From: Amos Jeffries Date: Tue, 14 Feb 2017 09:56:34 +0000 (+1300) Subject: De-duplicate the ContextPointer creation code X-Git-Tag: M-staged-PR71~257^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=df473b362a708ad70b474b71ba236eb4c71da9d3;p=thirdparty%2Fsquid.git De-duplicate the ContextPointer creation code Making the actual raw-pointer to Pointer conversion and lambda logic into a protected method shared by both classes creatign ContextPointer. Also improve debug a bit for libsecurity shared_ptr. --- diff --git a/src/security/PeerOptions.cc b/src/security/PeerOptions.cc index 04ed624887..46a43a8474 100644 --- a/src/security/PeerOptions.cc +++ b/src/security/PeerOptions.cc @@ -257,9 +257,7 @@ Security::PeerOptions::createBlankContext() const const auto x = ERR_get_error(); fatalf("Failed to allocate TLS client context: %s\n", Security::ErrorString(x)); } - ctx = Security::ContextPointer(t, [](SSL_CTX *p) { - SSL_CTX_free(p); - }); + ctx = convertContextFromRawPtr(t); #elif USE_GNUTLS // Initialize for X.509 certificate exchange @@ -267,9 +265,7 @@ Security::PeerOptions::createBlankContext() const if (const int x = gnutls_certificate_allocate_credentials(&t)) { fatalf("Failed to allocate TLS client context: %s\n", Security::ErrorString(x)); } - ctx = Security::ContextPointer(t, [](gnutls_certificate_credentials_t p) { - gnutls_certificate_free_credentials(p); - }); + ctx = convertContextFromRawPtr(t); #else debugs(83, 1, "WARNING: Failed to allocate TLS client context: No TLS library"); @@ -518,6 +514,7 @@ Security::PeerOptions::parseOptions() fatalf("Unknown TLS option '%s'", err); } parsedOptions = Security::ParsedOptions(op, [](gnutls_priority_t p) { + debugs(83, 5, "gnutls_priority_deinit p=" << (void*)p); gnutls_priority_deinit(p); }); #endif diff --git a/src/security/PeerOptions.h b/src/security/PeerOptions.h index ca1eabc4fc..cbe848ecd6 100644 --- a/src/security/PeerOptions.h +++ b/src/security/PeerOptions.h @@ -81,6 +81,24 @@ public: Security::CertRevokeList parsedCrl; ///< CRL to use when verifying the remote end certificate protected: + template + Security::ContextPointer convertContextFromRawPtr(T ctx) const { +#if USE_OPENSSL + return ContextPointer(ctx, [](SSL_CTX *p) { + debugs(83, 5, "SSL_free ctx=" << (void*)p); + SSL_CTX_free(p); + }); +#elif USE_GNUTLS + return Security::ContextPointer(ctx, [](gnutls_certificate_credentials_t p) { + debugs(83, 5, "gnutls_certificate_free_credentials ctx=" << (void*)p); + gnutls_certificate_free_credentials(p); + }); +#else + assert(!ctx); + return Security::ContextPointer(); +#endif + } + int sslVersion = 0; /// flags governing Squid internal TLS operations diff --git a/src/security/ServerOptions.cc b/src/security/ServerOptions.cc index 1661ad2d14..a40e89d525 100644 --- a/src/security/ServerOptions.cc +++ b/src/security/ServerOptions.cc @@ -101,9 +101,7 @@ Security::ServerOptions::createBlankContext() const const auto x = ERR_get_error(); debugs(83, DBG_CRITICAL, "ERROR: Failed to allocate TLS server context: " << Security::ErrorString(x)); } - ctx = Security::ContextPointer(t, [](SSL_CTX *p) { - SSL_CTX_free(p); - }); + ctx = convertContextFromRawPtr(t); #elif USE_GNUTLS // Initialize for X.509 certificate exchange @@ -111,9 +109,7 @@ Security::ServerOptions::createBlankContext() const if (const int x = gnutls_certificate_allocate_credentials(&t)) { debugs(83, DBG_CRITICAL, "ERROR: Failed to allocate TLS server context: " << Security::ErrorString(x)); } - ctx = Security::ContextPointer(t, [](gnutls_certificate_credentials_t p) { - gnutls_certificate_free_credentials(p); - }); + ctx = convertContextFromRawPtr(t); #else debugs(83, DBG_CRITICAL, "ERROR: Failed to allocate TLS server context: No TLS library");