You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by jp...@apache.org on 2012/02/19 17:47:50 UTC

[3/5] git commit: TS-841: Sprinkle some const pixie dust on the SSL classes

TS-841: Sprinkle some const pixie dust on the SSL classes


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/89e24d7c
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/89e24d7c
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/89e24d7c

Branch: refs/heads/master
Commit: 89e24d7ce521c0f43607f72a82319557ff2a35e7
Parents: 59bf86f
Author: James Peach <jp...@apache.org>
Authored: Wed Feb 8 21:29:11 2012 -0800
Committer: James Peach <jp...@apache.org>
Committed: Sun Feb 19 08:46:08 2012 -0800

----------------------------------------------------------------------
 iocore/net/P_SSLCertLookup.h    |   13 +++++++++----
 iocore/net/P_SSLNetProcessor.h  |   14 ++++++++------
 iocore/net/SSLCertLookup.cc     |   20 +++++++++-----------
 iocore/net/SSLNetProcessor.cc   |   23 ++++++++---------------
 iocore/net/SSLNetVConnection.cc |    2 +-
 5 files changed, 35 insertions(+), 37 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/89e24d7c/iocore/net/P_SSLCertLookup.h
----------------------------------------------------------------------
diff --git a/iocore/net/P_SSLCertLookup.h b/iocore/net/P_SSLCertLookup.h
index f547d7b..c9ea033 100644
--- a/iocore/net/P_SSLCertLookup.h
+++ b/iocore/net/P_SSLCertLookup.h
@@ -29,17 +29,22 @@
 class SSLCertLookup
 {
   bool buildTable();
-  const char *extractIPAndCert(matcher_line * line_info, char **addr, char **cert, char **ca, char **priKey);
-  int addInfoToHash(char *strAddr, char *cert, char *ca, char *serverPrivateKey);
+  const char *extractIPAndCert(
+    matcher_line * line_info, char **addr, char **cert, char **ca, char **priKey) const;
+  bool addInfoToHash(
+    const char *strAddr, const char *cert, const char *ca, const char *serverPrivateKey) const;
 
   InkHashTable *SSLCertLookupHashTable;
   char config_file_path[PATH_NAME_MAX];
   SslConfigParams *param;
+  bool multipleCerts;
 
 public:
-  bool multipleCerts;
+  bool hasMultipleCerts() const { return multipleCerts; }
+
   void init(SslConfigParams * param);
-  SSL_CTX *findInfoInHash(char *strAddr);
+  SSL_CTX *findInfoInHash(char *strAddr) const;
+
   SSLCertLookup();
   ~SSLCertLookup();
 };

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/89e24d7c/iocore/net/P_SSLNetProcessor.h
----------------------------------------------------------------------
diff --git a/iocore/net/P_SSLNetProcessor.h b/iocore/net/P_SSLNetProcessor.h
index 4ac07b6..a3156a3 100644
--- a/iocore/net/P_SSLNetProcessor.h
+++ b/iocore/net/P_SSLNetProcessor.h
@@ -62,10 +62,13 @@ public:
 
   void cleanup(void);
   int reconfigure();
-  int initSSL(SslConfigParams * param);
-  int initSSLClient(SslConfigParams * param);
-  int initSSLServerCTX(SslConfigParams * param,
-                       SSL_CTX * ctx, char *serverCertPtr, char *serverCaPtr, char *serverKeyPtr, bool defaultEnabled);
+  int initSSL(const SslConfigParams * param);
+  int initSSLClient(const SslConfigParams * param);
+
+  int initSSLServerCTX(SSL_CTX * ctx,
+    const SslConfigParams * param,
+    const char *serverCertPtr, const char *serverCaPtr,
+    const char *serverKeyPtr, bool defaultEnabled);
 
   SSL_CTX *getSSL_CTX(void) const {return ctx; }
   SSL_CTX *getClientSSL_CTX(void) const { return client_ctx; }
@@ -73,11 +76,10 @@ public:
   static void logSSLError(const char *errStr = "", int critical = 1);
 
   SSLNetProcessor()
-    : verify_depth(0), ctx(NULL), client_ctx(NULL), sslMutexArray(NULL)
+    : ctx(NULL), client_ctx(NULL), sslMutexArray(NULL)
     {  };
   virtual ~SSLNetProcessor();
 
-  int verify_depth;
   SSL_CTX *ctx;
   SSL_CTX *client_ctx;
   ProxyMutex **sslMutexArray;

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/89e24d7c/iocore/net/SSLCertLookup.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLCertLookup.cc b/iocore/net/SSLCertLookup.cc
index 8d95cf1..6da48cc 100644
--- a/iocore/net/SSLCertLookup.cc
+++ b/iocore/net/SSLCertLookup.cc
@@ -147,7 +147,7 @@ SSLCertLookup::buildTable()
 }
 
 const char *
-SSLCertLookup::extractIPAndCert(matcher_line * line_info, char **addr, char **cert, char **ca, char **priKey)
+SSLCertLookup::extractIPAndCert(matcher_line * line_info, char **addr, char **cert, char **ca, char **priKey) const
 {
 //  ip_addr_t testAddr;
   char *label;
@@ -206,31 +206,29 @@ SSLCertLookup::extractIPAndCert(matcher_line * line_info, char **addr, char **ce
     return NULL;
 }
 
