}
}
- secure.staticContext.reset(secure.createStaticServerContext(*this));
+ secure.staticContext.resetWithoutLocking(secure.createStaticServerContext(*this));
if (!secure.staticContext) {
char buf[128];
fatalf("%s_port %s initialization error", AnyP::ProtocolType_str[transport.protocol], s.toUrl(buf, sizeof(buf)));
#if USE_OPENSSL
if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) {
if (auto ssl = fd_table[aConn->clientConnection->fd].ssl.get())
- al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl));
+ al->cache.sslClientCert.resetWithoutLocking(SSL_get_peer_certificate(ssl));
}
#endif
}
comm_close_complete(const FdeCbParams ¶ms)
{
fde *F = &fd_table[params.fd];
- F->ssl.reset(nullptr);
+ F->ssl.resetWithoutLocking(nullptr);
#if USE_OPENSSL
if (F->dynamicSslContext) {
halfClosedReader = NULL;
read_method = NULL;
write_method = NULL;
- ssl.reset(nullptr);
+ ssl.resetWithoutLocking(nullptr);
dynamicSslContext = NULL;
#if _SQUID_WINDOWS_
win32.handle = (long)NULL;
* absorption, locking, and unlocking implementations. The API largely
* follows std::shared_ptr.
*
- * The constructor and the reset() method import a raw Object pointer.
+ * The constructor and the resetWithoutLocking() method import a raw Object pointer.
* Normally, reset() would lock(), but libraries like OpenSSL
* pre-lock objects before they are fed to LockingPointer, necessitating
- * this customization hook.
+ * this resetWithoutLocking() customization hook.
*
* The lock() method increments Object's reference counter.
*
explicit LockingPointer(SelfType &&) = default;
SelfType &operator =(SelfType &&o) {
if (o.get() != raw)
- reset(o.release());
+ resetWithoutLocking(o.release());
return *this;
}
T *get() const { return raw; }
/// Reset raw pointer - unlock any previous one and save new one without locking.
- void reset(T *t) {
+ void resetWithoutLocking(T *t) {
unlock();
raw = t;
}
void resetAndLock(T *t) {
if (t != get()) {
- reset(t);
+ resetWithoutLocking(t);
lock(t);
}
}
}
}
- parsedDhParams.reset(dhp);
+ parsedDhParams.resetWithoutLocking(dhp);
#endif
}
// Locks can be implemented attaching locks counter to gnutls_session_t
// objects using the gnutls_session_set_ptr()/gnutls_session_get_ptr ()
// library functions
-typedef std::unique_ptr<struct gnutls_session_int, std::function<decltype(gnutls_deinit)>> SessionPointer;
+//typedef std::unique_ptr<struct gnutls_session_int, std::function<decltype(gnutls_deinit)>> SessionPointer;
+CtoCpp1(gnutls_deinit, gnutls_session_t);
+typedef LockingPointer<struct gnutls_session_int, gnutls_deinit_cpp, -1> SessionPointer;
#else
// use void* so we can check against NULL
typedef void* SessionPtr;
-// use nullptr_t so default_delete works
-typedef std::unique_ptr<std::nullptr_t> SessionPointer;
+CtoCpp1(xfree, SessionPtr);
+typedef LockingPointer<void, xfree_cpp, -1> SessionPointer;
#endif
Ssl::EVP_PKEY_Pointer findPkey;
if (pure_find(useName.empty() ? subject.get() : useName, findCert, findPkey)) {
// Replace with database certificate
- cert.reset(findCert.release());
- pkey.reset(findPkey.release());
+ cert = std::move(findCert);
+ pkey = std::move(findPkey);
return true;
}
// pure_find may fail because the entry is expired, or because the
if (!Ssl::certificateMatchesProperties(cert.get(), certProperties)) {
// The certificate changed (renewed or other reason).
// Generete a new one with the updated fields.
