From 56e0803cae7355aa9265c34ece93424af186a2dd Mon Sep 17 00:00:00 2001 From: jyelon Date: Sat, 12 Mar 2022 14:56:33 -0500 Subject: [PATCH] Store SSL_CTX in UniqueSSLCTX --- luprex/core/cpp/driver-common.cpp | 34 ++++++++++++++++++------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/luprex/core/cpp/driver-common.cpp b/luprex/core/cpp/driver-common.cpp index 49629a33..f9f98f67 100644 --- a/luprex/core/cpp/driver-common.cpp +++ b/luprex/core/cpp/driver-common.cpp @@ -39,8 +39,15 @@ static std::string_view read_file(const char *fn, char *buf, int bufsize, std::s return std::string_view(buf, nread); } +struct SSL_CTX_Deleter { + void operator()(SSL_CTX *ctx) { + SSL_CTX_free(ctx); + } +}; -static SSL_CTX *new_ssl_context(bool server_cert, bool root_certs, std::string_view require_cert) { +using UniqueSSLCTX = std::unique_ptr; + +static UniqueSSLCTX new_ssl_context(bool server_cert, bool root_certs, std::string_view require_cert) { SSL_CTX *ctx = SSL_CTX_new(TLS_method()); SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); @@ -51,9 +58,12 @@ static SSL_CTX *new_ssl_context(bool server_cert, bool root_certs, std::string_v SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); } // require_cert is not implemented yet. - return ctx; + return UniqueSSLCTX(ctx); } + + + static std::string err_print_errors_str() { BIO *bio = BIO_new(BIO_s_mem()); ERR_print_errors(bio); @@ -119,9 +129,9 @@ public: std::unique_ptr pollvec_; drv::ReplayRecorder recorder_; - SSL_CTX *ssl_ctx_with_root_certs_; - SSL_CTX *ssl_ctx_with_server_certs_; - SSL_CTX *ssl_ctx_with_no_certs_; + UniqueSSLCTX ssl_ctx_with_root_certs_; + UniqueSSLCTX ssl_ctx_with_server_certs_; + UniqueSSLCTX ssl_ctx_with_no_certs_; void handle_listen_ports() { @@ -242,7 +252,7 @@ public: recorder_.drv_notify_close(chid, err); } else { //std::cerr << "Opening channel " << chid << std::endl; - make_channel(sock, chid, ssl_ctx_with_no_certs_, CHAN_SSL_CONNECTING); + make_channel(sock, chid, ssl_ctx_with_no_certs_.get(), CHAN_SSL_CONNECTING); } } if (!chans.empty()) { @@ -257,7 +267,7 @@ public: if (socket != INVALID_SOCKET) { int chid = recorder_.drv_notify_accept(port); // std::cerr << "Accepted channel " << chid << std::endl; - make_channel(socket, chid, ssl_ctx_with_server_certs_, CHAN_SSL_ACCEPTING); + make_channel(socket, chid, ssl_ctx_with_server_certs_.get(), CHAN_SSL_ACCEPTING); } } @@ -545,12 +555,12 @@ public: ssl_ctx_with_server_certs_ = new_ssl_context(true, false, ""); ssl_ctx_with_no_certs_ = new_ssl_context(false, false, ""); - if (ssl_ctx_use_certificate_str(ssl_ctx_with_server_certs_, dummycert::certificate) <= 0) { + if (ssl_ctx_use_certificate_str(ssl_ctx_with_server_certs_.get(), dummycert::certificate) <= 0) { ERR_print_errors_fp(stderr); return 1; } - if (ssl_ctx_use_privatekey_str(ssl_ctx_with_server_certs_, dummycert::privatekey) <= 0 ) { + if (ssl_ctx_use_privatekey_str(ssl_ctx_with_server_certs_.get(), dummycert::privatekey) <= 0 ) { ERR_print_errors_fp(stderr); return 1; } @@ -572,13 +582,9 @@ public: for (ChanInfo &chan : chans_) { close_channel(chan, ""); } - SSL_CTX_free(ssl_ctx_with_no_certs_); - SSL_CTX_free(ssl_ctx_with_root_certs_); - SSL_CTX_free(ssl_ctx_with_server_certs_); + DrivenEngine::set(nullptr); - recorder_.clean_exit(); - return 0; } };