You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by jp...@apache.org on 2012/10/25 06:47:16 UTC
git commit: TS-1550: remove unnecessary USE_CONFIG_PROCESSOR define
Updated Branches:
refs/heads/master 8b8130283 -> a35309778
TS-1550: remove unnecessary USE_CONFIG_PROCESSOR define
Remove USE_CONFIG_PROCESSOR and enable the use of ProxyConfig for
SSL configuration. Rename classes with a Ssl prefix to SSL to be
consistent with the rest of the SSL naming conventions. Remove
unnecessary global variable sslTerminationConfig. Remove the
SSLConfigParams member from SSLCertLookup because we don't have a
refcount on it to guarantee its lifetime.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/a3530977
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/a3530977
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/a3530977
Branch: refs/heads/master
Commit: a3530977846cfd18cfdc5d5d4c3343112b07839d
Parents: 8b81302
Author: James Peach <jp...@apache.org>
Authored: Wed Oct 24 21:43:41 2012 -0700
Committer: James Peach <jp...@apache.org>
Committed: Wed Oct 24 21:44:14 2012 -0700
----------------------------------------------------------------------
CHANGES | 2 +
iocore/net/P_Net.h | 1 -
iocore/net/P_SSLCertLookup.h | 6 ++--
iocore/net/P_SSLConfig.h | 34 +++++++++--------------
iocore/net/P_SSLNetProcessor.h | 4 +-
iocore/net/SSLCertLookup.cc | 36 +++++++++++-------------
iocore/net/SSLConfig.cc | 47 ++++++++++---------------------
iocore/net/SSLNetProcessor.cc | 14 +++++-----
iocore/net/SSLNetVConnection.cc | 2 +-
proxy/http/HttpProxyServerMain.cc | 1 -
10 files changed, 60 insertions(+), 87 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a3530977/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 907f3d1..b753ba3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
-*- coding: utf-8 -*-
Changes with Apache Traffic Server 3.3.1
+ *) [TS-1550] remove unnecessary USE_CONFIG_PROCESSOR define
+
*) [TS-1549] Drop MakeErrorVA, enabling body_factory by default
*) [TS-1548] Update documentation for ip_allow.config
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a3530977/iocore/net/P_Net.h
----------------------------------------------------------------------
diff --git a/iocore/net/P_Net.h b/iocore/net/P_Net.h
index a7c9155..4f05731 100644
--- a/iocore/net/P_Net.h
+++ b/iocore/net/P_Net.h
@@ -108,7 +108,6 @@ do { \
#include "P_NetVCTest.h"
#include "P_LibBulkIO.h"
-#include "P_SSLConfig.h"
#include "P_SSLNetVConnection.h"
#include "P_SSLNetProcessor.h"
#include "P_SSLNetAccept.h"
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a3530977/iocore/net/P_SSLCertLookup.h
----------------------------------------------------------------------
diff --git a/iocore/net/P_SSLCertLookup.h b/iocore/net/P_SSLCertLookup.h
index ae65fd8..a13ff8b 100644
--- a/iocore/net/P_SSLCertLookup.h
+++ b/iocore/net/P_SSLCertLookup.h
@@ -30,14 +30,14 @@ class SSLContextStorage;
class SSLCertLookup
{
- bool buildTable();
+ bool buildTable(const SSLConfigParams * param);
const char *extractIPAndCert(
matcher_line * line_info, char **addr, char **cert, char **ca, char **priKey) const;
bool addInfoToHash(
+ const SSLConfigParams * param,
const char *strAddr, const char *cert, const char *ca, const char *serverPrivateKey);
char config_file_path[PATH_NAME_MAX];
- SslConfigParams * param;
bool multipleCerts;
SSLContextStorage * ssl_storage;
@@ -46,7 +46,7 @@ class SSLCertLookup
public:
bool hasMultipleCerts() const { return multipleCerts; }
- void init(SslConfigParams * param);
+ void init(const SSLConfigParams * param);
SSL_CTX *findInfoInHash(const char * address) const;
// Return the last-resort default TLS context if there is no name or address match.
