Repository: trafficserver Updated Branches: refs/heads/master fc8eeb6e4 -> 0eb34ce6a
TS-2490 TS-3554 TS-3558 TS-3549 clang-format ... Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/0eb34ce6 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/0eb34ce6 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/0eb34ce6 Branch: refs/heads/master Commit: 0eb34ce6a52fa02d19ec2fda42bb86a898f5351a Parents: fc8eeb6 Author: Leif Hedstrom <zw...@apache.org> Authored: Fri May 1 22:14:14 2015 -0600 Committer: Leif Hedstrom <zw...@apache.org> Committed: Fri May 1 22:14:14 2015 -0600 ---------------------------------------------------------------------- cmd/traffic_cop/traffic_cop.cc | 2 +- iocore/net/SSLCertLookup.cc | 2 +- iocore/net/SSLUtils.cc | 116 +++++++++---------- lib/atscppapi/src/Transaction.cc | 3 +- .../src/include/atscppapi/Transaction.h | 8 +- .../background_fetch/background_fetch.cc | 5 +- proxy/InkAPITest.cc | 3 +- proxy/hdrs/HdrToken.cc | 4 +- proxy/http/HttpSM.cc | 23 ++-- proxy/http/HttpTransact.cc | 5 +- 10 files changed, 82 insertions(+), 89 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0eb34ce6/cmd/traffic_cop/traffic_cop.cc ---------------------------------------------------------------------- diff --git a/cmd/traffic_cop/traffic_cop.cc b/cmd/traffic_cop/traffic_cop.cc index 4b68870..1a9ebad 100644 --- a/cmd/traffic_cop/traffic_cop.cc +++ b/cmd/traffic_cop/traffic_cop.cc @@ -107,7 +107,7 @@ static int server_failures = 0; static int server_not_found = 0; static const int sleep_time = 10; // 10 sec -static int init_sleep_time = sleep_time; // 10 sec +static int init_sleep_time = sleep_time; // 10 sec static const int manager_timeout = 3 * 60; // 3 min static const int server_timeout = 3 * 60; // 3 min http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0eb34ce6/iocore/net/SSLCertLookup.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLCertLookup.cc b/iocore/net/SSLCertLookup.cc index 071b2db..d6b76bc 100644 --- a/iocore/net/SSLCertLookup.cc +++ b/iocore/net/SSLCertLookup.cc @@ -159,7 +159,7 @@ ticket_block_alloc(unsigned count) return ptr; } -void +void SSLCertContext::release() { if (keyblock) { http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0eb34ce6/iocore/net/SSLUtils.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index 881ca2f..1d61a8a 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -1168,69 +1168,68 @@ SSLPrivateKeyHandler(SSL_CTX *ctx, const SSLConfigParams *params, const ats_scop static int SSLCheckServerCertNow(const char *certFilename) { -BIO *bioFP = NULL; -X509 *myCert; -int timeCmpValue; -time_t currentTime; - -// SSLCheckServerCertNow() - returns 0 on OK or negative value on failure -// and update log as appropriate. -// Will check: -// - if file exists, and has read permissions -// - for truncation or other PEM read fail -// - current time is between notBefore and notAfter dates of certificate -// if anything is not kosher, a negative value is returned and appropriate error logged. - - if ((!certFilename) || (!(*certFilename))) { - return -2; - } + BIO *bioFP = NULL; + X509 *myCert; + int timeCmpValue; + time_t currentTime; - if ((bioFP = BIO_new(BIO_s_file())) == NULL) { - Error("BIO_new() failed for server certificate check. Out of memory?"); - return -1; - } + // SSLCheckServerCertNow() - returns 0 on OK or negative value on failure + // and update log as appropriate. + // Will check: + // - if file exists, and has read permissions + // - for truncation or other PEM read fail + // - current time is between notBefore and notAfter dates of certificate + // if anything is not kosher, a negative value is returned and appropriate error logged. - if (BIO_read_filename(bioFP, certFilename) <= 0) { - // file not found, or not accessible due to permissions - Error("Can't open server certificate file: \"%s\"\n",certFilename); - BIO_free(bioFP); - return -2; - } + if ((!certFilename) || (!