Store SSL_CTX in UniqueSSLCTX
This commit is contained in:
@@ -39,8 +39,15 @@ static std::string_view read_file(const char *fn, char *buf, int bufsize, std::s
|
||||
return std::string_view(buf, nread);
|
||||
}
|
||||
|
||||
struct SSL_CTX_Deleter {
|
||||
void operator()(SSL_CTX *ctx) {
|
||||
SSL_CTX_free(ctx);
|
||||
}
|
||||
};
|
||||
|
||||
static SSL_CTX *new_ssl_context(bool server_cert, bool root_certs, std::string_view require_cert) {
|
||||
using UniqueSSLCTX = std::unique_ptr<SSL_CTX, SSL_CTX_Deleter>;
|
||||
|
||||
static UniqueSSLCTX new_ssl_context(bool server_cert, bool root_certs, std::string_view require_cert) {
|
||||
SSL_CTX *ctx = SSL_CTX_new(TLS_method());
|
||||
SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
|
||||
SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
|
||||
@@ -51,9 +58,12 @@ static SSL_CTX *new_ssl_context(bool server_cert, bool root_certs, std::string_v
|
||||
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
|
||||
}
|
||||
// require_cert is not implemented yet.
|
||||
return ctx;
|
||||
return UniqueSSLCTX(ctx);
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
static std::string err_print_errors_str() {
|
||||
BIO *bio = BIO_new(BIO_s_mem());
|
||||
ERR_print_errors(bio);
|
||||
@@ -119,9 +129,9 @@ public:
|
||||
std::unique_ptr<struct pollfd[]> pollvec_;
|
||||
drv::ReplayRecorder recorder_;
|
||||
|
||||
SSL_CTX *ssl_ctx_with_root_certs_;
|
||||
SSL_CTX *ssl_ctx_with_server_certs_;
|
||||
SSL_CTX *ssl_ctx_with_no_certs_;
|
||||
UniqueSSLCTX ssl_ctx_with_root_certs_;
|
||||
UniqueSSLCTX ssl_ctx_with_server_certs_;
|
||||
UniqueSSLCTX ssl_ctx_with_no_certs_;
|
||||
|
||||
|
||||
void handle_listen_ports() {
|
||||
@@ -242,7 +252,7 @@ public:
|
||||
recorder_.drv_notify_close(chid, err);
|
||||
} else {
|
||||
//std::cerr << "Opening channel " << chid << std::endl;
|
||||
make_channel(sock, chid, ssl_ctx_with_no_certs_, CHAN_SSL_CONNECTING);
|
||||
make_channel(sock, chid, ssl_ctx_with_no_certs_.get(), CHAN_SSL_CONNECTING);
|
||||
}
|
||||
}
|
||||
if (!chans.empty()) {
|
||||
@@ -257,7 +267,7 @@ public:
|
||||
if (socket != INVALID_SOCKET) {
|
||||
int chid = recorder_.drv_notify_accept(port);
|
||||
// std::cerr << "Accepted channel " << chid << std::endl;
|
||||
make_channel(socket, chid, ssl_ctx_with_server_certs_, CHAN_SSL_ACCEPTING);
|
||||
make_channel(socket, chid, ssl_ctx_with_server_certs_.get(), CHAN_SSL_ACCEPTING);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -545,12 +555,12 @@ public:
|
||||
ssl_ctx_with_server_certs_ = new_ssl_context(true, false, "");
|
||||
ssl_ctx_with_no_certs_ = new_ssl_context(false, false, "");
|
||||
|
||||
if (ssl_ctx_use_certificate_str(ssl_ctx_with_server_certs_, dummycert::certificate) <= 0) {
|
||||
if (ssl_ctx_use_certificate_str(ssl_ctx_with_server_certs_.get(), dummycert::certificate) <= 0) {
|
||||
ERR_print_errors_fp(stderr);
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (ssl_ctx_use_privatekey_str(ssl_ctx_with_server_certs_, dummycert::privatekey) <= 0 ) {
|
||||
if (ssl_ctx_use_privatekey_str(ssl_ctx_with_server_certs_.get(), dummycert::privatekey) <= 0 ) {
|
||||
ERR_print_errors_fp(stderr);
|
||||
return 1;
|
||||
}
|
||||
@@ -572,13 +582,9 @@ public:
|
||||
for (ChanInfo &chan : chans_) {
|
||||
close_channel(chan, "");
|
||||
}
|
||||
SSL_CTX_free(ssl_ctx_with_no_certs_);
|
||||
SSL_CTX_free(ssl_ctx_with_root_certs_);
|
||||
SSL_CTX_free(ssl_ctx_with_server_certs_);
|
||||
|
||||
DrivenEngine::set(nullptr);
|
||||
|
||||
recorder_.clean_exit();
|
||||
|
||||
return 0;
|
||||
}
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user