nghttpx: Fix bug that old config is used during reloading config

src/shrpx-unittest.cc

@@ -45,6 +45,7 @@
 #include "shrpx_config.h"
 #include "ssl.h"
 #include "shrpx_router_test.h"
+#include "shrpx_log.h"
 
 static int init_suite1(void) { return 0; }
 

src/shrpx.cc

@@ -85,6 +85,7 @@
 #include "shrpx_process.h"
 #include "shrpx_signal.h"
 #include "shrpx_connection.h"
+#include "shrpx_log.h"
 #include "util.h"
 #include "app_helper.h"
 #include "ssl.h"
@@ -299,13 +300,6 @@ int worker_process_last_pid() {
 }
 } // namespace
 
-namespace {
-int chown_to_running_user(const char *path) {
-  auto config = get_config();
-  return chown(path, config->uid, config->gid);
-}
-} // namespace
-
 namespace {
 int save_pid() {
   std::array<char, STRERROR_BUFSIZE> errbuf;
@@ -361,7 +355,7 @@ int save_pid() {
   }
 
   if (config->uid != 0) {
-    if (chown_to_running_user(pid_file.c_str()) == -1) {
+    if (chown(pid_file.c_str(), config->uid, config->gid) == -1) {
       auto error = errno;
       LOG(WARN) << "Changing owner of pid file " << pid_file << " failed: "
                 << xsi_strerror(error, errbuf.data(), errbuf.size());
@@ -558,8 +552,11 @@ namespace {
 void reopen_log(WorkerProcess *wp) {
   LOG(NOTICE) << "Reopening log files: master process";
 
-  (void)reopen_log_files();
+  auto config = get_config();
-  redirect_stderr_to_errorlog();
+  auto &loggingconf = config->logging;
+
+  (void)reopen_log_files(loggingconf);
+  redirect_stderr_to_errorlog(loggingconf);
   ipc_send(wp, SHRPX_IPC_REOPEN_LOG);
 }
 } // namespace
@@ -1112,7 +1109,7 @@ int create_acceptor_socket(Config *config, std::vector<InheritedAddr> &iaddrs) {
       if (config->uid != 0) {
         // fd is not associated to inode, so we cannot use fchown(2)
         // here.  https://lkml.org/lkml/2004/11/1/84
-        if (chown_to_running_user(addr.host.c_str()) == -1) {
+        if (chown(addr.host.c_str(), config->uid, config->gid) == -1) {
           auto error = errno;
           LOG(WARN) << "Changing owner of UNIX domain socket " << addr.host
                     << " failed: "
@@ -1297,7 +1294,7 @@ int event_loop() {
 
     // daemon redirects stderr file descriptor to /dev/null, so we
     // need this.
-    redirect_stderr_to_errorlog();
+    redirect_stderr_to_errorlog(config->logging);
   }
 
   // update systemd PID tracking
@@ -2646,7 +2643,7 @@ int process_options(Config *config,
   }
 
   // Reopen log files using configurations in file
-  reopen_log_files();
+  reopen_log_files(config->logging);
 
   {
     std::set<StringRef> include_set;
@@ -2668,12 +2665,12 @@ int process_options(Config *config,
             loggingconf.syslog_facility);
   }
 
-  if (reopen_log_files() != 0) {
+  if (reopen_log_files(config->logging) != 0) {
     LOG(FATAL) << "Failed to open log file";
     return -1;
   }
 
-  redirect_stderr_to_errorlog();
+  redirect_stderr_to_errorlog(loggingconf);
 
   if (config->uid != 0) {
     if (log_config()->accesslog_fd != -1 &&
@@ -2707,7 +2704,7 @@ int process_options(Config *config,
       dumpconf.request_header = f;
 
       if (config->uid != 0) {
-        if (chown_to_running_user(path) == -1) {
+        if (chown(path, config->uid, config->gid) == -1) {
           auto error = errno;
           LOG(WARN) << "Changing owner of http2 upstream request header file "
                     << path << " failed: "
@@ -2729,7 +2726,7 @@ int process_options(Config *config,
       dumpconf.response_header = f;
 
       if (config->uid != 0) {
-        if (chown_to_running_user(path) == -1) {
+        if (chown(path, config->uid, config->gid) == -1) {
           auto error = errno;
           LOG(WARN) << "Changing owner of http2 upstream response header file"
                     << " " << path << " failed: "
@@ -2781,14 +2778,14 @@ int process_options(Config *config,
     upstreamconf.worker_connections = std::numeric_limits<size_t>::max();
   }
 
