289,7 @@ int ConnectionHandler::create_worker_thread(size_t num) {
|
|||
all_ssl_ctx_.push_back(session_cache_ssl_ctx);
|
||||
}
|
||||
auto worker = make_unique<Worker>(
|
||||
loop, sv_ssl_ctx, cl_ssl_ctx, session_cache_ssl_ctx, cert_tree,
|
||||
loop, sv_ssl_ctx, cl_ssl_ctx, session_cache_ssl_ctx, cert_tree_.get(),
|
||||
ticket_keys_, this, get_config()->conn.downstream);
|
||||
#ifdef HAVE_MRUBY
|
||||
if (worker->create_mruby_context() != 0) {
|
||||
|
|
|
@ -61,6 +61,12 @@ struct TicketKeys;
|
|||
class MemcachedDispatcher;
|
||||
struct UpstreamAddr;
|
||||
|
||||
namespace ssl {
|
||||
|
||||
class CertLookupTree;
|
||||
|
||||
} // namespace ssl
|
||||
|
||||
struct OCSPUpdateContext {
|
||||
// ocsp response buffer
|
||||
std::vector<uint8_t> resp;
|
||||
|
@ -184,6 +190,7 @@ private:
|
|||
// Worker instance used when single threaded mode (-n1) is used.
|
||||
// Otherwise, nullptr and workers_ has instances of Worker instead.
|
||||
std::unique_ptr<Worker> single_worker_;
|
||||
std::unique_ptr<ssl::CertLookupTree> cert_tree_;
|
||||
std::unique_ptr<MemcachedDispatcher> tls_ticket_key_memcached_dispatcher_;
|
||||
// Current TLS session ticket keys. Note that TLS connection does
|
||||
// not refer to this field directly. They use TicketKeys object in
|
||||
|
|
|
@ -1444,11 +1444,11 @@ void setup_downstream_http1_alpn(SSL *ssl) {
|
|||
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
}
|
||||
|
||||
CertLookupTree *create_cert_lookup_tree() {
|
||||
std::unique_ptr<CertLookupTree> create_cert_lookup_tree() {
|
||||
if (!upstream_tls_enabled() || get_config()->tls.subcerts.empty()) {
|
||||
return nullptr;
|
||||
}
|
||||
return new ssl::CertLookupTree();
|
||||
return make_unique<CertLookupTree>();
|
||||
}
|
||||
|
||||
namespace {
|
||||
|
|
|
@ -212,7 +212,7 @@ void setup_downstream_http1_alpn(SSL *ssl);
|
|||
|
||||
// Creates CertLookupTree. If frontend is configured not to use TLS,
|
||||
// this function returns nullptr.
|
||||
CertLookupTree *create_cert_lookup_tree();
|
||||
std::unique_ptr<CertLookupTree> create_cert_lookup_tree();
|
||||
|
||||
SSL *create_ssl(SSL_CTX *ssl_ctx);
|
||||
|
||||
|
|
Loading…
Reference in New Issue