This is an automated email from the ASF dual-hosted git repository.
bcall pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 9da865b sslheaders experimental plugin: fix doc typo, improve
container use.
9da865b is described below
commit 9da865baad311542ecd4142a7a111b6e7e46c595
Author: Walter Karas <wka...@oath.com>
AuthorDate: Mon Dec 10 12:12:24 2018 -0600
sslheaders experimental plugin: fix doc typo, improve container use.
---
doc/admin-guide/plugins/sslheaders.en.rst | 2 +-
plugins/experimental/sslheaders/sslheaders.cc | 18 ++++++++----------
plugins/experimental/sslheaders/sslheaders.h | 8 +++++---
3 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/doc/admin-guide/plugins/sslheaders.en.rst
b/doc/admin-guide/plugins/sslheaders.en.rst
index 8fc0881..49a8777 100644
--- a/doc/admin-guide/plugins/sslheaders.en.rst
+++ b/doc/admin-guide/plugins/sslheaders.en.rst
@@ -66,7 +66,7 @@ The `client.certificate` and `server.certificate` fields emit
the corresponding certificate in PEM format, with newline characters
replaced by spaces.
-If the ``sslheaders`` plugin activtes on non-SSL connections, it
+If the ``sslheaders`` plugin activates on non-SSL connections, it
will delete all the configured HTTP header names so that malicious
clients cannot inject misleading information. If any of the SSL
fields expand to an empty string, those headers are also deleted.
diff --git a/plugins/experimental/sslheaders/sslheaders.cc
b/plugins/experimental/sslheaders/sslheaders.cc
index 085c7ac..6c6838d 100644
--- a/plugins/experimental/sslheaders/sslheaders.cc
+++ b/plugins/experimental/sslheaders/sslheaders.cc
@@ -124,14 +124,14 @@ SslHdrExpand(SSL *ssl, const
SslHdrInstance::expansion_list &expansions, TSMBuff
{
if (ssl == nullptr) {
for (const auto &expansion : expansions) {
- SslHdrRemoveHeader(mbuf, mhdr, expansion->name);
+ SslHdrRemoveHeader(mbuf, mhdr, expansion.name);
}
} else {
X509 *x509;
BIO *exp = BIO_new(BIO_s_mem());
for (const auto &expansion : expansions) {
- switch (expansion->scope) {
+ switch (expansion.scope) {
case SSL_HEADERS_SCOPE_CLIENT:
x509 = SSL_get_peer_certificate(ssl);
break;
@@ -146,15 +146,15 @@ SslHdrExpand(SSL *ssl, const
SslHdrInstance::expansion_list &expansions, TSMBuff
continue;
}
- SslHdrExpandX509Field(exp, x509, expansion->field);
+ SslHdrExpandX509Field(exp, x509, expansion.field);
if (BIO_pending(exp)) {
- SslHdrSetHeader(mbuf, mhdr, expansion->name, exp);
+ SslHdrSetHeader(mbuf, mhdr, expansion.name, exp);
} else {
- SslHdrRemoveHeader(mbuf, mhdr, expansion->name);
+ SslHdrRemoveHeader(mbuf, mhdr, expansion.name);
}
// Getting the peer certificate takes a reference count, but the server
certificate doesn't.
- if (x509 && expansion->scope == SSL_HEADERS_SCOPE_CLIENT) {
+ if (x509 && expansion.scope == SSL_HEADERS_SCOPE_CLIENT) {
X509_free(x509);
}
}
@@ -199,14 +199,12 @@ SslHdrParseOptions(int argc, const char **argv)
}
// Pick up the remaining options as SSL header expansions.
+ hdr->expansions.resize(argc - optind);
for (int i = optind; i < argc; ++i) {
- SslHdrExpansion exp;
- if (!SslHdrParseExpansion(argv[i], exp)) {
+ if (!SslHdrParseExpansion(argv[i], hdr->expansions[i - optind])) {
// If we fail, the expansion parsing logs the error.
return nullptr;
}
-
- hdr->expansions.push_back(&exp);
}
return hdr.release();
diff --git a/plugins/experimental/sslheaders/sslheaders.h
b/plugins/experimental/sslheaders/sslheaders.h
index b7b66dd..ff72100 100644
--- a/plugins/experimental/sslheaders/sslheaders.h
+++ b/plugins/experimental/sslheaders/sslheaders.h
@@ -19,7 +19,7 @@
#include <ts/ts.h>
#include <ts/remap.h>
#include <cstring>
-#include <list>
+#include <vector>
#include <string>
extern "C" {
@@ -67,13 +67,15 @@ struct SslHdrExpansion {
ExpansionScope scope;
ExpansionField field;
- // noncopyable
+ // noncopyable but moveable
SslHdrExpansion(const SslHdrExpansion &) = delete;
SslHdrExpansion &operator=(const SslHdrExpansion &) = delete;
+ SslHdrExpansion(SslHdrExpansion &&) = default;
+ SslHdrExpansion &operator=(SslHdrExpansion &&) = default;
};
struct SslHdrInstance {
- typedef std::list<SslHdrExpansion *> expansion_list;
+ typedef std::vector<SslHdrExpansion> expansion_list;
SslHdrInstance();
~SslHdrInstance();
