From: Markus Valentin Date: Thu, 11 Jan 2024 14:59:11 +0000 (+0100) Subject: lib-http: Replace http_server_settings.ssl with http_server_set_ssl_settings() X-Git-Tag: 2.4.1~1058 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3f1d99daa3da3cc2de4d629a1ec201302db340a6;p=thirdparty%2Fdovecot%2Fcore.git lib-http: Replace http_server_settings.ssl with http_server_set_ssl_settings() --- diff --git a/src/lib-http/http-server-connection.c b/src/lib-http/http-server-connection.c index 34e14372e6..0803012027 100644 --- a/src/lib-http/http-server-connection.c +++ b/src/lib-http/http-server-connection.c @@ -369,13 +369,13 @@ http_server_connection_ssl_init(struct http_server_connection *conn) e_debug(conn->event, "Starting SSL handshake"); http_server_connection_input_halt(conn); - if (conn->set->ssl == NULL) { + if (server->ssl_set == NULL) { ret = io_stream_autocreate_ssl_server(server->event, &conn->conn.input, &conn->conn.output, &conn->ssl_iostream, &error); - } else if (ssl_iostream_server_context_cache_get(conn->set->ssl, + } else if (ssl_iostream_server_context_cache_get(server->ssl_set, &ssl_ctx, &error) < 0) ret = -1; else { diff --git a/src/lib-http/http-server-private.h b/src/lib-http/http-server-private.h index a8e4927daa..6521c75941 100644 --- a/src/lib-http/http-server-private.h +++ b/src/lib-http/http-server-private.h @@ -183,6 +183,7 @@ struct http_server { pool_t pool; struct http_server_settings *set; + const struct ssl_iostream_settings *ssl_set; struct ioloop *ioloop; struct event *event; diff --git a/src/lib-http/http-server.c b/src/lib-http/http-server.c index e1aa30a6d9..a3ec1fd82c 100644 --- a/src/lib-http/http-server.c +++ b/src/lib-http/http-server.c @@ -30,10 +30,8 @@ struct http_server *http_server_init(const struct http_server_settings *set, { struct http_server *server; pool_t pool; - size_t pool_size; - pool_size = (set->ssl != NULL) ? 10240 : 1024; /* ca/cert/key will be >8K */ - pool = pool_alloconly_create("http server", pool_size); + pool = pool_alloconly_create("http server", 1024); server = p_new(pool, struct http_server, 1); server->set = p_new(pool, struct http_server_settings, 1); server->pool = pool; @@ -44,10 +42,6 @@ struct http_server *http_server_init(const struct http_server_settings *set, server->set->default_host = p_strdup(pool, set->default_host); if (set->rawlog_dir != NULL && *set->rawlog_dir != '\0') server->set->rawlog_dir = p_strdup(pool, set->rawlog_dir); - if (set->ssl != NULL) { - server->set->ssl = set->ssl; - pool_ref(server->set->ssl->pool); - } server->set->max_client_idle_time_msecs = set->max_client_idle_time_msecs; server->set->max_pipelined_requests = (set->max_pipelined_requests > 0 ? set->max_pipelined_requests : 1); @@ -65,6 +59,7 @@ struct http_server *http_server_init(const struct http_server_settings *set, server->conn_list = http_server_connection_list_init(); + settings_free(server->ssl_set); p_array_init(&server->resources, pool, 4); p_array_init(&server->locations, pool, 4); @@ -84,7 +79,6 @@ void http_server_deinit(struct http_server **_server) http_server_resource_free(&res); i_assert(array_count(&server->locations) == 0); - settings_free(server->set->ssl); event_unref(&server->event); pool_unref(&server->pool); } @@ -120,3 +114,11 @@ void http_server_shut_down(struct http_server *server) (void)http_server_connection_shut_down(conn); } } + +void http_server_set_ssl_settings(struct http_server *server, + const struct ssl_iostream_settings *ssl) +{ + settings_free(server->ssl_set); + server->ssl_set = ssl; + pool_ref(server->ssl_set->pool); +} diff --git a/src/lib-http/http-server.h b/src/lib-http/http-server.h index 7ca19b415b..baa13082f1 100644 --- a/src/lib-http/http-server.h +++ b/src/lib-http/http-server.h @@ -16,6 +16,8 @@ struct http_server_request; struct http_server_request_limits; struct http_server_response; +struct ssl_iostream_settings; + #define HTTP_SERVER_DEFAULT_MAX_PAYLOAD_SIZE (1024 * 1024 * 1024 * 10ULL) /* @@ -27,9 +29,6 @@ struct http_server_settings { const char *base_dir; const char *rawlog_dir; - /* SSL settings; if NULL, settings_get() is used automatically */ - const struct ssl_iostream_settings *ssl; - /* The maximum time in milliseconds a client is allowed