(*certFilename))) { + return -2; + } - myCert = PEM_read_bio_X509(bioFP, NULL, 0, NULL); + if ((bioFP = BIO_new(BIO_s_file())) == NULL) { + Error("BIO_new() failed for server certificate check. Out of memory?"); + return -1; + } + + if (BIO_read_filename(bioFP, certFilename) <= 0) { + // file not found, or not accessible due to permissions + Error("Can't open server certificate file: \"%s\"\n", certFilename); BIO_free(bioFP); - if (! myCert) { - // a truncated certificate would fall into here - Error("Error during server certificate PEM read. Is this a PEM format certificate?: \"%s\"\n",certFilename); - return -3; - } + return -2; + } - time(¤tTime); - if (!(timeCmpValue = X509_cmp_time(X509_get_notBefore(myCert), ¤tTime))) { - // an error occured parsing the time, which we'll call a bogosity - Error("Error occured while parsing server certificate notBefore time."); - return -3; - } else if ( 0 < timeCmpValue) { - // cert contains a date before the notBefore - Error("Server certificate notBefore date is in the future - INVALID CERTIFICATE: %s",certFilename); - return -4; - } + myCert = PEM_read_bio_X509(bioFP, NULL, 0, NULL); + BIO_free(bioFP); + if (!myCert) { + // a truncated certificate would fall into here + Error("Error during server certificate PEM read. Is this a PEM format certificate?: \"%s\"\n", certFilename); + return -3; + } - if (!(timeCmpValue = X509_cmp_time(X509_get_notAfter(myCert), ¤tTime))) { - // an error occured parsing the time, which we'll call a bogosity - Error("Error occured while parsing server certificate notAfter time."); - return -3; - } else if ( 0 > timeCmpValue) { - // cert is expired - Error("Server certificate EXPIRED - INVALID CERTIFICATE: %s",certFilename); - return -5; - } + time(¤tTime); + if (!(timeCmpValue = X509_cmp_time(X509_get_notBefore(myCert), ¤tTime))) { + // an error occured parsing the time, which we'll call a bogosity + Error("Error occured while parsing server certificate notBefore time."); + return -3; + } else if (0 < timeCmpValue) { + // cert contains a date before the notBefore + Error("Server certificate notBefore date is in the future - INVALID CERTIFICATE: %s", certFilename); + return -4; + } - Debug("ssl","Server certificate passed accessibility and date checks: \"%s\"",certFilename); - return 0; // all good + if (!(timeCmpValue = X509_cmp_time(X509_get_notAfter(myCert), ¤tTime))) { + // an error occured parsing the time, which we'll call a bogosity + Error("Error occured while parsing server certificate notAfter time."); + return -3; + } else if (0 > timeCmpValue) { + // cert is expired + Error("Server certificate EXPIRED - INVALID CERTIFICATE: %s", certFilename); + return -5; + } -} /* CheckServerCertNow() */ + Debug("ssl", "Server certificate passed accessibility and date checks: \"%s\"", certFilename); + return 0; // all good +} /* CheckServerCertNow() */ SSL_CTX * @@ -1709,12 +1708,11 @@ ssl_store_ssl_context(const SSLConfigParams *params, SSLCertLookup *lookup, cons certpath = NULL; } - if (0 > SSLCheckServerCertNow((const char *) certpath)) { - /* At this point, we know cert is bad, and we've already printed a + if (0 > SSLCheckServerCertNow((const char *)certpath)) { + /* At this point, we know cert is bad, and we've already printed a descriptive reason as to why cert is bad to the log file */ - Debug("ssl", "Marking certificate as NOT VALID: %s", - (certpath) ? (const char *)certpath : "(null)" ); - lookup->is_valid = false; + Debug("ssl", "Marking certificate as NOT VALID: %s", (certpath) ? (const char *)certpath : "(null)"); + lookup->is_valid = false; } // Load the session ticket key if session tickets are not disabled and we have key name. http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0eb34ce6/lib/atscppapi/src/Transaction.cc ---------------------------------------------------------------------- diff --git a/lib/atscppapi/src/Transaction.cc b/lib/atscppapi/src/Transaction.cc index 9254d8c..b2a70f2 100644 --- a/lib/atscppapi/src/Transaction.cc +++ b/lib/atscppapi/src/Transaction.cc @@ -305,7 +305,8 @@ Transaction::setTimeout(Transaction::TimeoutType type, int time_ms) Transaction::CacheStatus -Transaction::getCacheStatus() { +Transaction::getCacheStatus() +{ int obj_status = TS_ERROR; if (TSHttpTxnCacheLookupStatusGet(state_->txn_, &obj_status) == TS_ERROR) { http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0eb34ce6/lib/atscppapi/src/include/atscppapi/Transaction.h ---------------------------------------------------------------------- diff --git a/lib/atscppapi/src/include/atscppapi/Transaction.h b/lib/atscppapi/src/include/atscppapi/Transaction.h index 39454b0..771aa41 100644 --- a/lib/atscppapi/src/include/atscppapi/Transaction.h +++ b/lib/atscppapi/src/include/atscppapi/Transaction.h @@ -258,10 +258,10 @@ public: * Represents different states of an object served out of the cache */ enum CacheStatus { - CACHE_LOOKUP_MISS = 0, /**< The object was not found in the cache */ - CACHE_LOOKUP_HIT_STALE, /**< The object was found in cache but stale */ - CACHE_LOOKUP_HIT_FRESH, /**< The object was found in cache and was fresh */ - CACHE_LOOKUP_SKIPED, /**< Cache lookup was not performed */ + CACHE_LOOKUP_MISS = 0, /**< The object was not found in the cache */ + CACHE_LOOKUP_HIT_STALE, /**< The object was found in cache but stale */ + CACHE_LOOKUP_HIT_FRESH, /**< The object was found in cache and was fresh */ + CACHE_LOOKUP_SKIPED, /**< Cache lookup was not performed */ CACHE_LOOKUP_NONE }; http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0eb34ce6/plugins/experimental/background_fetch/background_fetch.cc ---------------------------------------------------------------------- diff --git a/plugins/experimental/background_fetch/background_fetch.cc b/plugins/experimental/background_fetch/background_fetch.cc index 4c29cc1..02fc760 100644 --- a/plugins/experimental/background_fetch/background_fetch.cc +++ b/plugins/experimental/background_fetch/background_fetch.cc @@ -268,10 +268,7 @@ class BGFetchConfig public: BGFetchConfig() : log(NULL) { _lock = TSMutexCreate(); } - ~BGFetchConfig() - { - TSMutexDestroy(_lock); - } + ~BGFetchConfig() { TSMutexDestroy(_lock); } void create_log(const char *log_name) http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0eb34ce6/proxy/InkAPITest.cc ---------------------------------------------------------------------- diff --git a/proxy/InkAPITest.cc b/proxy/InkAPITest.cc index 6cac306..200759e 100644 --- a/proxy/InkAPITest.cc +++ b/proxy/InkAPITest.cc @@ -7206,8 +7206,7 @@ const char *SDK_Overridable_Configs[TS_CONFIG_LAST_ENTRY] = { "proxy.config.ssl.hsts_max_age", "proxy.config.ssl.hsts_include_subdomains", "proxy.config.http.cache.open_read_retry_time", "proxy.config.http.cache.max_open_read_retries", "proxy.config.http.cache.range.write", "proxy.config.http.post.check.content_length.enabled", "proxy.config.http.global_user_agent_header", - "proxy.config.http.auth_server_session_private" -}; + "proxy.config.http.auth_server_session_private"}; REGRESSION_TEST(SDK_API_OVERRIDABLE_CONFIGS)(RegressionTest *test, int /* atype ATS_UNUSED */, int *pstatus) { http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0eb34ce6/proxy/hdrs/HdrToken.cc ---------------------------------------------------------------------- diff --git a/proxy/hdrs/HdrToken.cc b/proxy/hdrs/HdrToken.cc index 0286247..6f097aa 100644 --- a/proxy/hdrs/HdrToken.cc +++ b/proxy/hdrs/HdrToken.cc @@ -77,7 +77,7 @@ static const char *_hdrtoken_strs[] = { "Subject", // NNTP "Summary", // NNTP "Transfer-Encoding", "Upgrade", "User-Agent", "Vary", "Via", "Warning", "Www-Authenticate", - "Xref", // NNTP + "Xref", // NNTP "@Ats-Internal", // Internal Hack // Accept-Encoding @@ -319,7 +319,7 @@ static const char *_hdrtoken_commonly_tokenized_strs[] = { "Subject", // NNTP "Summary", // NNTP "Transfer-Encoding", "Upgrade", "User-Agent", "Vary", "Via", "Warning", "Www-Authenticate", - "Xref", // NNTP + "Xref", // NNTP "@Ats-Internal", // Internal Hack // Accept-Encoding http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0eb34ce6/proxy/http/HttpSM.cc ---------------------------------------------------------------------- diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index 5e4ffb5..68bf5ed 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -292,9 +292,9 @@ HttpSM::HttpSM() enable_redirection(false), redirect_url(NULL), redirect_url_len(0), redirection_tries(0), transfered_bytes(0), post_failed(false), debug_on(false), plugin_tunnel_type(HTTP_NO_PLUGIN_TUNNEL), plugin_tunnel(NULL), reentrancy_count(0), history_pos(0), tunnel(), ua_entry(NULL), ua_session(NULL), background_fill(BACKGROUND_FILL_NONE), ua_raw_buffer_reader(NULL), - server_entry(NULL), server_session(NULL), will_be_private_ss(false), shared_session_retries(0), server_buffer_reader(NULL), transform_info(), - post_transform_info(), has_active_plugin_agents(false), second_cache_sm(NULL), default_handler(NULL), pending_action(NULL), - historical_action(NULL), last_action(HttpTransact::SM_ACTION_UNDEFINED), + server_entry(NULL), server_session(NULL), will_be_private_ss(false), shared_session_retries(0), server_buffer_reader(NULL), + transform_info(), post_transform_info(), has_active_plugin_agents(false), second_cache_sm(NULL), default_handler(NULL), + pending_action(NULL), historical_action(NULL), last_action(HttpTransact::SM_ACTION_UNDEFINED), // TODO: Now that bodies can be empty, should the body counters be set to -1 ? TS-2213 client_request_hdr_bytes(0), client_request_body_bytes(0), server_request_hdr_bytes(0), server_request_body_bytes(0), server_response_hdr_bytes(0), server_response_body_bytes(0), client_response_hdr_bytes(0), client_response_body_bytes(0), @@ -2364,8 +2364,7 @@ HttpSM::state_cache_open_write(int event, void *data) case CACHE_EVENT_OPEN_WRITE_FAILED: // Failed on the write lock and retrying the vector // for reading - if (t_state.http_config_param->cache_open_write_fail_action == - HttpTransact::CACHE_OPEN_WRITE_FAIL_DEFAULT) { + if (t_state.http_config_param->cache_open_write_fail_action == HttpTransact::CACHE_OPEN_WRITE_FAIL_DEFAULT) { t_state.cache_info.write_lock_state = HttpTransact::CACHE_WL_FAIL; break; } else { @@ -2376,8 +2375,8 @@ HttpSM::state_cache_open_write(int event, void *data) break; } } - // INTENTIONAL FALL THROUGH - // Allow for stale object to be served + // INTENTIONAL FALL THROUGH + // Allow for stale object to be served case CACHE_EVENT_OPEN_READ: // The write vector was locked and the cache_sm retried // and got the read vector again. @@ -4594,11 +4593,11 @@ HttpSM::do_http_server_open(bool raw) } if (t_state.method == HTTP_WKSIDX_POST || t_state.method == HTTP_WKSIDX_PUT) { - // don't share the session if keep-alive for post is not on - if (t_state.txn_conf->keep_alive_post_out == 0) { - DebugSM("http_ss", "Setting server session to private because of keep-alive post out"); - will_be_private_ss = true; - } + // don't share the session if keep-alive for post is not on + if (t_state.txn_conf->keep_alive_post_out == 0) { + DebugSM("http_ss", "Setting server session to private because of keep-alive post out"); + will_be_private_ss = true; + } } // If there is already an attached server session mark it as private. http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0eb34ce6/proxy/http/HttpTransact.cc ---------------------------------------------------------------------- diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc index bc1127c..964f69b 100644 --- a/proxy/http/HttpTransact.cc +++ b/proxy/http/HttpTransact.cc @@ -2913,10 +2913,9 @@ HttpTransact::handle_cache_write_lock(State *s) if (s->cache_open_write_fail_action & CACHE_OPEN_WRITE_FAIL_ERROR_ON_MISS) { DebugTxn("http_error", "cache_open_write_fail_action, cache miss, return error"); s->cache_info.write_status = CACHE_WRITE_ERROR; - build_error_response(s, HTTP_STATUS_BAD_GATEWAY, "Connection Failed", "connect#failed_connect", - NULL); + build_error_response(s, HTTP_STATUS_BAD_GATEWAY, "Connection Failed", "connect#failed_connect", NULL); MIMEField *ats_field; - HTTPHdr* header = &(s->hdr_info.client_response); + HTTPHdr *header = &(s->hdr_info.client_response); if ((ats_field = header->field_find(MIME_FIELD_ATS_INTERNAL, MIME_LEN_ATS_INTERNAL)) == NULL) { if (likely((ats_field = header->field_create(MIME_FIELD_ATS_INTERNAL, MIME_LEN_ATS_INTERNAL)) != NULL))