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a3530977/iocore/net/P_SSLConfig.h
----------------------------------------------------------------------
diff --git a/iocore/net/P_SSLConfig.h b/iocore/net/P_SSLConfig.h
index f2115c2..11ed35a 100644
--- a/iocore/net/P_SSLConfig.h
+++ b/iocore/net/P_SSLConfig.h
@@ -39,17 +39,14 @@
//
/////////////////////////////////////////////////////////////
//
-// struct SslConfigParams
+// struct SSLConfigParams
//
// configuration parameters as they apear in the global
// configuration file.
/////////////////////////////////////////////////////////////
-struct SslConfigParams
-#ifdef USE_CONFIG_PROCESSOR
-: public ConfigInfo
-#endif
+struct SSLConfigParams : public ConfigInfo
{
public:
enum SSL_SESSION_CACHE_MODE
@@ -63,8 +60,8 @@ public:
char *getServerCACertPathOnly(void) const { return CACertPath; }
char *getServerKeyPathOnly(void) const { return serverKeyPathOnly; }
- SslConfigParams();
- virtual ~SslConfigParams();
+ SSLConfigParams();
+ virtual ~SSLConfigParams();
private:
void initialize();
@@ -92,41 +89,36 @@ private:
long ssl_ctx_options;
friend struct SSLNetProcessor;
- friend class SslConfig;
+ friend class SSLConfig;
};
/////////////////////////////////////////////////////////////
//
-// class SslConfig
+// class SSLConfig
//
/////////////////////////////////////////////////////////////
-class SslConfig
+class SSLConfig
{
public:
static void startup();
static void reconfigure();
- static SslConfigParams *acquire();
- static void release(SslConfigParams * params);
+ static SSLConfigParams * acquire();
+ static void release(SSLConfigParams * params);
struct scoped_config {
- scoped_config() : p(SslConfig::acquire()) {}
- ~scoped_config() { SslConfig::release(p); }
- operator const SslConfigParams * () const { return p; }
+ scoped_config() : p(SSLConfig::acquire()) {}
+ ~scoped_config() { SSLConfig::release(p); }
+ operator const SSLConfigParams * () const { return p; }
private:
- SslConfigParams * p;
+ SSLConfigParams * p;
};
private:
static int id;
-#ifndef USE_CONFIG_PROCESSOR
- static SslConfigParams *ssl_config_params;
-#endif
friend struct SSLNetProcessor;
};
-extern SslConfig sslTerminationConfig;
-
#include "Diags.h"
TS_INLINE void
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a3530977/iocore/net/P_SSLNetProcessor.h
----------------------------------------------------------------------
diff --git a/iocore/net/P_SSLNetProcessor.h b/iocore/net/P_SSLNetProcessor.h
index 3e47858..0b7b0c8 100644
--- a/iocore/net/P_SSLNetProcessor.h
+++ b/iocore/net/P_SSLNetProcessor.h
@@ -58,10 +58,10 @@ public:
void cleanup(void);
int reconfigure();
- int initSSLClient(const SslConfigParams * param);
+ int initSSLClient(const SSLConfigParams * param);
int initSSLServerCTX(SSL_CTX * ctx,
- const SslConfigParams * param,
+ const SSLConfigParams * param,
const char *serverCertPtr, const char *serverCaPtr,
const char *serverKeyPtr);
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a3530977/iocore/net/SSLCertLookup.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLCertLookup.cc b/iocore/net/SSLCertLookup.cc