- cert.reset(NULL);
- pkey.reset(NULL);
+ cert.resetWithoutLocking(nullptr);
+ pkey.resetWithoutLocking(nullptr);
db.purgeCert(cert_subject);
}
}
// remember the server certificate for later use
if (Ssl::ServerBump *serverBump = csd->serverBump()) {
- serverBump->serverCert.reset(serverCert.release());
+ serverBump->serverCert = std::move(serverCert);
}
}
}
else {
const int fd = serverConnection()->fd;
Security::SessionPtr ssl = fd_table[fd].ssl.get();
- serverCert.reset(SSL_get_peer_certificate(ssl));
+ serverCert.resetWithoutLocking(SSL_get_peer_certificate(ssl));
}
if (serverCert.get()) {
csd->resetSslCommonName(Ssl::CommonHostName(serverCert.get()));
BIO_puts(bio.get(), bufferToRead);
X509 * certPtr = NULL;
- cert.reset(PEM_read_bio_X509(bio.get(), &certPtr, 0, 0));
+ cert.resetWithoutLocking(PEM_read_bio_X509(bio.get(), &certPtr, 0, 0));
if (!cert)
return false;
EVP_PKEY * pkeyPtr = NULL;
- pkey.reset(PEM_read_bio_PrivateKey(bio.get(), &pkeyPtr, 0, 0));
+ pkey.resetWithoutLocking(PEM_read_bio_PrivateKey(bio.get(), &pkeyPtr, 0, 0));
if (!pkey)
return false;
BIO_puts(bio.get(), bufferToRead);
X509 * certPtr = NULL;
- cert.reset(PEM_read_bio_X509(bio.get(), &certPtr, 0, 0));
+ cert.resetWithoutLocking(PEM_read_bio_X509(bio.get(), &certPtr, 0, 0));
if (!cert)
return false;
if (properties.signWithPkey.get())
pkey.resetAndLock(properties.signWithPkey.get());
else // if not exist generate one
- pkey.reset(Ssl::createSslPrivateKey());
+ pkey.resetWithoutLocking(Ssl::createSslPrivateKey());
if (!pkey)
return false;
if (!ret)
return false;
- certToStore.reset(cert.release());
- pkeyToStore.reset(pkey.release());
+ certToStore = std::move(cert);
+ pkeyToStore = std::move(pkey);
return true;
}
{
if (keyFilename == NULL)
keyFilename = certFilename;
- pkey.reset(readSslPrivateKey(keyFilename));
- cert.reset(readSslX509Certificate(certFilename));
+ pkey.resetWithoutLocking(readSslPrivateKey(keyFilename));
+ cert.resetWithoutLocking(readSslX509Certificate(certFilename));
if (!pkey || !cert || !X509_check_private_key(cert.get(), pkey.get())) {
- pkey.reset(NULL);
- cert.reset(NULL);
+ pkey.resetWithoutLocking(nullptr);
+ cert.resetWithoutLocking(nullptr);
}
}
}
delete filledCheck->sslErrors;
filledCheck->sslErrors = NULL;
- filledCheck->serverCert.reset(NULL);
+ filledCheck->serverCert.resetWithoutLocking(nullptr);
}
// If the certificate validator is used then we need to allow all errors and
// pass them to certficate validator for more processing
// XXX: ssl_ask_password_cb needs SSL_CTX_set_default_passwd_cb_userdata()
// so this may not fully work iff Config.Program.ssl_password is set.
pem_password_cb *cb = ::Config.Program.ssl_password ? &ssl_ask_password_cb : NULL;
- pkey.reset(readSslPrivateKey(keyFilename, cb));
- cert.reset(readSslX509CertificatesChain(certFilename, chain.get()));
+ pkey.resetWithoutLocking(readSslPrivateKey(keyFilename, cb));
+ cert.resetWithoutLocking(readSslX509CertificatesChain(certFilename, chain.get()));
if (!pkey || !cert || !X509_check_private_key(cert.get(), pkey.get())) {
- pkey.reset(NULL);
- cert.reset(NULL);
+ pkey.resetWithoutLocking(nullptr);
+ cert.resetWithoutLocking(nullptr);
}
}
if (BIO *bio = Ssl::Bio::Create(fd, type)) {
Ssl::Bio::Link(ssl, bio); // cannot fail
- fd_table[fd].ssl.reset(ssl);
+ fd_table[fd].ssl.resetWithoutLocking(ssl);
fd_table[fd].read_method = &ssl_read_method;
fd_table[fd].write_method = &ssl_write_method;
fd_note(fd, squidCtx);
projects / thirdparty / squid.git / commitdiff
