nghttpx: Use ImmutableString for tls.client_verify.cacert

529a59d3 · Tatsuhiro Tsujikawa · 52f64178 · 529a59d3 · 529a59d3 · 529a59d3
Commit 529a59d3 authored Feb 14, 2016 by Tatsuhiro Tsujikawa
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 7 deletions

src/shrpx_config.cc src/shrpx_config.cc +1 -1

src/shrpx_config.h src/shrpx_config.h +1 -1

src/shrpx_ssl.cc src/shrpx_ssl.cc +5 -5

No files found.
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@@ -1907,7 +1907,7 @@ int parse_config(const char *opt, const char *optarg,

    return 0;
  case SHRPX_OPTID_VERIFY_CLIENT_CACERT:
-    mod_config()->tls.client_verify.cacert = strcopy(optarg);
+    mod_config()->tls.client_verify.cacert = optarg;

    return 0;
  case SHRPX_OPTID_CLIENT_PRIVATE_KEY_FILE:

--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@@ -402,7 +402,7 @@ struct TLSConfig {
  struct {
    // Path to file containing CA certificate solely used for client
    // certificate validation
-    std::unique_ptr<char[]> cacert;
+    ImmutableString cacert;
    bool enabled;
  } client_verify;


--- a/src/shrpx_ssl.cc
+++ b/src/shrpx_ssl.cc
@@ -579,12 +579,12 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
    DIE();
  }
  if (tlsconf.client_verify.enabled) {
-    if (tlsconf.client_verify.cacert) {
+    if (!tlsconf.client_verify.cacert.empty()) {
      if (SSL_CTX_load_verify_locations(
-              ssl_ctx, tlsconf.client_verify.cacert.get(), nullptr) != 1) {
+              ssl_ctx, tlsconf.client_verify.cacert.c_str(), nullptr) != 1) {

        LOG(FATAL) << "Could not load trusted ca certificates from "
-                   << tlsconf.client_verify.cacert.get() << ": "
+                   << tlsconf.client_verify.cacert << ": "
                   << ERR_error_string(ERR_get_error(), nullptr);
        DIE();
      }
@@ -592,10 +592,10 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
      // error even though it returns success. See
      // http://forum.nginx.org/read.php?29,242540
      ERR_clear_error();
-      auto list = SSL_load_client_CA_file(tlsconf.client_verify.cacert.get());
+      auto list = SSL_load_client_CA_file(tlsconf.client_verify.cacert.c_str());
      if (!list) {
        LOG(FATAL) << "Could not load ca certificates from "
-                   << tlsconf.client_verify.cacert.get() << ": "
+                   << tlsconf.client_verify.cacert << ": "
                   << ERR_error_string(ERR_get_error(), nullptr);
        DIE();
      }