-  if (ssl::upstream_tls_enabled() &&
+  if (ssl::upstream_tls_enabled(config->conn) &&
       (tlsconf.private_key_file.empty() || tlsconf.cert_file.empty())) {
     print_usage(std::cerr);
     LOG(FATAL) << "Too few arguments";
     return -1;
   }
 
-  if (ssl::upstream_tls_enabled() && !tlsconf.ocsp.disabled) {
+  if (ssl::upstream_tls_enabled(config->conn) && !tlsconf.ocsp.disabled) {
     struct stat buf;
     if (stat(tlsconf.ocsp.fetch_ocsp_response_file.c_str(), &buf) != 0) {
       tlsconf.ocsp.disabled = true;
@@ -3005,7 +3002,7 @@ int main(int argc, char **argv) {
 
   // First open log files with default configuration, so that we can
   // log errors/warnings while reading configuration files.
-  reopen_log_files();
+  reopen_log_files(get_config()->logging);
 
   suconfig.original_argv = argv;
 

src/shrpx.h

@@ -42,8 +42,6 @@
 #define nghttp2_Exit(status) _Exit(status)
 #endif // HAVE__EXIT
 
-#include "shrpx_log.h"
-
 #define DIE() nghttp2_Exit(EXIT_FAILURE)
 
 #if defined(HAVE_DECL_INITGROUPS) && !HAVE_DECL_INITGROUPS

src/shrpx_accept_handler.cc

@@ -32,6 +32,7 @@
 
 #include "shrpx_connection_handler.h"
 #include "shrpx_config.h"
+#include "shrpx_log.h"
 #include "util.h"
 
 using namespace nghttp2;

src/shrpx_api_downstream_connection.cc

@@ -29,6 +29,7 @@
 #include "shrpx_downstream.h"
 #include "shrpx_worker.h"
 #include "shrpx_connection_handler.h"
+#include "shrpx_log.h"
 
 namespace shrpx {
 

src/shrpx_client_handler.cc

@@ -50,6 +50,7 @@
 #include "shrpx_connect_blocker.h"
 #include "shrpx_api_downstream_connection.h"
 #include "shrpx_health_monitor_downstream_connection.h"
+#include "shrpx_log.h"
 #ifdef HAVE_SPDYLAY
 #include "shrpx_spdy_upstream.h"
 #endif // HAVE_SPDYLAY

src/shrpx_client_handler.h

@@ -49,6 +49,7 @@ class HttpsUpstream;
 class ConnectBlocker;
 class DownstreamConnectionPool;
 class Worker;
+class Downstream;
 struct WorkerStat;
 struct DownstreamAddrGroup;
 struct DownstreamAddr;

src/shrpx_config_test.cc

@@ -33,6 +33,7 @@
 #include <CUnit/CUnit.h>
 
 #include "shrpx_config.h"
+#include "shrpx_log.h"
 
 namespace shrpx {
 

src/shrpx_connect_blocker.cc

@@ -24,6 +24,7 @@
  */
 #include "shrpx_connect_blocker.h"
 #include "shrpx_config.h"
+#include "shrpx_log.h"
 
 namespace shrpx {
 

src/shrpx_connect_blocker.h

@@ -28,6 +28,7 @@
 #include "shrpx.h"
 
 #include <random>
+#include <functional>
 
 #include <ev.h>
 

src/shrpx_connection.cc

@@ -35,6 +35,7 @@
 
 #include "shrpx_ssl.h"
 #include "shrpx_memcached_request.h"
+#include "shrpx_log.h"
 #include "memchunk.h"
 #include "util.h"
 #include "ssl_compat.h"

src/shrpx_connection_handler.cc

@@ -44,6 +44,7 @@
 #include "shrpx_accept_handler.h"
 #include "shrpx_memcached_dispatcher.h"
 #include "shrpx_signal.h"
+#include "shrpx_log.h"
 #include "util.h"
 #include "template.h"
 
