nghttpx: Use std::string for Downstream::backend_tls_sni_name

2c7ed01f · Tatsuhiro Tsujikawa · 34d5382d · 2c7ed01f · 2c7ed01f · 2c7ed01f
Commit 2c7ed01f authored Jan 17, 2016 by Tatsuhiro Tsujikawa
Showing with 9 additions and 8 deletions

src/shrpx_config.cc src/shrpx_config.cc +1 -1

src/shrpx_config.h src/shrpx_config.h +1 -1

src/shrpx_http2_session.cc src/shrpx_http2_session.cc +2 -2

src/shrpx_ssl.cc src/shrpx_ssl.cc +5 -4

No files found.
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@@ -1599,7 +1599,7 @@ int parse_config(const char *opt, const char *optarg,

    return 0;
  case SHRPX_OPTID_BACKEND_TLS_SNI_FIELD:
-    mod_config()->backend_tls_sni_name = strcopy(optarg);
+    mod_config()->backend_tls_sni_name = optarg;

    return 0;
  case SHRPX_OPTID_PID_FILE:

--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@@ -310,6 +310,7 @@ struct Config {
  // field.  This is only used when user defined static obfuscated
  // string is provided.
  std::string forwarded_for_obfuscated;
+  std::string backend_tls_sni_name;
  std::chrono::seconds tls_session_timeout;
  ev_tstamp http2_upstream_read_timeout;
  ev_tstamp upstream_read_timeout;
@@ -329,7 +330,6 @@ struct Config {
  std::unique_ptr<char[]> private_key_passwd;
  std::unique_ptr<char[]> cert_file;
  std::unique_ptr<char[]> dh_param_file;
-  std::unique_ptr<char[]> backend_tls_sni_name;
  std::unique_ptr<char[]> pid_file;
  std::unique_ptr<char[]> conf_path;
  std::unique_ptr<char[]> ciphers;

--- a/src/shrpx_http2_session.cc
+++ b/src/shrpx_http2_session.cc
@@ -335,8 +335,8 @@ int Http2Session::initiate_connection() {
      }

      const char *sni_name = nullptr;
-      if (get_config()->backend_tls_sni_name) {
-        sni_name = get_config()->backend_tls_sni_name.get();
+      if (!get_config()->backend_tls_sni_name.empty()) {
+        sni_name = get_config()->backend_tls_sni_name.c_str();
      } else {
        sni_name = downstream_addr.host.c_str();
      }

--- a/src/shrpx_ssl.cc
+++ b/src/shrpx_ssl.cc
@@ -971,10 +971,11 @@ int check_cert(SSL *ssl, const DownstreamAddr *addr) {
               << X509_verify_cert_error_string(verify_res);
    return -1;
  }
-  auto hostname = get_config()->backend_tls_sni_name
-                      ? get_config()->backend_tls_sni_name.get()
-                      : addr->host.c_str();
-  if (verify_hostname(cert, hostname, strlen(hostname), &addr->addr) != 0) {
+  auto hostname = !get_config()->backend_tls_sni_name.empty()
+                      ? StringAdaptor(get_config()->backend_tls_sni_name)
+                      : StringAdaptor(addr->host);
+  if (verify_hostname(cert, hostname.c_str(), hostname.size(), &addr->addr) !=
+      0) {
    LOG(ERROR) << "Certificate verification failed: hostname does not match";
    return -1;
  }