You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by sh...@apache.org on 2015/04/28 22:24:06 UTC
trafficserver git commit: TS-3554: Had to rearrange functions so the
test_certlookup program would link with additional release method.
Repository: trafficserver
Updated Branches:
refs/heads/master 966353bc9 -> 29d72d393
TS-3554: Had to rearrange functions so the test_certlookup program would link with additional release method.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/29d72d39
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/29d72d39
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/29d72d39
Branch: refs/heads/master
Commit: 29d72d393aa31950a173e43c26f0798efdc77127
Parents: 966353b
Author: shinrich <sh...@yahoo-inc.com>
Authored: Tue Apr 28 15:21:58 2015 -0500
Committer: shinrich <sh...@yahoo-inc.com>
Committed: Tue Apr 28 15:23:54 2015 -0500
----------------------------------------------------------------------
iocore/net/P_SSLCertLookup.h | 3 +++
iocore/net/SSLCertLookup.cc | 39 ++++++++++++++++++++++++++++++++++++++
iocore/net/SSLUtils.cc | 40 +--------------------------------------
3 files changed, 43 insertions(+), 39 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/29d72d39/iocore/net/P_SSLCertLookup.h
----------------------------------------------------------------------
diff --git a/iocore/net/P_SSLCertLookup.h b/iocore/net/P_SSLCertLookup.h
index ebac339..b3591ec 100644
--- a/iocore/net/P_SSLCertLookup.h
+++ b/iocore/net/P_SSLCertLookup.h
@@ -109,4 +109,7 @@ struct SSLCertLookup : public ConfigInfo {
virtual ~SSLCertLookup();
};
+void ticket_block_free(void *ptr);
+ssl_ticket_key_block *ticket_block_alloc(unsigned count);
+
#endif /* __P_SSLCERTLOOKUP_H__ */
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/29d72d39/iocore/net/SSLCertLookup.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLCertLookup.cc b/iocore/net/SSLCertLookup.cc
index 2e40208..071b2db 100644
--- a/iocore/net/SSLCertLookup.cc
+++ b/iocore/net/SSLCertLookup.cc
@@ -133,6 +133,45 @@ private:
int store(SSLCertContext const &cc);
};
+// Zero out and free the heap space allocated for ticket keys to avoid leaking secrets.
+// The first several bytes stores the number of keys and the rest stores the ticket keys.
+void
+ticket_block_free(void *ptr)
+{
+ if (ptr) {
+ ssl_ticket_key_block *key_block_ptr = (ssl_ticket_key_block *)ptr;
+ unsigned num_ticket_keys = key_block_ptr->num_keys;
+ memset(ptr, 0, sizeof(ssl_ticket_key_block) + num_ticket_keys * sizeof(ssl_ticket_key_t));
+ }
+ ats_free(ptr);
+}
+
+ssl_ticket_key_block *
+ticket_block_alloc(unsigned count)
+{
+ ssl_ticket_key_block *ptr;
+ size_t nbytes = sizeof(ssl_ticket_key_block) + count * sizeof(ssl_ticket_key_t);
+
+ ptr = (ssl_ticket_key_block *)ats_malloc(nbytes);
+ memset(ptr, 0, nbytes);
+ ptr->num_keys = count;
+
+ return ptr;
+}
+
+void
+SSLCertContext::release()
+{
+ if (keyblock) {
+ ticket_block_free(keyblock);
+ keyblock = NULL;
+ }
+ if (ctx) {
+ SSL_CTX_free(ctx);
+ ctx = NULL;
+ }
+}
+
SSLCertLookup::SSLCertLookup() : ssl_storage(new SSLContextStorage()), ssl_default(NULL), is_valid(true)
{
}
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/29d72d39/iocore/net/SSLUtils.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 64d98e8..76727c5 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -116,47 +116,9 @@ static int ssl_callback_session_ticket(SSL *, unsigned char *, unsigned char *,
#if HAVE_OPENSSL_SESSION_TICKETS
static int ssl_session_ticket_index = -1;
+#endif
-// Zero out and free the heap space allocated for ticket keys to avoid leaking secrets.
-// The first several bytes stores the number of keys and the rest stores the ticket keys.
-static void
-ticket_block_free(void *ptr)
-{
- if (ptr) {
- ssl_ticket_key_block *key_block_ptr = (ssl_ticket_key_block *)ptr;
- unsigned num_ticket_keys = key_block_ptr->num_keys;
- memset(ptr, 0, sizeof(ssl_ticket_key_block) + num_ticket_keys * sizeof(ssl_ticket_key_t));
- }
- ats_free(ptr);
-}
-
-void SSLCertContext::release()
-{
- if (keyblock) {
- ticket_block_free(keyblock);
- keyblock = NULL;
- }
- if (ctx) {
- SSL_CTX_free(ctx);
- ctx = NULL;
- }
-}
-
-static ssl_ticket_key_block *
-ticket_block_alloc(unsigned count)
-{
- ssl_ticket_key_block *ptr;
- size_t nbytes = sizeof(ssl_ticket_key_block) + count * sizeof(ssl_ticket_key_t);
-
- ptr = (ssl_ticket_key_block *)ats_malloc(nbytes);
- memset(ptr, 0, nbytes);
- ptr->num_keys = count;
-
- return ptr;
-}
-
-#endif
static pthread_mutex_t *mutex_buf = NULL;
static bool open_ssl_initialized = false;