LOG(INFO) << "Memcached: cache session, id=" << util::format_hex(id, idlen);
}
- auto req = make_unique<MemcachedRequest>();
- req->op = MEMCACHED_OP_ADD;
+ auto req = std::make_unique<MemcachedRequest>();
+ req->op = MemcachedOp::ADD;
req->key = MEMCACHED_SESSION_CACHE_KEY_PREFIX.str();
req->key +=
util::format_hex(balloc, StringRef{id, static_cast<size_t>(idlen)});
req->cb = [](MemcachedRequest *req, MemcachedResult res) {
if (LOG_ENABLED(INFO)) {
LOG(INFO) << "Memcached: session cache done. key=" << req->key
- << ", status_code=" << res.status_code << ", value="
+ << ", status_code=" << static_cast<uint16_t>(res.status_code)
+ << ", value="
<< std::string(std::begin(res.value), std::end(res.value));
}
- if (res.status_code != 0) {
+ if (res.status_code != MemcachedStatusCode::NO_ERROR) {
LOG(WARN) << "Memcached: failed to cache session key=" << req->key
- << ", status_code=" << res.status_code << ", value="
+ << ", status_code=" << static_cast<uint16_t>(res.status_code)
+ << ", value="
<< std::string(std::begin(res.value), std::end(res.value));
}
};
namespace {
SSL_SESSION *tls_session_get_cb(SSL *ssl,
-#if OPENSSL_1_1_API
+#if OPENSSL_1_1_API || LIBRESSL_2_7_API
const unsigned char *id,
-#else // !OPENSSL_1_1_API
+#else // !(OPENSSL_1_1_API || LIBRESSL_2_7_API)
unsigned char *id,
-#endif // !OPENSSL_1_1_API
+#endif // !(OPENSSL_1_1_API || LIBRESSL_2_7_API)
int idlen, int *copy) {
auto conn = static_cast<Connection *>(SSL_get_app_data(ssl));
auto handler = static_cast<ClientHandler *>(conn->data);
<< util::format_hex(id, idlen);
}
- auto req = make_unique<MemcachedRequest>();
- req->op = MEMCACHED_OP_GET;
+ auto req = std::make_unique<MemcachedRequest>();
+ req->op = MemcachedOp::GET;
req->key = MEMCACHED_SESSION_CACHE_KEY_PREFIX.str();
req->key +=
util::format_hex(balloc, StringRef{id, static_cast<size_t>(idlen)});
req->cb = [conn](MemcachedRequest *, MemcachedResult res) {
if (LOG_ENABLED(INFO)) {
- LOG(INFO) << "Memcached: returned status code " << res.status_code;
+ LOG(INFO) << "Memcached: returned status code "
+ << static_cast<uint16_t>(res.status_code);
}
// We might stop reading, so start it again
ev_timer_again(conn->loop, &conn->wt);
conn->tls.cached_session_lookup_req = nullptr;
- if (res.status_code != 0) {
- conn->tls.handshake_state = TLS_CONN_CANCEL_SESSION_CACHE;
+ if (res.status_code != MemcachedStatusCode::NO_ERROR) {
+ conn->tls.handshake_state = TLSHandshakeState::CANCEL_SESSION_CACHE;
return;
}
if (LOG_ENABLED(INFO)) {
LOG(INFO) << "cannot materialize session";
}
- conn->tls.handshake_state = TLS_CONN_CANCEL_SESSION_CACHE;
+ conn->tls.handshake_state = TLSHandshakeState::CANCEL_SESSION_CACHE;
return;
}
conn->tls.cached_session = session;
- conn->tls.handshake_state = TLS_CONN_GOT_SESSION_CACHE;
+ conn->tls.handshake_state = TLSHandshakeState::GOT_SESSION_CACHE;
};
- conn->tls.handshake_state = TLS_CONN_WAIT_FOR_SESSION_CACHE;
+ conn->tls.handshake_state = TLSHandshakeState::WAIT_FOR_SESSION_CACHE;
conn->tls.cached_session_lookup_req = req.get();
dispatcher->add_request(std::move(req));
SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, nullptr);
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
-#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
+#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L && \
+ !defined(OPENSSL_IS_BORINGSSL)
// SSL_extension_supported(TLSEXT_TYPE_signed_certificate_timestamp)
// returns 1, which means OpenSSL internally handles it. But
// OpenSSL handles signed_certificate_timestamp extension specially,
}
# endif // !OPENSSL_1_1_1_API
}
-#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
+#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L &&
+ // !defined(OPENSSL_IS_BORINGSSL)
#if OPENSSL_1_1_1_API
if (SSL_CTX_set_max_early_data(ssl_ctx, tlsconf.max_early_data) != 1) {
void *arg) {
auto conn = static_cast<Connection *>(SSL_get_app_data(ssl));
switch (conn->proto) {
- case PROTO_HTTP1:
+ case Proto::HTTP1:
return select_h1_next_proto_cb(ssl, out, outlen, in, inlen, arg);
- case PROTO_HTTP2:
+ case Proto::HTTP2:
return select_h2_next_proto_cb(ssl, out, outlen, in, inlen, arg);
default:
return SSL_TLSEXT_ERR_NOACK;
if (!upstream_tls_enabled(config->conn)) {
return nullptr;
}
- return make_unique<CertLookupTree>();
+ return std::make_unique<CertLookupTree>();
}
namespace {
#endif /* !WORDS_BIGENDIAN */
StringRef get_x509_serial(BlockAllocator &balloc, X509 *x) {
-#if OPENSSL_1_1_API
- auto sn = X509_get0_serialNumber(x);
- uint64_t r;
- if (ASN1_INTEGER_get_uint64(&r, sn) != 1) {
- return StringRef{};
- }
-
- r = bswap64(r);
- return util::format_hex(
- balloc, StringRef{reinterpret_cast<uint8_t *>(&r), sizeof(r)});
-#else // !OPENSSL_1_1_API
auto sn = X509_get_serialNumber(x);
auto bn = BN_new();
auto bn_d = defer(BN_free, bn);
- if (!ASN1_INTEGER_to_BN(sn, bn)) {
+ if (!ASN1_INTEGER_to_BN(sn, bn) || BN_num_bytes(bn) > 20) {
return StringRef{};
}
- std::array<uint8_t, 8> b;
+ std::array<uint8_t, 20> b;
auto n = BN_bn2bin(bn, b.data());
- assert(n == b.size());
+ assert(n <= 20);
- return util::format_hex(balloc, StringRef{std::begin(b), std::end(b)});
-#endif // !OPENSSL_1_1_API
+ return util::format_hex(balloc, StringRef{b.data(), static_cast<size_t>(n)});
}
namespace {
}
t = nghttp2_timegm(&tm);
-#else // !OPENSSL_1_1_1_API
+#else // !OPENSSL_1_1_1_API
auto b = BIO_new(BIO_s_mem());
if (!b) {
return -1;
return -1;
}
+# if defined(OPENSSL_IS_BORINGSSL)
+ char *s;
+# else
unsigned char *s;
+# endif
auto slen = BIO_get_mem_data(b, &s);
auto tt = util::parse_openssl_asn1_time_print(
StringRef{s, static_cast<size_t>(slen)});