@@ -351,7 +352,7 @@ void ConnectionHandler::graceful_shutdown_worker() {
   ev_async_start(loop_, &thread_join_asyncev_);
 
   thread_join_fut_ = std::async(std::launch::async, [this]() {
-    (void)reopen_log_files();
+    (void)reopen_log_files(get_config()->logging);
     join_worker();
     ev_async_send(get_loop(), &thread_join_asyncev_);
     delete_log_config();

src/shrpx_dns_tracker.cc

@@ -24,6 +24,7 @@
  */
 #include "shrpx_dns_tracker.h"
 #include "shrpx_config.h"
+#include "shrpx_log.h"
 #include "util.h"
 
 namespace shrpx {

src/shrpx_downstream.cc

@@ -36,6 +36,7 @@
 #include "shrpx_downstream_queue.h"
 #include "shrpx_worker.h"
 #include "shrpx_http2_session.h"
+#include "shrpx_log.h"
 #ifdef HAVE_MRUBY
 #include "shrpx_mruby.h"
 #endif // HAVE_MRUBY

src/shrpx_downstream.h

@@ -38,6 +38,7 @@
 #include <nghttp2/nghttp2.h>
 
 #include "shrpx_io_control.h"
+#include "shrpx_log_config.h"
 #include "http2.h"
 #include "memchunk.h"
 #include "allocator.h"

src/shrpx_downstream_connection.cc

@@ -26,6 +26,7 @@
 
 #include "shrpx_client_handler.h"
 #include "shrpx_downstream.h"
+#include "shrpx_log.h"
 
 namespace shrpx {
 

src/shrpx_downstream_connection.h

@@ -27,6 +27,8 @@
 
 #include "shrpx.h"
 
+#include <memory>
+
 #include "shrpx_io_control.h"
 
 namespace shrpx {

src/shrpx_exec.cc

@@ -27,6 +27,7 @@
 #include <cerrno>
 
 #include "shrpx_signal.h"
+#include "shrpx_log.h"
 #include "util.h"
 #include "template.h"
 

src/shrpx_health_monitor_downstream_connection.cc

@@ -27,7 +27,7 @@
 #include "shrpx_client_handler.h"
 #include "shrpx_upstream.h"
 #include "shrpx_downstream.h"
-//#include "shrpx_connection_handler.h"
+#include "shrpx_log.h"
 
 namespace shrpx {
 

src/shrpx_http.h

@@ -34,6 +34,8 @@
 #include "util.h"
 #include "allocator.h"
 
+using namespace nghttp2;
+
 namespace shrpx {
 
 namespace http {

src/shrpx_http2_downstream_connection.cc

@@ -38,6 +38,7 @@
 #include "shrpx_http.h"
 #include "shrpx_http2_session.h"
 #include "shrpx_worker.h"
+#include "shrpx_log.h"
 #include "http2.h"
 #include "util.h"
 

src/shrpx_http2_session.cc

@@ -43,6 +43,7 @@
 #include "shrpx_http.h"
 #include "shrpx_worker.h"
 #include "shrpx_connect_blocker.h"
+#include "shrpx_log.h"
 #include "http2.h"
 #include "util.h"
 #include "base64.h"

src/shrpx_http2_session.h

@@ -48,6 +48,7 @@ namespace shrpx {
 
 class Http2DownstreamConnection;
 class Worker;
+class Downstream;
 struct DownstreamAddrGroup;
 struct DownstreamAddr;
 struct DNSQuery;

src/shrpx_http2_upstream.cc

@@ -37,6 +37,7 @@
 #include "shrpx_http.h"
 #include "shrpx_worker.h"
 #include "shrpx_http2_session.h"
+#include "shrpx_log.h"
 #ifdef HAVE_MRUBY
 #include "shrpx_mruby.h"
 #endif // HAVE_MRUBY

src/shrpx_http_downstream_connection.cc

@@ -36,6 +36,7 @@
 #include "shrpx_worker.h"
 #include "shrpx_http2_session.h"
 #include "shrpx_ssl.h"
+#include "shrpx_log.h"
 #include "http2.h"
 #include "util.h"
 

src/shrpx_http_test.cc

@@ -34,6 +34,7 @@
 
 #include "shrpx_http.h"
 #include "shrpx_config.h"
+#include "shrpx_log.h"
 
 namespace shrpx {
 

src/shrpx_https_upstream.cc

@@ -37,6 +37,7 @@
 #include "shrpx_log_config.h"
 #include "shrpx_worker.h"
 #include "shrpx_http2_session.h"
+#include "shrpx_log.h"
 #ifdef HAVE_MRUBY
 #include "shrpx_mruby.h"
 #endif // HAVE_MRUBY

src/shrpx_live_check.cc

@@ -26,6 +26,7 @@
 #include "shrpx_worker.h"
 #include "shrpx_connect_blocker.h"
 #include "shrpx_ssl.h"
+#include "shrpx_log.h"
 
 namespace shrpx {
 

src/shrpx_log.cc

@@ -456,15 +456,14 @@ void upstream_accesslog(const std::vector<LogFragment> &lfv,
     ;
 }
 