to be idle before it is disconnected. */ unsigned int max_client_idle_time_msecs; @@ -432,4 +431,8 @@ void http_server_shut_down(struct http_server *server); /* Switch this server to the current ioloop */ void http_server_switch_ioloop(struct http_server *server); +/* Specify the SSL settings. By default lib-ssl-iostream automatically looks + them up from settings. */ +void http_server_set_ssl_settings(struct http_server *server, + const struct ssl_iostream_settings *ssl); #endif diff --git a/src/lib-http/test-http-payload.c b/src/lib-http/test-http-payload.c index e0026e84d7..6d41bb8ac3 100644 --- a/src/lib-http/test-http-payload.c +++ b/src/lib-http/test-http-payload.c @@ -846,12 +846,14 @@ static void test_http_server_connection_init(struct connection *conn) /* */ -static void test_server_init(const struct http_server_settings *server_set) +static void test_server_init(const struct http_server_settings *server_set, + const struct ssl_iostream_settings *ssl) { /* open server socket */ io_listen = io_add(fd_listen, IO_READ, client_accept, NULL); http_server = http_server_init(server_set, server_event); + http_server_set_ssl_settings(http_server, ssl); http_server->conn_list->v.init = test_http_server_connection_init; } @@ -1666,6 +1668,7 @@ static void test_client_echo(const struct http_client_settings *client_set, struct test_server_data { const struct http_server_settings *set; + const struct ssl_iostream_settings *ssl_set; }; static void test_open_server_fd(void) @@ -1682,6 +1685,7 @@ static void test_open_server_fd(void) static int test_run_server(struct test_server_data *data) { const struct http_server_settings *server_set = data->set; + const struct ssl_iostream_settings *ssl_set = data->ssl_set; struct ioloop *ioloop; i_set_failure_prefix("SERVER: "); @@ -1691,7 +1695,7 @@ static int test_run_server(struct test_server_data *data) ioloop_nested = NULL; ioloop_nested_depth = 0; ioloop = io_loop_create(); - test_server_init(server_set); + test_server_init(server_set, ssl_set); io_loop_run(ioloop); test_server_deinit(); io_loop_destroy(&ioloop); @@ -1734,6 +1738,7 @@ test_run_client_server( const struct http_client_settings *client_set, const struct ssl_iostream_settings *ssl_client_set, const struct http_server_settings *server_set, + const struct ssl_iostream_settings *ssl_server_set, void (*client_init)(const struct http_client_settings *client_set, const struct ssl_iostream_settings *ssl_client_set)) { @@ -1745,6 +1750,7 @@ test_run_client_server( i_zero(&data); data.set = server_set; + data.ssl_set = ssl_server_set; /* Fork server */ test_open_server_fd(); @@ -1804,7 +1810,6 @@ test_run_sequential( /* server settings */ test_init_server_settings(&http_server_set); - http_server_set.ssl = &ssl_server_set; http_server_set.max_pipelined_requests = 0; /* client settings */ @@ -1813,7 +1818,8 @@ test_run_sequential( http_client_set.max_pipelined_requests = 1; test_run_client_server(&http_client_set, &ssl_client_set, - &http_server_set, client_init); + &http_server_set, &ssl_server_set, + client_init); ssl_iostream_context_cache_free(); test_out_reason("sequential", (failure == NULL), failure); @@ -1836,7 +1842,6 @@ test_run_pipeline( /* server settings */ test_init_server_settings(&http_server_set); - http_server_set.ssl = &ssl_server_set; http_server_set.max_pipelined_requests = 4; /* client settings */ @@ -1845,7 +1850,8 @@ test_run_pipeline( http_client_set.max_pipelined_requests = 8; test_run_client_server(&http_client_set, &ssl_client_set, - &http_server_set, client_init); + &http_server_set, &ssl_server_set, + client_init); ssl_iostream_context_cache_free(); test_out_reason("pipeline", (failure == NULL), failure); @@ -1868,7 +1874,6 @@ test_run_parallel( /* server settings */ test_init_server_settings(&http_server_set); - http_server_set.ssl = &ssl_server_set; http_server_set.max_pipelined_requests = 4; /* client settings */ @@ -1877,7 +1882,8 @@ test_run_parallel( http_client_set.max_pipelined_requests = 8; test_run_client_server(&http_client_set, &ssl_client_set, - &http_server_set, client_init); + &http_server_set, &ssl_server_set, + client_init); ssl_iostream_context_cache_free(); test_out_reason("parallel", (failure == NULL), failure);