De-duplicate the ContextPointer creation code

Making the actual raw-pointer to Pointer conversion and lambda logic
into a protected method shared by both classes creatign ContextPointer.

Also improve debug a bit for libsecurity shared_ptr.

diff --git a/src/security/PeerOptions.cc b/src/security/PeerOptions.cc
index 04ed6248874fd7031209a8d6bd35858b7d730030..46a43a8474a840bab39396712a33da815f802262 100644 (file)
--- a/src/security/PeerOptions.cc
+++ b/src/security/PeerOptions.cc
@@ -257,9 +257,7 @@ Security::PeerOptions::createBlankContext() const
         const auto x = ERR_get_error();
         fatalf("Failed to allocate TLS client context: %s\n", Security::ErrorString(x));
     }
-    ctx = Security::ContextPointer(t, [](SSL_CTX *p) {
-        SSL_CTX_free(p);
-    });
+    ctx = convertContextFromRawPtr(t);
 
 #elif USE_GNUTLS
     // Initialize for X.509 certificate exchange
@@ -267,9 +265,7 @@ Security::PeerOptions::createBlankContext() const
     if (const int x = gnutls_certificate_allocate_credentials(&t)) {
         fatalf("Failed to allocate TLS client context: %s\n", Security::ErrorString(x));
     }
-    ctx = Security::ContextPointer(t, [](gnutls_certificate_credentials_t p) {
-        gnutls_certificate_free_credentials(p);
-    });
+    ctx = convertContextFromRawPtr(t);
 
 #else
     debugs(83, 1, "WARNING: Failed to allocate TLS client context: No TLS library");
@@ -518,6 +514,7 @@ Security::PeerOptions::parseOptions()
         fatalf("Unknown TLS option '%s'", err);
     }
     parsedOptions = Security::ParsedOptions(op, [](gnutls_priority_t p) {
+        debugs(83, 5, "gnutls_priority_deinit p=" << (void*)p);
         gnutls_priority_deinit(p);
     });
 #endif

diff --git a/src/security/PeerOptions.h b/src/security/PeerOptions.h
index ca1eabc4fcd187ac8b7f38413799037a9d87627d..cbe848ecd6d87a5f343104e532122a47b0549e54 100644 (file)
--- a/src/security/PeerOptions.h
+++ b/src/security/PeerOptions.h
@@ -81,6 +81,24 @@ public:
     Security::CertRevokeList parsedCrl; ///< CRL to use when verifying the remote end certificate
 
 protected:
+    template<typename T>
+    Security::ContextPointer convertContextFromRawPtr(T ctx) const {
+#if USE_OPENSSL
+        return ContextPointer(ctx, [](SSL_CTX *p) {
+            debugs(83, 5, "SSL_free ctx=" << (void*)p);
+            SSL_CTX_free(p);
+        });
+#elif USE_GNUTLS
+        return Security::ContextPointer(ctx, [](gnutls_certificate_credentials_t p) {
+            debugs(83, 5, "gnutls_certificate_free_credentials ctx=" << (void*)p);
+            gnutls_certificate_free_credentials(p);
+        });
+#else
+        assert(!ctx);
+        return Security::ContextPointer();
+#endif
+    }
+
     int sslVersion = 0;
 
     /// flags governing Squid internal TLS operations

diff --git a/src/security/ServerOptions.cc b/src/security/ServerOptions.cc
index 1661ad2d14f284ad3049a0885839737dde8bf3ed..a40e89d525f9b39e03b0dc6f057233780ad30898 100644 (file)
--- a/src/security/ServerOptions.cc
+++ b/src/security/ServerOptions.cc
@@ -101,9 +101,7 @@ Security::ServerOptions::createBlankContext() const
         const auto x = ERR_get_error();
         debugs(83, DBG_CRITICAL, "ERROR: Failed to allocate TLS server context: " << Security::ErrorString(x));
     }
-    ctx = Security::ContextPointer(t, [](SSL_CTX *p) {
-        SSL_CTX_free(p);
-    });
+    ctx = convertContextFromRawPtr(t);
 
 #elif USE_GNUTLS
     // Initialize for X.509 certificate exchange
@@ -111,9 +109,7 @@ Security::ServerOptions::createBlankContext() const
     if (const int x = gnutls_certificate_allocate_credentials(&t)) {
         debugs(83, DBG_CRITICAL, "ERROR: Failed to allocate TLS server context: " << Security::ErrorString(x));
     }
-    ctx = Security::ContextPointer(t, [](gnutls_certificate_credentials_t p) {
-        gnutls_certificate_free_credentials(p);
-    });
+    ctx = convertContextFromRawPtr(t);
 
 #else
     debugs(83, DBG_CRITICAL, "ERROR: Failed to allocate TLS server context: No TLS library");