-int reopen_log_files() {
+int reopen_log_files(const LoggingConfig &loggingconf) {
   int res = 0;
   int new_accesslog_fd = -1;
   int new_errorlog_fd = -1;
 
   auto lgconf = log_config();
-  auto config = get_config();
+  auto &accessconf = loggingconf.access;
-  auto &accessconf = config->logging.access;
+  auto &errorconf = loggingconf.error;
-  auto &errorconf = config->logging.error;
 
   if (!accessconf.syslog && !accessconf.file.empty()) {
     new_accesslog_fd = open_log_file(accessconf.file.c_str());
@@ -524,9 +523,9 @@ void log_chld(pid_t pid, int rstatus, const char *msg) {
               << (signalstr.empty() ? "" : signalstr.c_str());
 }
 
-void redirect_stderr_to_errorlog() {
+void redirect_stderr_to_errorlog(const LoggingConfig &loggingconf) {
   auto lgconf = log_config();
-  auto &errorconf = get_config()->logging.error;
+  auto &errorconf = loggingconf.error;
 
   if (errorconf.syslog || lgconf->errorlog_fd == -1) {
     return;

src/shrpx_log.h

@@ -34,6 +34,7 @@
 #include <vector>
 #include <chrono>
 
+#include "shrpx_config.h"
 #include "shrpx_log_config.h"
 #include "ssl.h"
 #include "template.h"
@@ -157,13 +158,13 @@ struct LogSpec {
 void upstream_accesslog(const std::vector<LogFragment> &lf,
                         const LogSpec &lgsp);
 
-int reopen_log_files();
+int reopen_log_files(const LoggingConfig &loggingconf);
 
 // Logs message when process whose pid is |pid| and exist status is
 // |rstatus| exited.  The |msg| is prepended to the log message.
 void log_chld(pid_t pid, int rstatus, const char *msg);
 
-void redirect_stderr_to_errorlog();
+void redirect_stderr_to_errorlog(const LoggingConfig &loggingconf);
 
 // Makes internal copy of stderr (and possibly stdout in the future),
 // which is then used as pointer to /dev/stderr or /proc/self/fd/2

src/shrpx_memcached_connection.cc

@@ -33,6 +33,7 @@
 #include "shrpx_memcached_result.h"
 #include "shrpx_config.h"
 #include "shrpx_ssl.h"
+#include "shrpx_log.h"
 #include "util.h"
 
 namespace shrpx {

src/shrpx_memcached_dispatcher.cc

@@ -27,6 +27,7 @@
 #include "shrpx_memcached_request.h"
 #include "shrpx_memcached_connection.h"
 #include "shrpx_config.h"
+#include "shrpx_log.h"
 
 namespace shrpx {
 

src/shrpx_memcached_dispatcher.h

@@ -37,6 +37,8 @@
 #include "memchunk.h"
 #include "network.h"
 
+using namespace nghttp2;
+
 namespace shrpx {
 
 struct MemcachedRequest;

src/shrpx_mruby.cc

@@ -31,6 +31,7 @@
 #include "shrpx_config.h"
 #include "shrpx_mruby_module.h"
 #include "shrpx_downstream_connection.h"
+#include "shrpx_log.h"
 
 namespace shrpx {
 

src/shrpx_mruby.h

@@ -38,6 +38,8 @@ using namespace nghttp2;
 
 namespace shrpx {
 
+class Downstream;
+
 namespace mruby {
 
 class MRubyContext {

src/shrpx_mruby_module_env.cc

@@ -33,6 +33,7 @@
 #include "shrpx_client_handler.h"
 #include "shrpx_mruby.h"
 #include "shrpx_mruby_module.h"
+#include "shrpx_log.h"
 
 namespace shrpx {
 

src/shrpx_mruby_module_env.h

@@ -29,8 +29,6 @@
 
 #include <mruby.h>
 
-using namespace nghttp2;
-
 namespace shrpx {
 
 namespace mruby {

src/shrpx_mruby_module_request.cc

@@ -34,6 +34,7 @@
 #include "shrpx_client_handler.h"
 #include "shrpx_mruby.h"
 #include "shrpx_mruby_module.h"
+#include "shrpx_log.h"
 #include "util.h"
 #include "http2.h"
 

