Store SSL_CTX in UniqueSSLCTX

luprex/core/cpp/driver-common.cpp

@@ -39,8 +39,15 @@ static std::string_view read_file(const char *fn, char *buf, int bufsize, std::s
     return std::string_view(buf, nread);
 }
 
+struct SSL_CTX_Deleter {
+    void operator()(SSL_CTX *ctx) {
+        SSL_CTX_free(ctx);
+    }
+};
 
-static SSL_CTX *new_ssl_context(bool server_cert, bool root_certs, std::string_view require_cert) {
+using UniqueSSLCTX = std::unique_ptr<SSL_CTX, SSL_CTX_Deleter>;
+
+static UniqueSSLCTX new_ssl_context(bool server_cert, bool root_certs, std::string_view require_cert) {
     SSL_CTX *ctx = SSL_CTX_new(TLS_method());
     SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
     SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
@@ -51,9 +58,12 @@ static SSL_CTX *new_ssl_context(bool server_cert, bool root_certs, std::string_v
         SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
     }
     // require_cert is not implemented yet.
-    return ctx;
+    return UniqueSSLCTX(ctx);
 }
 
+
+
+
 static std::string err_print_errors_str() {
     BIO *bio = BIO_new(BIO_s_mem());
     ERR_print_errors(bio);
@@ -119,9 +129,9 @@ public:
     std::unique_ptr<struct pollfd[]> pollvec_;
     drv::ReplayRecorder recorder_;
 
-    SSL_CTX *ssl_ctx_with_root_certs_;
+    UniqueSSLCTX ssl_ctx_with_root_certs_;
-    SSL_CTX *ssl_ctx_with_server_certs_;
+    UniqueSSLCTX ssl_ctx_with_server_certs_;
-    SSL_CTX *ssl_ctx_with_no_certs_;
+    UniqueSSLCTX ssl_ctx_with_no_certs_;
 
 
     void handle_listen_ports() {
@@ -242,7 +252,7 @@ public:
                 recorder_.drv_notify_close(chid, err);
             } else {
                 //std::cerr << "Opening channel " << chid << std::endl;
-                make_channel(sock, chid, ssl_ctx_with_no_certs_, CHAN_SSL_CONNECTING);
+                make_channel(sock, chid, ssl_ctx_with_no_certs_.get(), CHAN_SSL_CONNECTING);
             }
         }
         if (!chans.empty()) {
@@ -257,7 +267,7 @@ public:
         if (socket != INVALID_SOCKET) {
             int chid = recorder_.drv_notify_accept(port);
             // std::cerr << "Accepted channel " << chid << std::endl;
-            make_channel(socket, chid, ssl_ctx_with_server_certs_, CHAN_SSL_ACCEPTING);
+            make_channel(socket, chid, ssl_ctx_with_server_certs_.get(), CHAN_SSL_ACCEPTING);
         }
     }
 
@@ -545,12 +555,12 @@ public:
         ssl_ctx_with_server_certs_ = new_ssl_context(true, false, "");
         ssl_ctx_with_no_certs_ = new_ssl_context(false, false, "");
 
-        if (ssl_ctx_use_certificate_str(ssl_ctx_with_server_certs_, dummycert::certificate) <= 0) {
+        if (ssl_ctx_use_certificate_str(ssl_ctx_with_server_certs_.get(), dummycert::certificate) <= 0) {
             ERR_print_errors_fp(stderr);
             return 1;
         }
 
-        if (ssl_ctx_use_privatekey_str(ssl_ctx_with_server_certs_, dummycert::privatekey) <= 0 ) {
+        if (ssl_ctx_use_privatekey_str(ssl_ctx_with_server_certs_.get(), dummycert::privatekey) <= 0 ) {
             ERR_print_errors_fp(stderr);
             return 1;
         }
@@ -572,13 +582,9 @@ public:
         for (ChanInfo &chan : chans_) {
             close_channel(chan, "");
         }
-        SSL_CTX_free(ssl_ctx_with_no_certs_);
+
-        SSL_CTX_free(ssl_ctx_with_root_certs_);
-        SSL_CTX_free(ssl_ctx_with_server_certs_);
         DrivenEngine::set(nullptr);
-
         recorder_.clean_exit();
-
         return 0;
     }
 };