You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2022/12/08 00:21:04 UTC
[trafficserver] 01/02: Use std::unique_ptr for X509 and BIO scoped heap objects. (#8954)
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 9.2.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 3c657d1cad85eaa6f02ac247a8f227ab8c33a739
Author: Walt Karas <wk...@verizonmedia.com>
AuthorDate: Tue Jul 12 09:41:41 2022 -0500
Use std::unique_ptr for X509 and BIO scoped heap objects. (#8954)
Co-authored-by: Walt Karas <wk...@yahooinc.com>
(cherry picked from commit 6202ebbd355943cd2767d357e682fbc2e2069cdc)
---
iocore/net/OCSPStapling.cc | 6 +++---
iocore/net/P_SSLUtils.h | 47 +++++++++++++---------------------------------
iocore/net/SSLUtils.cc | 4 ++--
3 files changed, 18 insertions(+), 39 deletions(-)
diff --git a/iocore/net/OCSPStapling.cc b/iocore/net/OCSPStapling.cc
index da5a8c163..29a83f9c8 100644
--- a/iocore/net/OCSPStapling.cc
+++ b/iocore/net/OCSPStapling.cc
@@ -254,13 +254,13 @@ ssl_stapling_init_cert(SSL_CTX *ctx, X509 *cert, const char *certname, const cha
#endif
}
- issuer = stapling_get_issuer(ctx, cert);
- if (issuer == nullptr) {
+ issuer.reset(stapling_get_issuer(ctx, cert));
+ if (issuer.get() == nullptr) {
Note("cannot get issuer certificate from %s", certname);
goto err;
}
- cinf->cid = OCSP_cert_to_id(nullptr, cert, issuer);
+ cinf->cid = OCSP_cert_to_id(nullptr, cert, issuer.get());
if (!cinf->cid) {
goto err;
}
diff --git a/iocore/net/P_SSLUtils.h b/iocore/net/P_SSLUtils.h
index 8cdab4029..0245219b5 100644
--- a/iocore/net/P_SSLUtils.h
+++ b/iocore/net/P_SSLUtils.h
@@ -36,6 +36,7 @@
#include <map>
#include <set>
+#include <memory>
struct SSLConfigParams;
class SSLNetVConnection;
@@ -168,45 +169,23 @@ namespace ssl
{
namespace detail
{
- struct SCOPED_X509_TRAITS {
- typedef X509 *value_type;
- static value_type
- initValue()
+ struct X509Deleter {
+ void
+ operator()(X509 *p)
{
- return nullptr;
- }
- static bool
- isValid(value_type x)
- {
- return x != nullptr;
- }
- static void
- destroy(value_type x)
- {
- X509_free(x);
+ X509_free(p);
}
};
- struct SCOPED_BIO_TRAITS {
- typedef BIO *value_type;
- static value_type
- initValue()
+ struct BIODeleter {
+ void
+ operator()(BIO *p)
{
- return nullptr;
- }
- static bool
- isValid(value_type x)
- {
- return x != nullptr;
- }
- static void
- destroy(value_type x)
- {
- BIO_free(x);
+ BIO_free(p);
}
};
- /* namespace ssl */ // namespace detail
-} /* namespace detail */
+
+} // namespace detail
} // namespace ssl
struct ats_wildcard_matcher {
@@ -228,5 +207,5 @@ private:
DFA regex;
};
-typedef ats_scoped_resource<ssl::detail::SCOPED_X509_TRAITS> scoped_X509;
-typedef ats_scoped_resource<ssl::detail::SCOPED_BIO_TRAITS> scoped_BIO;
+using scoped_X509 = std::unique_ptr<X509, ssl::detail::X509Deleter>;
+using scoped_BIO = std::unique_ptr<BIO, ssl::detail::BIODeleter>;
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 2a2c338b3..1b2040601 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -171,7 +171,7 @@ static bool
SSL_CTX_add_extra_chain_cert_file(SSL_CTX *ctx, const char *chainfile)
{
scoped_BIO bio(BIO_new_file(chainfile, "r"));
- return SSL_CTX_add_extra_chain_cert_bio(ctx, bio);
+ return SSL_CTX_add_extra_chain_cert_bio(ctx, bio.get());
}
static SSL_SESSION *
@@ -2392,7 +2392,7 @@ SSLMultiCertConfigLoader::load_certs(SSL_CTX *ctx, const std::vector<std::string
}
// Load up any additional chain certificates
- if (!SSL_CTX_add_extra_chain_cert_bio(ctx, bio)) {
+ if (!SSL_CTX_add_extra_chain_cert_bio(ctx, bio.get())) {
Debug("ssl", "couldn't add chain to %p", ctx);
}