src/shrpx_mruby_module_request.h

@@ -29,8 +29,6 @@
 
 #include <mruby.h>
 
-using namespace nghttp2;
-
 namespace shrpx {
 
 namespace mruby {

src/shrpx_mruby_module_response.cc

@@ -34,6 +34,7 @@
 #include "shrpx_client_handler.h"
 #include "shrpx_mruby.h"
 #include "shrpx_mruby_module.h"
+#include "shrpx_log.h"
 #include "util.h"
 #include "http2.h"
 

src/shrpx_mruby_module_response.h

@@ -29,8 +29,6 @@
 
 #include <mruby.h>
 
-using namespace nghttp2;
-
 namespace shrpx {
 
 namespace mruby {

src/shrpx_rate_limit.cc

@@ -27,6 +27,7 @@
 #include <limits>
 
 #include "shrpx_connection.h"
+#include "shrpx_log.h"
 
 namespace shrpx {
 

src/shrpx_router.cc

@@ -27,6 +27,7 @@
 #include <algorithm>
 
 #include "shrpx_config.h"
+#include "shrpx_log.h"
 
 namespace shrpx {
 

src/shrpx_router.h

@@ -32,6 +32,8 @@
 
 #include "allocator.h"
 
+using namespace nghttp2;
+
 namespace shrpx {
 
 struct RNode {

src/shrpx_signal.cc

@@ -26,6 +26,7 @@
 
 #include <cerrno>
 
+#include "shrpx_log.h"
 #include "template.h"
 
 using namespace nghttp2;

src/shrpx_spdy_upstream.cc

@@ -41,6 +41,7 @@
 #endif // HAVE_MRUBY
 #include "shrpx_worker.h"
 #include "shrpx_http2_session.h"
+#include "shrpx_log.h"
 #include "http2.h"
 #include "util.h"
 #include "template.h"

src/shrpx_ssl.cc

@@ -1525,8 +1525,8 @@ bool in_proto_list(const std::vector<StringRef> &protos,
   return false;
 }
 
-bool upstream_tls_enabled() {
+bool upstream_tls_enabled(const ConnectionConfig &connconf) {
-  const auto &faddrs = get_config()->conn.listener.addrs;
+  const auto &faddrs = connconf.listener.addrs;
   return std::any_of(std::begin(faddrs), std::end(faddrs),
                      [](const UpstreamAddr &faddr) { return faddr.tls; });
 }
@@ -1560,11 +1560,13 @@ setup_server_ssl_context(std::vector<SSL_CTX *> &all_ssl_ctx,
                          neverbleed_t *nb
 #endif // HAVE_NEVERBLEED
                          ) {
-  if (!upstream_tls_enabled()) {
+  auto config = get_config();
+
+  if (!upstream_tls_enabled(config->conn)) {
     return nullptr;
   }
 
-  auto &tlsconf = get_config()->tls;
+  auto &tlsconf = config->tls;
 
   auto ssl_ctx =
       ssl::create_ssl_context(tlsconf.private_key_file.c_str(),
@@ -1644,7 +1646,8 @@ void setup_downstream_http1_alpn(SSL *ssl) {
 }
 
 std::unique_ptr<CertLookupTree> create_cert_lookup_tree() {
-  if (!upstream_tls_enabled() || get_config()->tls.subcerts.empty()) {
+  auto config = get_config();
+  if (!upstream_tls_enabled(config->conn) || config->tls.subcerts.empty()) {
     return nullptr;
   }
   return make_unique<CertLookupTree>();

src/shrpx_ssl.h

@@ -40,6 +40,7 @@
 #endif // HAVE_NEVERBLEED
 
 #include "network.h"
+#include "shrpx_config.h"
 #include "shrpx_router.h"
 
 namespace shrpx {
@@ -235,7 +236,7 @@ std::unique_ptr<CertLookupTree> create_cert_lookup_tree();
 SSL *create_ssl(SSL_CTX *ssl_ctx);
 
 // Returns true if SSL/TLS is enabled on upstream
-bool upstream_tls_enabled();
+bool upstream_tls_enabled(const ConnectionConfig &connconf);
 
