From e0150e0456926c045e94be07cfeff6be9e3dfc47 Mon Sep 17 00:00:00 2001 From: James Peach Date: Thu, 14 Jul 2016 10:53:28 +1000 Subject: [PATCH] TS-4655: Remove SessionAccept pointer from SSLNetVConnection. SSLNetVConnection never uses the SessionAccept pointer, so remove it and the associated setter and getter. Tidy up the SSLNetVConnection formatting a little. --- iocore/net/P_SSLNetVConnection.h | 91 ++++++++++++++--------------- iocore/net/P_UnixNetVConnection.h | 8 ++- iocore/net/SSLNetVConnection.cc | 11 +++- iocore/net/SSLNextProtocolAccept.cc | 1 - 4 files changed, 58 insertions(+), 53 deletions(-) diff --git a/iocore/net/P_SSLNetVConnection.h b/iocore/net/P_SSLNetVConnection.h index caadb866748..eaf6283d843 100644 --- a/iocore/net/P_SSLNetVConnection.h +++ b/iocore/net/P_SSLNetVConnection.h @@ -78,45 +78,54 @@ struct SSLCertLookup; class SSLNetVConnection : public UnixNetVConnection { typedef UnixNetVConnection super; ///< Parent type. + public: virtual int sslStartHandShake(int event, int &err); virtual void free(EThread *t); + virtual void enableRead() { read.enabled = 1; write.enabled = 1; - }; + } + virtual bool - getSSLHandShakeComplete() + getSSLHandShakeComplete() const { return sslHandShakeComplete; - }; - void + } + + virtual void setSSLHandShakeComplete(bool state) { sslHandShakeComplete = state; - }; + } + virtual bool - getSSLClientConnection() + getSSLClientConnection() const { return sslClientConnection; - }; + } + virtual void setSSLClientConnection(bool state) { sslClientConnection = state; - }; - virtual void + } + + void setSSLSessionCacheHit(bool state) { sslSessionCacheHit = state; - }; - virtual bool - getSSLSessionCacheHit() + } + + bool + getSSLSessionCacheHit() const { return sslSessionCacheHit; - }; + } + int sslServerHandShakeEvent(int &err); int sslClientHandShakeEvent(int &err); virtual void net_read_io(NetHandler *nh, EThread *lthread); @@ -131,11 +140,6 @@ class SSLNetVConnection : public UnixNetVConnection //////////////////////////////////////////////////////////// SSLNetVConnection(); virtual ~SSLNetVConnection() {} - SSL *ssl; - ink_hrtime sslHandshakeBeginTime; - ink_hrtime sslLastWriteTime; - int64_t sslTotalBytesSent; - static int advertise_next_protocol(SSL *ssl, const unsigned char **out, unsigned *outlen, void *); static int select_next_protocol(SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned inlen, void *); @@ -150,51 +154,38 @@ class SSLNetVConnection : public UnixNetVConnection getSSLClientRenegotiationAbort() const { return sslClientRenegotiationAbort; - }; + } void setSSLClientRenegotiationAbort(bool state) { sslClientRenegotiationAbort = state; - }; + } bool getTransparentPassThrough() const { return transparentPassThrough; - }; + } void setTransparentPassThrough(bool val) { transparentPassThrough = val; - }; - - void - set_session_accept_pointer(SessionAccept *acceptPtr) - { - sessionAcceptPtr = acceptPtr; - }; - - SessionAccept * - get_session_accept_pointer(void) const - { - return sessionAcceptPtr; - }; + } // Copy up here so we overload but don't override using super::reenable; /// Reenable the VC after a pre-accept or SNI hook is called. virtual void reenable(NetHandler *nh); + /// Set the SSL context. /// @note This must be called after the SSL endpoint has been created. virtual bool sslContextSet(void *ctx); - /// Set by asynchronous hooks to request a specific operation. - TSSslVConnOp hookOpRequested; - int64_t read_raw_data(); + void initialize_handshake_buffers() { @@ -203,6 +194,7 @@ class SSLNetVConnection : public UnixNetVConnection this->handShakeHolder = this->handShakeReader->clone(); this->handShakeBioStored = 0; } + void free_handshake_buffers() { @@ -220,40 +212,37 @@ class SSLNetVConnection : public UnixNetVConnection this->handShakeBuffer = NULL; this->handShakeBioStored = 0; } + // Returns true if all the hooks reenabled bool callHooks(TSHttpHookID eventId); // Returns true if we have already called at // least some of the hooks - bool calledHooks(TSHttpHookID /* eventId */) { return (this->sslHandshakeHookState != HANDSHAKE_HOOKS_PRE); } + bool calledHooks(TSHttpHookID /* eventId */) const { return (this->sslHandshakeHookState != HANDSHAKE_HOOKS_PRE); } bool getSSLTrace() const { return sslTrace || super::origin_trace; - }; + } void setSSLTrace(bool state) { sslTrace = state; - }; + } bool computeSSLTrace(); const char * getSSLProtocol(void) const { - if (ssl == NULL) - return NULL; - return SSL_get_version(ssl); - }; + return ssl ? SSL_get_version(ssl) : NULL; + } const char * getSSLCipherSuite(void) const { - if (ssl == NULL) - return NULL; - return SSL_get_cipher_name(ssl); + return ssl ? SSL_get_cipher_name(ssl) : NULL; } /** @@ -263,6 +252,14 @@ class SSLNetVConnection : public UnixNetVConnection */ virtual int populate(Connection &con, Continuation *c, void *arg); + SSL *ssl; + ink_hrtime sslHandshakeBeginTime; + ink_hrtime sslLastWriteTime; + int64_t sslTotalBytesSent; + + /// Set by asynchronous hooks to request a specific operation. + TSSslVConnOp hookOpRequested; + private: SSLNetVConnection(const SSLNetVConnection &); SSLNetVConnection &operator=(const SSLNetVConnection &); diff --git a/iocore/net/P_UnixNetVConnection.h b/iocore/net/P_UnixNetVConnection.h index e90354d5c00..23dc88feaa6 100644 --- a/iocore/net/P_UnixNetVConnection.h +++ b/iocore/net/P_UnixNetVConnection.h @@ -192,21 +192,25 @@ class UnixNetVConnection : public NetVConnection (void)err; return EVENT_ERROR; } + virtual bool - getSSLHandShakeComplete() + getSSLHandShakeComplete() const { return (true); } + virtual bool - getSSLClientConnection() + getSSLClientConnection() const { return (false); } + virtual void setSSLClientConnection(bool state) { (void)state; } + virtual void net_read_io(NetHandler *nh, EThread *lthread); virtual int64_t load_buffer_and_write(int64_t towrite, MIOBufferAccessor &buf, int64_t &total_written, int &needs); void readDisable(NetHandler *nh); diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc index e7464dba65f..5fa81b645d4 100644 --- a/iocore/net/SSLNetVConnection.cc +++ b/iocore/net/SSLNetVConnection.cc @@ -805,7 +805,6 @@ SSLNetVConnection::SSLNetVConnection() sslHandshakeHookState(HANDSHAKE_HOOKS_PRE), npnSet(NULL), npnEndpoint(NULL), - sessionAcceptPtr(NULL), sslTrace(false) { } @@ -855,6 +854,7 @@ SSLNetVConnection::free(EThread *t) this->ep.stop(); this->con.close(); flags = 0; + SET_CONTINUATION_HANDLER(this, (SSLNetVConnHandler)&SSLNetVConnection::startEvent); if (nh) { @@ -871,14 +871,18 @@ SSLNetVConnection::free(EThread *t) write.vio._cont = NULL; read.vio.vc_server = NULL; write.vio.vc_server = NULL; - options.reset(); + closed = 0; + options.reset(); con.close(); + ink_assert(con.fd == NO_FD); + if (ssl != NULL) { SSL_free(ssl); ssl = NULL; } + sslHandShakeComplete = false; sslClientConnection = false; sslHandshakeBeginTime = 0; @@ -886,15 +890,16 @@ SSLNetVConnection::free(EThread *t) sslTotalBytesSent = 0; sslClientRenegotiationAbort = false; sslSessionCacheHit = false; + if (SSL_HOOKS_ACTIVE == sslPreAcceptHookState) { Error("SSLNetVconnection freed with outstanding hook"); } + sslPreAcceptHookState = SSL_HOOKS_INIT; curHook = 0; hookOpRequested = TS_SSL_HOOK_OP_DEFAULT; npnSet = NULL; npnEndpoint = NULL; - sessionAcceptPtr = NULL; sslHandShakeComplete = false; free_handshake_buffers(); sslTrace = false; diff --git a/iocore/net/SSLNextProtocolAccept.cc b/iocore/net/SSLNextProtocolAccept.cc index bb984f68ccf..c119975e0ff 100644 --- a/iocore/net/SSLNextProtocolAccept.cc +++ b/iocore/net/SSLNextProtocolAccept.cc @@ -138,7 +138,6 @@ SSLNextProtocolAccept::mainEvent(int event, void *edata) // and we know which protocol was negotiated. netvc->registerNextProtocolSet(&this->protoset); netvc->do_io(VIO::READ, new SSLNextProtocolTrampoline(this, netvc->mutex), 0, this->buffer, 0); - netvc->set_session_accept_pointer(this); return EVENT_CONT; default: netvc->do_io(VIO::CLOSE);