index 021e1a5..93a3dab 100644
--- a/iocore/net/SSLCertLookup.cc
+++ b/iocore/net/SSLCertLookup.cc
@@ -103,17 +103,17 @@ make_ssl_context(void * arg)
class SSLContextStorage
{
- struct SslEntry
+ struct SSLEntry
{
- explicit SslEntry(SSL_CTX * c) : ctx(c) {}
+ explicit SSLEntry(SSL_CTX * c) : ctx(c) {}
- void Print() const { Debug("ssl", "SslEntry=%p SSL_CTX=%p", this, ctx); }
+ void Print() const { Debug("ssl", "SSLEntry=%p SSL_CTX=%p", this, ctx); }
SSL_CTX * ctx;
- LINK(SslEntry, link);
+ LINK(SSLEntry, link);
};
- Trie<SslEntry> wildcards;
+ Trie<SSLEntry> wildcards;
InkHashTable * hostnames;
public:
@@ -147,7 +147,7 @@ static const matcher_tags sslCertTags = {
};
SSLCertLookup::SSLCertLookup()
- : param(NULL), multipleCerts(false), ssl_storage(NEW(new SSLContextStorage())), ssl_default(NULL)
+ : multipleCerts(false), ssl_storage(NEW(new SSLContextStorage())), ssl_default(NULL)
{
*config_file_path = '\0';
}
@@ -164,11 +164,9 @@ SSLCertLookup::findInfoInHash(const char * address) const
}
void
-SSLCertLookup::init(SslConfigParams * p)
+SSLCertLookup::init(const SSLConfigParams * param)
{
- param = p;
-
- this->multipleCerts = buildTable();
+ this->multipleCerts = buildTable(param);
// We *must* have a default context even if it can't possibly work. The default context is used to bootstrap the SSL
// handshake so that we can subsequently do the SNI lookup to switch to the real context.
@@ -178,7 +176,7 @@ SSLCertLookup::init(SslConfigParams * p)
}
bool
-SSLCertLookup::buildTable()
+SSLCertLookup::buildTable(const SSLConfigParams * param)
{
char *tok_state = NULL;
char *line = NULL;
@@ -195,8 +193,7 @@ SSLCertLookup::buildTable()
bool alarmAlready = false;
char *configFilePath = NULL;
- if (param != NULL)
- configFilePath = param->getConfigFilePath();
+ configFilePath = param->getConfigFilePath();
// Table should be empty
// ink_assert(num_el == 0);
@@ -237,7 +234,7 @@ SSLCertLookup::buildTable()
IOCORE_SignalError(errBuf, alarmAlready);
} else {
if (sslCert != NULL) {
- addInfoToHash(addr, sslCert, sslCa, priKey);
+ addInfoToHash(param, addr, sslCert, sslCa, priKey);
ret = 1;
}
ats_free(sslCert);
@@ -320,6 +317,7 @@ SSLCertLookup::extractIPAndCert(matcher_line * line_info, char **addr, char **ce
bool
SSLCertLookup::addInfoToHash(
+ const SSLConfigParams * param,
const char *strAddr, const char *cert,
const char *caCert, const char *serverPrivateKey)
{
@@ -331,8 +329,8 @@ SSLCertLookup::addInfoToHash(
return (false);
}
- if (ssl_NetProcessor.initSSLServerCTX(ctx, this->param, cert, caCert, serverPrivateKey) == 0) {
- char * certpath = Layout::relative_to(this->param->getServerCertPathOnly(), cert);
+ if (ssl_NetProcessor.initSSLServerCTX(ctx, param, cert, caCert, serverPrivateKey) == 0) {
+ char * certpath = Layout::relative_to(param->getServerCertPathOnly(), cert);
// Index this certificate by the specified IP(v6) address. If the address is "*", make it the default context.
