Cleanup: remove raw-pointer SSL* from ServerBump class API

diff --git a/src/ssl/PeekingPeerConnector.cc b/src/ssl/PeekingPeerConnector.cc
index 53e80218bb8ce385a1e0c69c396d31632fc3cce0..955695733d4a598c3f6c3086a26df341166922f1 100644 (file)
--- a/src/ssl/PeekingPeerConnector.cc
+++ b/src/ssl/PeekingPeerConnector.cc
@@ -201,7 +201,7 @@ Ssl::PeekingPeerConnector::initialize(Security::SessionPointer &serverSession)
         }
 
         if (Ssl::ServerBump *serverBump = csd->serverBump()) {
-            serverBump->attachServerSSL(serverSession.get());
+            serverBump->attachServerSession(serverSession);
             // store peeked cert to check SQUID_X509_V_ERR_CERT_CHANGE
             if (X509 *peeked_cert = serverBump->serverCert.get()) {
                 X509_up_ref(peeked_cert);

diff --git a/src/ssl/ServerBump.cc b/src/ssl/ServerBump.cc
index 5de903eae1349ab2ec4f2926f4ff6245e0a7745d..86e954a51ccad8dfc5ff1ea3c386bd3f1ee8c153 100644 (file)
--- a/src/ssl/ServerBump.cc
+++ b/src/ssl/ServerBump.cc
@@ -53,21 +53,21 @@ Ssl::ServerBump::~ServerBump()
 }
 
 void
-Ssl::ServerBump::attachServerSSL(SSL *ssl)
+Ssl::ServerBump::attachServerSession(const Security::SessionPointer &s)
 {
-    if (serverSSL.get())
+    if (serverSession)
         return;
 
-    serverSSL.resetAndLock(ssl);
+    serverSession = s;
 }
 
 const Security::CertErrors *
 Ssl::ServerBump::sslErrors() const
 {
-    if (!serverSSL.get())
+    if (!serverSession)
         return NULL;
 
-    const Security::CertErrors *errs = static_cast<const Security::CertErrors*>(SSL_get_ex_data(serverSSL.get(), ssl_ex_index_ssl_errors));
+    const Security::CertErrors *errs = static_cast<const Security::CertErrors*>(SSL_get_ex_data(serverSession.get(), ssl_ex_index_ssl_errors));
     return errs;
 }
 

diff --git a/src/ssl/ServerBump.h b/src/ssl/ServerBump.h
index 638f7727cc1f418d5bb9ef5830649bcf718bb3fb..1473a2b889bd946092f6c7d9b985ab0e2dc41d0f 100644 (file)
--- a/src/ssl/ServerBump.h
+++ b/src/ssl/ServerBump.h
@@ -32,14 +32,14 @@ class ServerBump
 public:
     explicit ServerBump(HttpRequest *fakeRequest, StoreEntry *e = NULL, Ssl::BumpMode mode = Ssl::bumpServerFirst);
     ~ServerBump();
-    void attachServerSSL(SSL *); ///< Sets the server SSL object
+    void attachServerSession(const Security::SessionPointer &); ///< Sets the server TLS session object
     const Security::CertErrors *sslErrors() const; ///< SSL [certificate validation] errors
 
     /// faked, minimal request; required by Client API
     HttpRequest::Pointer request;
     StoreEntry *entry; ///< for receiving Squid-generated error messages
     /// HTTPS server certificate. Maybe it is different than the one
-    /// it is stored in serverSSL object (error SQUID_X509_V_ERR_CERT_CHANGE)
+    /// it is stored in serverSession object (error SQUID_X509_V_ERR_CERT_CHANGE)
     Security::CertPointer serverCert;
     struct {
         Ssl::BumpMode step1; ///< The SSL bump mode at step1
@@ -48,9 +48,9 @@ public:
     } act; ///< bumping actions at various bumping steps
     Ssl::BumpStep step; ///< The SSL bumping step
     SBuf clientSni; ///< the SSL client SNI name
-    Security::SessionPointer serverSSL; ///< The SSL object on server side.
 
 private:
+    Security::SessionPointer serverSession; ///< The TLS session object on server side.
     store_client *sc; ///< dummy client to prevent entry trimming
 };