if (!ret)
debugs(33, 5, "Failed to set certificates to ssl object for PeekAndSplice mode");
- Security::ContextPointer ctx;
- ctx.resetAndLock(SSL_get_SSL_CTX(ssl));
+ Security::ContextPointer ctx(Security::GetFrom(fd_table[clientConnection->fd].ssl));
Ssl::configureUnconfiguredSslContext(ctx, signAlgorithm, *port);
} else {
Security::ContextPointer ctx(Ssl::generateSslContextUsingPkeyAndCertFromMemory(reply_message.getBody().c_str(), *port));
if (!Ssl::configureSSL(ssl, certProperties, *port))
debugs(33, 5, "Failed to set certificates to ssl object for PeekAndSplice mode");
- Security::ContextPointer ctx;
- ctx.resetAndLock(SSL_get_SSL_CTX(ssl));
+ Security::ContextPointer ctx(Security::GetFrom(fd_table[clientConnection->fd].ssl));
Ssl::configureUnconfiguredSslContext(ctx, certProperties.signAlgorithm, *port);
} else {
Security::ContextPointer dynCtx(Ssl::generateSslContext(certProperties, *port));
#ifndef SQUID_SRC_SECURITY_CONTEXT_H
#define SQUID_SRC_SECURITY_CONTEXT_H
-#include "security/forward.h"
-#include "security/LockingPointer.h"
-
#if USE_OPENSSL
#if HAVE_OPENSSL_SSL_H
#include <openssl/ssl.h>
namespace Security {
#if USE_OPENSSL
-CtoCpp1(SSL_CTX_free, SSL_CTX *);
-#if defined(CRYPTO_LOCK_SSL_CTX) // OpenSSL 1.0
-inline int SSL_CTX_up_ref(SSL_CTX *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_SSL_CTX); return 0;}
-#endif
-typedef Security::LockingPointer<SSL_CTX, SSL_CTX_free_cpp, HardFun<int, SSL_CTX *, SSL_CTX_up_ref> > ContextPointer;
+typedef std::shared_ptr<SSL_CTX> ContextPointer;
#elif USE_GNUTLS
-CtoCpp1(gnutls_certificate_free_credentials, gnutls_certificate_credentials_t);
-typedef Security::LockingPointer<struct gnutls_certificate_credentials_st, gnutls_certificate_free_credentials_cpp> ContextPointer;
+typedef std::shared_ptr<struct gnutls_certificate_credentials_st> ContextPointer;
#else
// use void* so we can check against nullptr
-typedef Security::LockingPointer<void, nullptr> ContextPointer;
+typedef std::shared_ptr<void> ContextPointer;
#endif
const auto x = ERR_get_error();
fatalf("Failed to allocate TLS client context: %s\n", Security::ErrorString(x));
}
- ctx.resetWithoutLocking(t);
+ ctx = Security::ContextPointer(t, [](SSL_CTX *p) {
+ SSL_CTX_free(p);
+ });
#elif USE_GNUTLS
// Initialize for X.509 certificate exchange
if (const int x = gnutls_certificate_allocate_credentials(&t)) {
fatalf("Failed to allocate TLS client context: %s\n", Security::ErrorString(x));
}
- ctx.resetWithoutLocking(t);
+ ctx = Security::ContextPointer(t, [](gnutls_certificate_credentials_t p) {
+ gnutls_certificate_free_credentials(p);
+ });
#else
debugs(83, 1, "WARNING: Failed to allocate TLS client context: No TLS library");
const auto x = ERR_get_error();
debugs(83, DBG_CRITICAL, "ERROR: Failed to allocate TLS server context: " << Security::ErrorString(x));
}
- ctx.resetWithoutLocking(t);
+ ctx = Security::ContextPointer(t, [](SSL_CTX *p) {
+ SSL_CTX_free(p);
+ });
#elif USE_GNUTLS
// Initialize for X.509 certificate exchange
if (const int x = gnutls_certificate_allocate_credentials(&t)) {
debugs(83, DBG_CRITICAL, "ERROR: Failed to allocate TLS server context: " << Security::ErrorString(x));
}
- ctx.resetWithoutLocking(t);
+ ctx = Security::ContextPointer(t, [](gnutls_certificate_credentials_t p) {
+ gnutls_certificate_free_credentials(p);
+ });
#else
debugs(83, DBG_CRITICAL, "ERROR: Failed to allocate TLS server context: No TLS library");
void SetSessionResumeData(const Security::SessionPointer &, const Security::SessionStatePointer &);
#if USE_OPENSSL
+/// Helper function to retrieve a (non-locked) ContextPointer from a SessionPointer
+inline Security::ContextPointer
+GetFrom(Security::SessionPointer &s)
+{
+ auto *ctx = SSL_get_SSL_CTX(s.get());
+ return Security::ContextPointer(ctx, [](SSL_CTX *) {/* nothing to unlock/free */});
+}
+
/// \deprecated use the PeerOptions/ServerOptions API methods instead.
/// Wraps SessionPointer value creation to reduce risk of
/// a nasty hack in ssl/support.cc.
projects / thirdparty / squid.git / commitdiff
