diff options
| author | Jin Wang <jnwang@amazon.com> | 2021-10-21 14:44:33 +0100 |
|---|---|---|
| committer | Andy Green <andy@warmcat.com> | 2021-10-21 16:14:02 +0100 |
| commit | b43f90a8ed4da95c6cf5c4550e3dffca6018b85e (patch) | |
| tree | 20a8ff3e5059552216b9a974fc6f46a64d599636 | |
| parent | 63db023f585dc4f312ee9f9ef8da90b9910e69ca (diff) | |
| download | libwebsockets-b43f90a8ed4da95c6cf5c4550e3dffca6018b85e.tar.gz | |
ss: policy: adaptations for dynamic policy
| -rw-r--r-- | lib/core-net/private-lib-core-net.h | 2 | ||||
| -rw-r--r-- | lib/secure-streams/policy-common.c | 4 | ||||
| -rw-r--r-- | lib/secure-streams/private-lib-secure-streams.h | 2 | ||||
| -rw-r--r-- | lib/secure-streams/secure-streams.c | 13 |
4 files changed, 17 insertions, 4 deletions
diff --git a/lib/core-net/private-lib-core-net.h b/lib/core-net/private-lib-core-net.h index 3f507311..2d3f73ab 100644 --- a/lib/core-net/private-lib-core-net.h +++ b/lib/core-net/private-lib-core-net.h @@ -524,7 +524,7 @@ struct lws_vhost { uint32_t tls_session_cache_max; #endif -#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) +#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) || defined(LWS_WITH_SECURE_STREAMS_CPP) int8_t ss_refcount; /**< refcount of number of ss connections with streamtypes using this * trust store */ diff --git a/lib/secure-streams/policy-common.c b/lib/secure-streams/policy-common.c index 8399df15..b782c1e5 100644 --- a/lib/secure-streams/policy-common.c +++ b/lib/secure-streams/policy-common.c @@ -367,7 +367,7 @@ lws_ss_policy_ref_trust_store(struct lws_context *context, } accepted: -#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) +#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) || defined(LWS_WITH_SECURE_STREAMS_CPP) if (doref) v->ss_refcount++; #endif @@ -375,7 +375,7 @@ accepted: return v; } -#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) +#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) || defined(LWS_WITH_SECURE_STREAMS_CPP) int lws_ss_policy_unref_trust_store(struct lws_context *context, const lws_ss_policy_t *pol) diff --git a/lib/secure-streams/private-lib-secure-streams.h b/lib/secure-streams/private-lib-secure-streams.h index 70de42f0..6af59e47 100644 --- a/lib/secure-streams/private-lib-secure-streams.h +++ b/lib/secure-streams/private-lib-secure-streams.h @@ -541,7 +541,7 @@ lws_ss_cancel_notify_dll(struct lws_dll2 *d, void *user); int lws_sspc_cancel_notify_dll(struct lws_dll2 *d, void *user); -#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) +#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) || defined(LWS_WITH_SECURE_STREAMS_CPP) int lws_ss_policy_unref_trust_store(struct lws_context *context, const lws_ss_policy_t *pol); diff --git a/lib/secure-streams/secure-streams.c b/lib/secure-streams/secure-streams.c index 53cdce00..9d02d5a6 100644 --- a/lib/secure-streams/secure-streams.c +++ b/lib/secure-streams/secure-streams.c @@ -1283,6 +1283,14 @@ extant: lwsl_err("%s: unable to get vhost / trust store\n", __func__); goto fail_creation; } +#else +#if defined(LWS_WITH_SECURE_STREAMS_CPP) + if (!ssi->streamtype && + !lws_ss_policy_ref_trust_store(context, h->policy, 1 /* do the ref */)) { + lwsl_err("%s: unable to get vhost / trust store\n", __func__); + goto fail_creation; + } +#endif #endif r = lws_ss_event_helper(h, LWSSSCS_CREATING); @@ -1487,6 +1495,11 @@ lws_ss_destroy(lws_ss_handle_t **ppss) if (h->policy) lws_ss_policy_unref_trust_store(h->context, h->policy); +#else +#if defined(LWS_WITH_SECURE_STREAMS_CPP) + if (!h->info.streamtype || !*(h->info.streamtype)) + lws_ss_policy_unref_trust_store(h->context, h->policy); +#endif #endif #if defined(LWS_WITH_SERVER) |