if (strAddr) {
@@ -544,7 +542,7 @@ SSLContextStorage::insert(SSL_CTX * ctx, const char * name)
}
Debug("ssl", "indexed wildcard certificate for '%s' as '%s' with SSL_CTX %p", name, reversed, ctx);
- return this->wildcards.Insert(reversed, new SslEntry(ctx), 0 /* rank */, -1 /* keylen */);
+ return this->wildcards.Insert(reversed, new SSLEntry(ctx), 0 /* rank */, -1 /* keylen */);
} else {
Debug("ssl", "indexed '%s' with SSL_CTX %p", name, ctx);
ink_hash_table_insert(this->hostnames, name, (void *)ctx);
@@ -565,7 +563,7 @@ SSLContextStorage::lookup(const char * name) const
if (!this->wildcards.Empty()) {
char namebuf[TS_MAX_HOST_NAME_LEN + 1];
char * reversed;
- SslEntry * entry;
+ SSLEntry * entry;
reversed = reverse_dns_name(name, namebuf);
if (!reversed) {
@@ -585,7 +583,7 @@ SSLContextStorage::lookup(const char * name) const
#if TS_HAS_TESTS
-REGRESSION_TEST(SslHostLookup)(RegressionTest* t, int atype, int * pstatus)
+REGRESSION_TEST(SSLHostLookup)(RegressionTest* t, int atype, int * pstatus)
{
TestBox tb(t, pstatus);
SSLContextStorage storage;
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a3530977/iocore/net/SSLConfig.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index 87b2176..760e53d 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -22,7 +22,7 @@
*/
/*************************** -*- Mod: C++ -*- ******************************
- SslConfig.cc
+ SSLConfig.cc
Created On : 07/20/2000
Description:
@@ -34,18 +34,13 @@
#include <string.h>
#include "P_Net.h"
+#include "P_SSLConfig.h"
#include <records/I_RecHttp.h>
#include <openssl/ssl.h>
-int SslConfig::id = 0;
+int SSLConfig::id = 0;
-SslConfig sslTerminationConfig;
-
-#ifndef USE_CONFIG_PROCESSOR
-SslConfigParams *SslConfig::ssl_config_params;
-#endif
-
-SslConfigParams::SslConfigParams()
+SSLConfigParams::SSLConfigParams()
{
serverCertPathOnly =
serverCertChainPath =
@@ -63,13 +58,13 @@ SslConfigParams::SslConfigParams()
ssl_session_cache_size = 1024*20;
}
-SslConfigParams::~SslConfigParams()
+SSLConfigParams::~SSLConfigParams()
{
cleanup();
}
void
-SslConfigParams::cleanup()
+SSLConfigParams::cleanup()
{
ats_free_null(serverCertChainPath);
ats_free_null(CACertFilename);
@@ -114,7 +109,7 @@ set_paths_helper(const char *path, const char *filename, char **final_path, char
}
void
-SslConfigParams::initialize()
+SSLConfigParams::initialize()
{
char serverCertRelativePath[PATH_NAME_MAX] = "";
char *ssl_server_private_key_path = NULL;
@@ -212,41 +207,29 @@ SslConfigParams::initialize()
void
-SslConfig::startup()
+SSLConfig::startup()
{
reconfigure();
}
-
void
-SslConfig::reconfigure()
+SSLConfig::reconfigure()
{
- SslConfigParams *params;
- params = NEW(new SslConfigParams);
+ SSLConfigParams *params;
+ params = NEW(new SSLConfigParams);
params->initialize(); // re-read configuration
-#ifdef USE_CONFIG_PROCESSOR
id = configProcessor.set(id, params);
-#else
- ssl_config_params = params;
-#endif
}
-SslConfigParams *
-SslConfig::acquire()
+SSLConfigParams *
+SSLConfig::acquire()
{
-#ifndef USE_CONFIG_PROCESSOR
- return ssl_config_params;
-#else
- return ((SslConfigParams *) configProcessor.get(id));
-#endif
+ return ((SSLConfigParams *) configProcessor.get(id));
}
void
-SslConfig::release(SslConfigParams * params)
+SSLConfig::release(SSLConfigParams * params)
{
- (void) params;
-#ifdef USE_CONFIG_PROCESSOR
configProcessor.release(id, params);
