You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ma...@apache.org on 2021/01/07 00:11:03 UTC

[trafficserver] branch master updated: Make places to bind/unbind SSL object with/from NetVC (#7399)

This is an automated email from the ASF dual-hosted git repository.

maskit pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
     new 111f32a  Make places to bind/unbind SSL object with/from NetVC (#7399)
111f32a is described below

commit 111f32a8dcc52cbad5234ad9380b075672f85d98
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Thu Jan 7 09:10:48 2021 +0900

    Make places to bind/unbind SSL object with/from NetVC (#7399)
    
    There were two places calling SSLNetVCAttach, TLSSessionResumptionSupport::bind,
    and we had to maitain the both places when we add another binding.
    
    This adds helper functions to unify code for binding.
---
 iocore/net/P_SSLNetVConnection.h |  5 ++++
 iocore/net/SSLNetVConnection.cc  | 50 ++++++++++++++++++++++------------------
 2 files changed, 32 insertions(+), 23 deletions(-)

diff --git a/iocore/net/P_SSLNetVConnection.h b/iocore/net/P_SSLNetVConnection.h
index 488f495..da47678 100644
--- a/iocore/net/P_SSLNetVConnection.h
+++ b/iocore/net/P_SSLNetVConnection.h
@@ -531,6 +531,11 @@ private:
   std::unique_ptr<char[]> _ca_cert_dir;
 
   EventIO async_ep{};
+
+private:
+  void _make_ssl_connection(SSL_CTX *ctx);
+  void _bindSSLObject();
+  void _unbindSSLObject();
 };
 
 typedef int (SSLNetVConnection::*SSLNetVConnHandler)(int, void *);
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index 335db49..1f525df 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -153,28 +153,24 @@ private:
 // Private
 //
 
-static SSL *
-make_ssl_connection(SSL_CTX *ctx, SSLNetVConnection *netvc)
+void
+SSLNetVConnection::_make_ssl_connection(SSL_CTX *ctx)
 {
-  SSL *ssl;
-
-  if (likely(ssl = SSL_new(ctx))) {
-    netvc->ssl = ssl;
-
+  if (likely(this->ssl = SSL_new(ctx))) {
     // Only set up the bio stuff for the server side
-    if (netvc->get_context() == NET_VCONNECTION_OUT) {
+    if (this->get_context() == NET_VCONNECTION_OUT) {
       BIO *bio = BIO_new(const_cast<BIO_METHOD *>(BIO_s_fastopen()));
-      BIO_set_fd(bio, netvc->get_socket(), BIO_NOCLOSE);
+      BIO_set_fd(bio, this->get_socket(), BIO_NOCLOSE);
 
-      if (netvc->options.f_tcp_fastopen) {
-        BIO_set_conn_address(bio, netvc->get_remote_addr());
+      if (this->options.f_tcp_fastopen) {
+        BIO_set_conn_address(bio, this->get_remote_addr());
       }
 
       SSL_set_bio(ssl, bio, bio);
     } else {
-      netvc->initialize_handshake_buffers();
+      this->initialize_handshake_buffers();
       BIO *rbio = BIO_new(BIO_s_mem());
-      BIO *wbio = BIO_new_fd(netvc->get_socket(), BIO_NOCLOSE);
+      BIO *wbio = BIO_new_fd(this->get_socket(), BIO_NOCLOSE);
       BIO_set_mem_eof_return(wbio, -1);
       SSL_set_bio(ssl, rbio, wbio);
 
@@ -210,12 +206,22 @@ make_ssl_connection(SSL_CTX *ctx, SSLNetVConnection *netvc)
       }
 #endif
     }
-
-    SSLNetVCAttach(ssl, netvc);
-    TLSSessionResumptionSupport::bind(ssl, netvc);
+    this->_bindSSLObject();
   }
+}
 
-  return ssl;
+void
+SSLNetVConnection::_bindSSLObject()
+{
+  SSLNetVCAttach(this->ssl, this);
+  TLSSessionResumptionSupport::bind(this->ssl, this);
+}
+
+void
+SSLNetVConnection::_unbindSSLObject()
+{
+  SSLNetVCDetach(this->ssl);
+  TLSSessionResumptionSupport::unbind(this->ssl);
 }
 
 static void
@@ -1041,7 +1047,7 @@ SSLNetVConnection::sslStartHandShake(int event, int &err)
       // Attach the default SSL_CTX to this SSL session. The default context is never going to be able
       // to negotiate a SSL session, but it's enough to trampoline us into the SNI callback where we
       // can select the right server certificate.
-      this->ssl = make_ssl_connection(lookup->defaultContext(), this);
+      this->_make_ssl_connection(lookup->defaultContext());
     }
 
     if (this->ssl == nullptr) {
@@ -1118,7 +1124,7 @@ SSLNetVConnection::sslStartHandShake(int event, int &err)
         return EVENT_ERROR;
       }
 
-      this->ssl = make_ssl_connection(clientCTX, this);
+      this->_make_ssl_connection(clientCTX);
       if (this->ssl == nullptr) {
         SSLErrorVC(this, "failed to create SSL client session");
         return EVENT_ERROR;
@@ -1820,8 +1826,7 @@ SSLNetVConnection::populate(Connection &con, Continuation *c, void *arg)
   // Maybe bring over the stats?
 
   sslHandshakeStatus = SSL_HANDSHAKE_DONE;
-  SSLNetVCAttach(this->ssl, this);
-  TLSSessionResumptionSupport::bind(this->ssl, this);
+  this->_bindSSLObject();
   return EVENT_DONE;
 }
 
@@ -1945,8 +1950,7 @@ SSLNetVConnection::_prepareForMigration()
 {
   SSL *save_ssl = this->ssl;
 
-  SSLNetVCDetach(this->ssl);
-  TLSSessionResumptionSupport::unbind(this->ssl);
+  this->_unbindSSLObject();
   this->ssl = nullptr;
 
   return save_ssl;