-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
support raw ssl cert/key/dhparam objects for initialization #59
base: master
Are you sure you want to change the base?
Conversation
Thanks for the work, but on reviewing there are some changes that need to happen before I can pull them in. For example in many places the notation is incorrect ...
Some other examples of style niggles ...
|
Thank you for your comments and quick response! You are of course, completely correct re styling and notation. I'm not very familiar with C++ codebases, and was focused on getting the functionality working. I lost sight of these things during it, and I'm sorry for that. I've pushed two more commits, the first being purely style & naming, the second adding the NULL initialization and changing the get method signatures to return const pointers. If you'd like me to squash one or both of these commits before the merge, just let me know. As for a unit test / example, would you prefer something standalone, or incorporated into ChatServer? |
No problem, jumping into code and going for it is a great way to figure things out, kudos.
For example, with SSL_CTX_use_certificate(), when you call that with a X509 argument, I believe what happens is the library keeps a reference count that is incremented with that call. Subsequently when the ssl_ctx object is destroyed it should decrement the counter and it should clean up fine with your final free(), I just want to see that with valgrind.
X509 * m_pUseCert; //!< certificate object passed in by the user to use rather than the file I'm not the best at naming conventions, but Raw looks a little out of place to me. Once again, thanks for jumping in there! |
sed -i \ -e 's/m_pCertRaw/m_pUseCert/g' \ -e 's/SetCertRaw/SetUseCert/g' \ -e 's/GetCertRaw/GetUseCert/g' \ -e 's/m_pKeyRaw/m_pUseKey/g' \ -e 's/SetKeyRaw/SetUseKey/g' \ -e 's/GetKeyRaw/GetUseKey/g' \ -e 's/m_pDHParamRaw/m_pUseDHParam/g' \ -e 's/SetDHParamRaw/SetUseDHParam/g' \ -e 's/GetDHParamRaw/GetUseDHParam/g' \ Csocket.{cc,h}
9c1cbf5
to
86b7b2b
Compare
Hi again, I'm going to continue to work on this on my own, but I'm having trouble figuring out the FWIW, my email is [email protected]. Thanks! |
As I mentioned in pr #58, this changeset adds backwards compatible support for raw cert/key/dhparam objects to be passed to Csocket. This will allow clients to continue to utilize Csockets after reading privileged files into memory and dropping privileges.
One thing I'm unsure of is how this should be incorporated into
virtual bool SNIConfigureServer
&&static int __SNICallBack
.