-int
-SSLCertLookup::addInfoToHash(char *strAddr, char *cert, char *caCert, char *serverPrivateKey)
+bool
+SSLCertLookup::addInfoToHash(
+    const char *strAddr, const char *cert,
+    const char *caCert, const char *serverPrivateKey) const
 {
-
-#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) // openssl returns a const SSL_METHOD now
   const SSL_METHOD *meth = NULL;
-#else
-  SSL_METHOD *meth = NULL;
-#endif
+
   meth = SSLv23_server_method();
   SSL_CTX *ctx = SSL_CTX_new(meth);
   if (!ctx) {
-    ssl_NetProcessor.logSSLError("Cannot create new server contex.");
+    SSLNetProcessor::logSSLError("Cannot create new server contex.");
     return (false);
   }
 //  if (serverPrivateKey == NULL)
 //      serverPrivateKey = cert;
 
-  ssl_NetProcessor.initSSLServerCTX(param, ctx, cert, caCert,  serverPrivateKey, false);
+  ssl_NetProcessor.initSSLServerCTX(ctx, param, cert, caCert,  serverPrivateKey, false);
   ink_hash_table_insert(SSLCertLookupHashTable, strAddr, (void *) ctx);
   return (true);
 }
 
 SSL_CTX *
-SSLCertLookup::findInfoInHash(char *strAddr)
+SSLCertLookup::findInfoInHash(char *strAddr) const
 {
 
   InkHashTableValue hash_value;

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/89e24d7c/iocore/net/SSLNetProcessor.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLNetProcessor.cc b/iocore/net/SSLNetProcessor.cc
index c61cfc8..826cf25 100644
--- a/iocore/net/SSLNetProcessor.cc
+++ b/iocore/net/SSLNetProcessor.cc
@@ -242,13 +242,9 @@ SSLNetProcessor::logSSLError(const char *errStr, int critical)
 }
 
 int
-SSLNetProcessor::initSSL(SslConfigParams * param)
+SSLNetProcessor::initSSL(const SslConfigParams * param)
 {
-#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) // openssl returns a const SSL_METHOD now
   const SSL_METHOD *meth = NULL;
-#else
-  SSL_METHOD *meth = NULL;
-#endif
   // Note that we do not call RAND_seed() explicitly here, we depend on OpenSSL
   // to do the seeding of the PRNG for us. This is the case for all platforms that
   // has /dev/urandom for example.
@@ -260,12 +256,13 @@ SSLNetProcessor::initSSL(SslConfigParams * param)
     return (-1);
   }
 
-  return (initSSLServerCTX(param, ctx, param->serverCertPath, param->serverCertChainPath, param->serverKeyPath, true));
+  return initSSLServerCTX(ctx, param, param->serverCertPath, param->serverCertChainPath, param->serverKeyPath, true);
 }
 
 int
-SSLNetProcessor::initSSLServerCTX(SslConfigParams * param, SSL_CTX * lCtx,
-                                  char *serverCertPtr, char *serverCaCertPtr, char *serverKeyPtr, bool defaultEnabled)
+SSLNetProcessor::initSSLServerCTX(SSL_CTX * lCtx, const SslConfigParams * param,
+    const char *serverCertPtr, const char *serverCaCertPtr,
+    const char *serverKeyPtr, bool defaultEnabled)
 {
   int session_id_context;
   int server_verify_client;
@@ -285,7 +282,7 @@ SSLNetProcessor::initSSLServerCTX(SslConfigParams * param, SSL_CTX * lCtx,
   }
 
   //might want to make configurable at some point.
-  verify_depth = param->verify_depth;
+  int verify_depth = param->verify_depth;
   SSL_CTX_set_quiet_shutdown(lCtx, 1);
 
   if (defaultEnabled) {
@@ -408,13 +405,9 @@ SSLNetProcessor::initSSLServerCTX(SslConfigParams * param, SSL_CTX * lCtx,
 }
 
 int
-SSLNetProcessor::initSSLClient(SslConfigParams * param)
+SSLNetProcessor::initSSLClient(const SslConfigParams * param)
 {
-#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) // openssl returns a const SSL_METHOD now
   const SSL_METHOD *meth = NULL;
-#else
-  SSL_METHOD *meth = NULL;
-#endif
   int client_verify_server;
   char *clientKeyPtr = NULL;
 
@@ -428,7 +421,7 @@ SSLNetProcessor::initSSLClient(SslConfigParams * param)
 
   // disable selected protocols
   SSL_CTX_set_options(client_ctx, param->ssl_ctx_options);
-  verify_depth = param->client_verify_depth;
+  int verify_depth = param->client_verify_depth;
   if (!client_ctx) {
     logSSLError("Cannot create new client contex.");
     return (-1);

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/89e24d7c/iocore/net/SSLNetVConnection.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index 60a67cd..2955733 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -474,7 +474,7 @@ SSLNetVConnection::sslStartHandShake(int event, int &err)
 
   if (event == SSL_EVENT_SERVER) {
     if (ssl == NULL) {
-      if (sslCertLookup.multipleCerts) {
+      if (sslCertLookup.hasMultipleCerts()) {
         char buff[INET6_ADDRSTRLEN];
         safe_getsockname(get_socket(), &ip.sa, &namelen);
         ink_inet_ntop(&ip.sa, buff, sizeof(buff));