From: Amos Jeffries <squid3@treenet.co.nz>
Date: Thu, 1 Dec 2016 01:52:52 +0000 (+1300)
Subject: Cleanup: remove raw-pointer SSL* from ServerBump class API
X-Git-Tag: M-staged-PR71~354
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8f9171296967b92502c62ad510437a65403f2bfb;p=thirdparty%2Fsquid.git

Cleanup: remove raw-pointer SSL* from ServerBump class API
---

diff --git a/src/ssl/PeekingPeerConnector.cc b/src/ssl/PeekingPeerConnector.cc
index 53e80218bb..955695733d 100644
--- a/src/ssl/PeekingPeerConnector.cc
+++ b/src/ssl/PeekingPeerConnector.cc
@@ -201,7 +201,7 @@ Ssl::PeekingPeerConnector::initialize(Security::SessionPointer &serverSession)
         }
 
         if (Ssl::ServerBump *serverBump = csd->serverBump()) {
-            serverBump->attachServerSSL(serverSession.get());
+            serverBump->attachServerSession(serverSession);
             // store peeked cert to check SQUID_X509_V_ERR_CERT_CHANGE
             if (X509 *peeked_cert = serverBump->serverCert.get()) {
                 X509_up_ref(peeked_cert);
diff --git a/src/ssl/ServerBump.cc b/src/ssl/ServerBump.cc
index 5de903eae1..86e954a51c 100644
--- a/src/ssl/ServerBump.cc
+++ b/src/ssl/ServerBump.cc
@@ -53,21 +53,21 @@ Ssl::ServerBump::~ServerBump()
 }
 
 void
-Ssl::ServerBump::attachServerSSL(SSL *ssl)
+Ssl::ServerBump::attachServerSession(const Security::SessionPointer &s)
 {
-    if (serverSSL.get())
+    if (serverSession)
         return;
 
-    serverSSL.resetAndLock(ssl);
+    serverSession = s;
 }
 
 const Security::CertErrors *
 Ssl::ServerBump::sslErrors() const
 {
-    if (!serverSSL.get())
+    if (!serverSession)
         return NULL;
 
-    const Security::CertErrors *errs = static_cast<const Security::CertErrors*>(SSL_get_ex_data(serverSSL.get(), ssl_ex_index_ssl_errors));
+    const Security::CertErrors *errs = static_cast<const Security::CertErrors*>(SSL_get_ex_data(serverSession.get(), ssl_ex_index_ssl_errors));
     return errs;
 }
 
diff --git a/src/ssl/ServerBump.h b/src/ssl/ServerBump.h
index 638f7727cc..1473a2b889 100644
--- a/src/ssl/ServerBump.h
+++ b/src/ssl/ServerBump.h
@@ -32,14 +32,14 @@ class ServerBump
 public:
     explicit ServerBump(HttpRequest *fakeRequest, StoreEntry *e = NULL, Ssl::BumpMode mode = Ssl::bumpServerFirst);
     ~ServerBump();
-    void attachServerSSL(SSL *); ///< Sets the server SSL object
+    void attachServerSession(const Security::SessionPointer &); ///< Sets the server TLS session object
     const Security::CertErrors *sslErrors() const; ///< SSL [certificate validation] errors
 
     /// faked, minimal request; required by Client API
     HttpRequest::Pointer request;
     StoreEntry *entry; ///< for receiving Squid-generated error messages
     /// HTTPS server certificate. Maybe it is different than the one
-    /// it is stored in serverSSL object (error SQUID_X509_V_ERR_CERT_CHANGE)
+    /// it is stored in serverSession object (error SQUID_X509_V_ERR_CERT_CHANGE)
     Security::CertPointer serverCert;
     struct {
         Ssl::BumpMode step1; ///< The SSL bump mode at step1
@@ -48,9 +48,9 @@ public:
     } act; ///< bumping actions at various bumping steps
     Ssl::BumpStep step; ///< The SSL bumping step
     SBuf clientSni; ///< the SSL client SNI name
-    Security::SessionPointer serverSSL; ///< The SSL object on server side.
 
 private:
+    Security::SessionPointer serverSession; ///< The TLS session object on server side.
     store_client *sc; ///< dummy client to prevent entry trimming
 };