This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 8.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/8.0.x by this push:
new 7df2d0a Converts loop and callees in SSLInitServerContext to
std::string
7df2d0a is described below
commit 7df2d0a05b394581b12dae1447801d7a4893a59e
Author: Randall Meyer <[email protected]>
AuthorDate: Fri Oct 19 16:00:51 2018 -0700
Converts loop and callees in SSLInitServerContext to std::string
(cherry picked from commit ea52b7cdd9486d1c29d19e6c7e548e52c1b1d34e)
---
iocore/net/SSLUtils.cc | 19 +++++++++----------
1 file changed, 9 insertions(+), 10 deletions(-)
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 3b09dc0..6c4643a 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1343,18 +1343,18 @@ SSLDefaultServerContext()
}
static bool
-SSLPrivateKeyHandler(SSL_CTX *ctx, const SSLConfigParams *params, const
ats_scoped_str &completeServerCertPath, const char *keyPath)
+SSLPrivateKeyHandler(SSL_CTX *ctx, const SSLConfigParams *params, const
std::string &completeServerCertPath, const char *keyPath)
{
ENGINE *e = ENGINE_get_default_RSA();
if (e != nullptr) {
- const char *argkey = (keyPath == nullptr || keyPath[0] == '\0') ?
completeServerCertPath : keyPath;
+ const char *argkey = (keyPath == nullptr || keyPath[0] == '\0') ?
completeServerCertPath.c_str() : keyPath;
if (!SSL_CTX_use_PrivateKey(ctx, ENGINE_load_private_key(e, argkey,
nullptr, nullptr))) {
SSLError("failed to load server private key from engine");
}
} else if (!keyPath) {
// assume private key is contained in cert obtained from multicert file.
- if (!SSL_CTX_use_PrivateKey_file(ctx, completeServerCertPath,
SSL_FILETYPE_PEM)) {
- SSLError("failed to load server private key from %s", (const char
*)completeServerCertPath);
+ if (!SSL_CTX_use_PrivateKey_file(ctx, completeServerCertPath.c_str(),
SSL_FILETYPE_PEM)) {
+ SSLError("failed to load server private key from %s",
completeServerCertPath.c_str());
return false;
}
} else if (params->serverKeyPathOnly != nullptr) {
@@ -1581,7 +1581,6 @@ SSL_CTX *
SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config
*sslMultCertSettings, std::vector<X509 *> &certList)
{
int server_verify_client;
- ats_scoped_str completeServerCertPath;
SSL_CTX *ctx = SSLDefaultServerContext();
EVP_MD_CTX *digest = EVP_MD_CTX_new();
STACK_OF(X509_NAME) *ca_list = nullptr;
@@ -1686,24 +1685,24 @@ SSLInitServerContext(const SSLConfigParams *params,
const ssl_user_config *sslMu
}
for (const char *certname = cert_tok.getNext(); certname; certname =
cert_tok.getNext()) {
- completeServerCertPath =
Layout::relative_to(params->serverCertPathOnly, certname);
- scoped_BIO bio(BIO_new_file(completeServerCertPath, "r"));
+ std::string completeServerCertPath =
Layout::relative_to(params->serverCertPathOnly, certname);
+ scoped_BIO bio(BIO_new_file(completeServerCertPath.c_str(), "r"));
X509 *cert = nullptr;
if (bio) {
cert = PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr);
}
if (!bio || !cert) {
- SSLError("failed to load certificate chain from %s", (const char
*)completeServerCertPath);
+ SSLError("failed to load certificate chain from %s",
completeServerCertPath.c_str());
goto fail;
}
if (!SSL_CTX_use_certificate(ctx, cert)) {
- SSLError("Failed to assign cert from %s to SSL_CTX", (const char
*)completeServerCertPath);
+ SSLError("Failed to assign cert from %s to SSL_CTX",
completeServerCertPath.c_str());
X509_free(cert);
goto fail;
}
certList.push_back(cert);
if (SSLConfigParams::load_ssl_file_cb) {
- SSLConfigParams::load_ssl_file_cb(completeServerCertPath,
CONFIG_FLAG_UNVERSIONED);
+ SSLConfigParams::load_ssl_file_cb(completeServerCertPath.c_str(),
CONFIG_FLAG_UNVERSIONED);
}
// Load up any additional chain certificates
SSL_CTX_add_extra_chain_cert_bio(ctx, bio);