-#endif
}
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a3530977/iocore/net/SSLNetProcessor.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLNetProcessor.cc b/iocore/net/SSLNetProcessor.cc
index 034408c..3c0bf55 100644
--- a/iocore/net/SSLNetProcessor.cc
+++ b/iocore/net/SSLNetProcessor.cc
@@ -133,7 +133,8 @@ SSLNetProcessor::reconfigure(void)
initSSLLocks();
}
- SslConfigParams *param = sslTerminationConfig.acquire();
+ SSLConfig::scoped_config param;
+
ink_assert(param);
if (HttpProxyPort::hasSSL()) {
@@ -150,7 +151,6 @@ SSLNetProcessor::reconfigure(void)
logSSLError("Can't initialize the SSL client, HTTPS in remap rules will not function");
}
- sslTerminationConfig.release(param);
return (err);
}
@@ -209,7 +209,7 @@ SSLNetProcessor::logSSLError(const char *errStr, int critical)
}
int
-SSLNetProcessor::initSSLServerCTX(SSL_CTX * lCtx, const SslConfigParams * param,
+SSLNetProcessor::initSSLServerCTX(SSL_CTX * lCtx, const SSLConfigParams * param,
const char *serverCertPtr, const char *serverCaCertPtr,
const char *serverKeyPtr)
{
@@ -221,10 +221,10 @@ SSLNetProcessor::initSSLServerCTX(SSL_CTX * lCtx, const SslConfigParams * param,
SSL_CTX_set_options(lCtx, param->ssl_ctx_options);
switch (param->ssl_session_cache) {
- case SslConfigParams::SSL_SESSION_CACHE_MODE_OFF:
+ case SSLConfigParams::SSL_SESSION_CACHE_MODE_OFF:
SSL_CTX_set_session_cache_mode(lCtx, SSL_SESS_CACHE_OFF|SSL_SESS_CACHE_NO_INTERNAL);
break;
- case SslConfigParams::SSL_SESSION_CACHE_MODE_SERVER:
+ case SSLConfigParams::SSL_SESSION_CACHE_MODE_SERVER:
SSL_CTX_set_session_cache_mode(lCtx, SSL_SESS_CACHE_SERVER);
SSL_CTX_sess_set_cache_size(lCtx, param->ssl_session_cache_size);
break;
@@ -335,7 +335,7 @@ SSLNetProcessor::initSSLServerCTX(SSL_CTX * lCtx, const SslConfigParams * param,
}
int
-SSLNetProcessor::initSSLClient(const SslConfigParams * param)
+SSLNetProcessor::initSSLClient(const SSLConfigParams * param)
{
ink_ssl_method_t meth = NULL;
int client_verify_server;
@@ -399,7 +399,7 @@ SSLNetProcessor::initSSLClient(const SslConfigParams * param)
int
SSLNetProcessor::start(int number_of_ssl_threads)
{
- sslTerminationConfig.startup();
+ SSLConfig::startup();
int err = reconfigure();
if (err != 0) {
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a3530977/iocore/net/SSLNetVConnection.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index f2b8ecf..6c3f45e 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -260,7 +260,7 @@ SSLNetVConnection::net_read_io(NetHandler *nh, EThread *lthread)
if (bytes > 0) {
if (ret == SSL_READ_WOULD_BLOCK) {
if (readSignalAndUpdate(VC_EVENT_READ_READY) != EVENT_CONT) {
- Debug("ssl", "ssl_read_from_net, readSignal !=EVENT_CONT");
+ Debug("ssl", "ssl_read_from_net, readSignal != EVENT_CONT");
return;
}
}
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a3530977/proxy/http/HttpProxyServerMain.cc
----------------------------------------------------------------------
diff --git a/proxy/http/HttpProxyServerMain.cc b/proxy/http/HttpProxyServerMain.cc
index 26ff128..b48e0f2 100644
--- a/proxy/http/HttpProxyServerMain.cc
+++ b/proxy/http/HttpProxyServerMain.cc
@@ -157,7 +157,6 @@ start_HttpProxyPort(const HttpProxyPort& port, unsigned nthreads)
{
NetProcessor::AcceptOptions net;
HttpAccept::Options http;
- SslConfig::scoped_config sslParam;
net.accept_threads = nthreads;