This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push: new 9da865b sslheaders experimental plugin: fix doc typo, improve container use. 9da865b is described below commit 9da865baad311542ecd4142a7a111b6e7e46c595 Author: Walter Karas <wka...@oath.com> AuthorDate: Mon Dec 10 12:12:24 2018 -0600 sslheaders experimental plugin: fix doc typo, improve container use. --- doc/admin-guide/plugins/sslheaders.en.rst | 2 +- plugins/experimental/sslheaders/sslheaders.cc | 18 ++++++++---------- plugins/experimental/sslheaders/sslheaders.h | 8 +++++--- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/doc/admin-guide/plugins/sslheaders.en.rst b/doc/admin-guide/plugins/sslheaders.en.rst index 8fc0881..49a8777 100644 --- a/doc/admin-guide/plugins/sslheaders.en.rst +++ b/doc/admin-guide/plugins/sslheaders.en.rst @@ -66,7 +66,7 @@ The `client.certificate` and `server.certificate` fields emit the corresponding certificate in PEM format, with newline characters replaced by spaces. -If the ``sslheaders`` plugin activtes on non-SSL connections, it +If the ``sslheaders`` plugin activates on non-SSL connections, it will delete all the configured HTTP header names so that malicious clients cannot inject misleading information. If any of the SSL fields expand to an empty string, those headers are also deleted. diff --git a/plugins/experimental/sslheaders/sslheaders.cc b/plugins/experimental/sslheaders/sslheaders.cc index 085c7ac..6c6838d 100644 --- a/plugins/experimental/sslheaders/sslheaders.cc +++ b/plugins/experimental/sslheaders/sslheaders.cc @@ -124,14 +124,14 @@ SslHdrExpand(SSL *ssl, const SslHdrInstance::expansion_list &expansions, TSMBuff { if (ssl == nullptr) { for (const auto &expansion : expansions) { - SslHdrRemoveHeader(mbuf, mhdr, expansion->name); + SslHdrRemoveHeader(mbuf, mhdr, expansion.name); } } else { X509 *x509; BIO *exp = BIO_new(BIO_s_mem()); for (const auto &expansion : expansions) { - switch (expansion->scope) { + switch (expansion.scope) { case SSL_HEADERS_SCOPE_CLIENT: x509 = SSL_get_peer_certificate(ssl); break; @@ -146,15 +146,15 @@ SslHdrExpand(SSL *ssl, const SslHdrInstance::expansion_list &expansions, TSMBuff continue; } - SslHdrExpandX509Field(exp, x509, expansion->field); + SslHdrExpandX509Field(exp, x509, expansion.field); if (BIO_pending(exp)) { - SslHdrSetHeader(mbuf, mhdr, expansion->name, exp); + SslHdrSetHeader(mbuf, mhdr, expansion.name, exp); } else { - SslHdrRemoveHeader(mbuf, mhdr, expansion->name); + SslHdrRemoveHeader(mbuf, mhdr, expansion.name); } // Getting the peer certificate takes a reference count, but the server certificate doesn't. - if (x509 && expansion->scope == SSL_HEADERS_SCOPE_CLIENT) { + if (x509 && expansion.scope == SSL_HEADERS_SCOPE_CLIENT) { X509_free(x509); } } @@ -199,14 +199,12 @@ SslHdrParseOptions(int argc, const char **argv) } // Pick up the remaining options as SSL header expansions. + hdr->expansions.resize(argc - optind); for (int i = optind; i < argc; ++i) { - SslHdrExpansion exp; - if (!SslHdrParseExpansion(argv[i], exp)) { + if (!SslHdrParseExpansion(argv[i], hdr->expansions[i - optind])) { // If we fail, the expansion parsing logs the error. return nullptr; } - - hdr->expansions.push_back(&exp); } return hdr.release(); diff --git a/plugins/experimental/sslheaders/sslheaders.h b/plugins/experimental/sslheaders/sslheaders.h index b7b66dd..ff72100 100644 --- a/plugins/experimental/sslheaders/sslheaders.h +++ b/plugins/experimental/sslheaders/sslheaders.h @@ -19,7 +19,7 @@ #include <ts/ts.h> #include <ts/remap.h> #include <cstring> -#include <list> +#include <vector> #include <string> extern "C" { @@ -67,13 +67,15 @@ struct SslHdrExpansion { ExpansionScope scope; ExpansionField field; - // noncopyable + // noncopyable but moveable SslHdrExpansion(const SslHdrExpansion &) = delete; SslHdrExpansion &operator=(const SslHdrExpansion &) = delete; + SslHdrExpansion(SslHdrExpansion &&) = default; + SslHdrExpansion &operator=(SslHdrExpansion &&) = default; }; struct SslHdrInstance { - typedef std::list<SslHdrExpansion *> expansion_list; + typedef std::vector<SslHdrExpansion> expansion_list; SslHdrInstance(); ~SslHdrInstance();