 // Performs TLS hostname match.  |pattern| can contain wildcard
 // character '*', which matches prefix of target hostname.  There are

src/shrpx_ssl_test.cc

@@ -27,6 +27,7 @@
 #include <CUnit/CUnit.h>
 
 #include "shrpx_ssl.h"
+#include "shrpx_log.h"
 #include "util.h"
 #include "template.h"
 

src/shrpx_worker.cc

@@ -311,7 +311,7 @@ void Worker::wait() {
 void Worker::run_async() {
 #ifndef NOTHREADS
   fut_ = std::async(std::launch::async, [this] {
-    (void)reopen_log_files();
+    (void)reopen_log_files(get_config()->logging);
     ev_run(loop_);
     delete_log_config();
   });
@@ -349,7 +349,9 @@ void Worker::process_events() {
 
   ev_timer_start(loop_, &proc_wev_timer_);
 
-  auto worker_connections = get_config()->conn.upstream.worker_connections;
+  auto config = get_config();
+
+  auto worker_connections = config->conn.upstream.worker_connections;
 
   switch (wev.type) {
   case NEW_CONNECTION: {
@@ -390,7 +392,7 @@ void Worker::process_events() {
     WLOG(NOTICE, this) << "Reopening log files: worker process (thread " << this
                        << ")";
 
-    reopen_log_files();
+    reopen_log_files(config->logging);
 
     break;
   case GRACEFUL_SHUTDOWN:

src/shrpx_worker_process.cc

@@ -52,6 +52,7 @@
 #include "shrpx_memcached_request.h"
 #include "shrpx_process.h"
 #include "shrpx_ssl.h"
+#include "shrpx_log.h"
 #include "util.h"
 #include "app_helper.h"
 #include "template.h"
@@ -137,8 +138,11 @@ namespace {
 void reopen_log(ConnectionHandler *conn_handler) {
   LOG(NOTICE) << "Reopening log files: worker process (thread main)";
 
-  (void)reopen_log_files();
+  auto config = get_config();
-  redirect_stderr_to_errorlog();
+  auto &loggingconf = config->logging;
+
+  (void)reopen_log_files(loggingconf);
+  redirect_stderr_to_errorlog(loggingconf);
 
   if (get_config()->num_worker > 1) {
     conn_handler->worker_reopen_log_files();
@@ -399,7 +403,9 @@ int worker_process_event_loop(WorkerProcessConfig *wpconf) {
   std::array<char, STRERROR_BUFSIZE> errbuf;
   (void)errbuf;
 
-  if (reopen_log_files() != 0) {
+  auto config = get_config();
+
+  if (reopen_log_files(config->logging) != 0) {
     LOG(FATAL) << "Failed to open log file";
     return -1;
   }
@@ -416,8 +422,6 @@ int worker_process_event_loop(WorkerProcessConfig *wpconf) {
 
   ConnectionHandler conn_handler(loop, gen);
 
-  auto config = get_config();
-
   for (auto &addr : config->conn.listener.addrs) {
     conn_handler.add_acceptor(make_unique<AcceptHandler>(&addr, &conn_handler));
   }
@@ -450,7 +454,7 @@ int worker_process_event_loop(WorkerProcessConfig *wpconf) {
   MemchunkPool mcpool;
 
   ev_timer renew_ticket_key_timer;
-  if (ssl::upstream_tls_enabled()) {
+  if (ssl::upstream_tls_enabled(config->conn)) {
     auto &ticketconf = config->tls.ticket;
     auto &memcachedconf = ticketconf.memcached;
 
@@ -549,7 +553,7 @@ int worker_process_event_loop(WorkerProcessConfig *wpconf) {
   ipcev.data = &conn_handler;
   ev_io_start(loop, &ipcev);
 
-  if (ssl::upstream_tls_enabled() && !config->tls.ocsp.disabled) {
+  if (ssl::upstream_tls_enabled(config->conn) && !config->tls.ocsp.disabled) {
     conn_handler.proceed_next_cert_ocsp();
   }
 

src/shrpx_worker_process.h

@@ -27,8 +27,6 @@
 
 #include "shrpx.h"
 
-using namespace nghttp2;
-
 namespace shrpx {
 
 class ConnectionHandler;

src/shrpx_worker_test.cc

@@ -34,6 +34,7 @@
 
 #include "shrpx_worker.h"
 #include "shrpx_connect_blocker.h"
+#include "shrpx_log.h"
 
 namespace shrpx {