diff options
Diffstat (limited to 'library/cpp')
-rw-r--r-- | library/cpp/actors/http/http.h | 2 | ||||
-rw-r--r-- | library/cpp/actors/http/http_proxy.cpp | 12 | ||||
-rw-r--r-- | library/cpp/actors/http/http_proxy.h | 2 | ||||
-rw-r--r-- | library/cpp/actors/http/http_proxy_acceptor.cpp | 10 | ||||
-rw-r--r-- | library/cpp/actors/http/http_proxy_incoming.cpp | 2 | ||||
-rw-r--r-- | library/cpp/actors/http/http_proxy_ssl.h | 114 |
6 files changed, 71 insertions, 71 deletions
diff --git a/library/cpp/actors/http/http.h b/library/cpp/actors/http/http.h index 96c5c1ec48..dbf4715a98 100644 --- a/library/cpp/actors/http/http.h +++ b/library/cpp/actors/http/http.h @@ -593,7 +593,7 @@ public: THttpConfig::SocketAddressType Address; TString WorkerName; THPTimer Timer; - bool Secure = false; + bool Secure = false; bool IsConnectionClose() const { if (Connection.empty()) { diff --git a/library/cpp/actors/http/http_proxy.cpp b/library/cpp/actors/http/http_proxy.cpp index 36c6855d93..8a865e4df7 100644 --- a/library/cpp/actors/http/http_proxy.cpp +++ b/library/cpp/actors/http/http_proxy.cpp @@ -172,21 +172,21 @@ protected: void Handle(TEvHttpProxy::TEvReportSensors::TPtr event, const NActors::TActorContext&) { const TEvHttpProxy::TEvReportSensors& sensors(*event->Get()); - const static TString urlNotFound = "not-found"; - const TString& url = (sensors.Status == "404" ? urlNotFound : sensors.Url); - + const static TString urlNotFound = "not-found"; + const TString& url = (sensors.Status == "404" ? urlNotFound : sensors.Url); + Sensors.Rate({ {"sensor", "count"}, {"direction", sensors.Direction}, {"peer", sensors.Host}, - {"url", url}, + {"url", url}, {"status", sensors.Status} })->Inc(); Sensors.HistogramRate({ {"sensor", "time_us"}, {"direction", sensors.Direction}, {"peer", sensors.Host}, - {"url", url}, + {"url", url}, {"status", sensors.Status} }, NMonitoring::ExplicitHistogram({1, 5, 10, 50, 100, 500, 1000, 5000, 10000, 30000, 60000}))->Record(sensors.Time.MicroSeconds()); @@ -194,7 +194,7 @@ protected: {"sensor", "time_ms"}, {"direction", sensors.Direction}, {"peer", sensors.Host}, - {"url", url}, + {"url", url}, {"status", sensors.Status} }, NMonitoring::ExplicitHistogram({1, 5, 10, 50, 100, 500, 1000, 5000, 10000, 30000, 60000}))->Record(sensors.Time.MilliSeconds()); diff --git a/library/cpp/actors/http/http_proxy.h b/library/cpp/actors/http/http_proxy.h index afd0170997..6a6b8a7fa5 100644 --- a/library/cpp/actors/http/http_proxy.h +++ b/library/cpp/actors/http/http_proxy.h @@ -49,7 +49,7 @@ struct TEvHttpProxy { bool Secure = false; TString CertificateFile; TString PrivateKeyFile; - TString SslCertificatePem; + TString SslCertificatePem; TEvAddListeningPort(TIpPort port) : Port(port) diff --git a/library/cpp/actors/http/http_proxy_acceptor.cpp b/library/cpp/actors/http/http_proxy_acceptor.cpp index 9780541b71..1b344ad2ce 100644 --- a/library/cpp/actors/http/http_proxy_acceptor.cpp +++ b/library/cpp/actors/http/http_proxy_acceptor.cpp @@ -52,11 +52,11 @@ protected: Endpoint.Secure = event->Get()->Secure; int err = 0; if (Endpoint.Secure) { - if (!event->Get()->SslCertificatePem.empty()) { - Endpoint.SecureContext = TSslHelpers::CreateServerContext(event->Get()->SslCertificatePem); - } else { - Endpoint.SecureContext = TSslHelpers::CreateServerContext(event->Get()->CertificateFile, event->Get()->PrivateKeyFile); - } + if (!event->Get()->SslCertificatePem.empty()) { + Endpoint.SecureContext = TSslHelpers::CreateServerContext(event->Get()->SslCertificatePem); + } else { + Endpoint.SecureContext = TSslHelpers::CreateServerContext(event->Get()->CertificateFile, event->Get()->PrivateKeyFile); + } if (Endpoint.SecureContext == nullptr) { err = -1; LOG_WARN_S(ctx, HttpLog, "Failed to construct server security context"); diff --git a/library/cpp/actors/http/http_proxy_incoming.cpp b/library/cpp/actors/http/http_proxy_incoming.cpp index 80fe2af53d..6d0cf07f77 100644 --- a/library/cpp/actors/http/http_proxy_incoming.cpp +++ b/library/cpp/actors/http/http_proxy_incoming.cpp @@ -113,7 +113,7 @@ protected: } CurrentRequest->Address = Address; CurrentRequest->WorkerName = Endpoint.WorkerName; - CurrentRequest->Secure = Endpoint.Secure; + CurrentRequest->Secure = Endpoint.Secure; } if (!CurrentRequest->EnsureEnoughSpaceAvailable()) { LOG_DEBUG_S(ctx, HttpLog, "(#" << TSocketImpl::GetRawSocket() << "," << Address << ") connection closed - not enough space available"); diff --git a/library/cpp/actors/http/http_proxy_ssl.h b/library/cpp/actors/http/http_proxy_ssl.h index ffce12997f..d0894a0313 100644 --- a/library/cpp/actors/http/http_proxy_ssl.h +++ b/library/cpp/actors/http/http_proxy_ssl.h @@ -17,14 +17,14 @@ struct TSslHelpers { SSL_free(ssl); } - static void Destroy(X509* cert) noexcept { - X509_free(cert); - } - - static void Destroy(EVP_PKEY* pkey) noexcept { - EVP_PKEY_free(pkey); - } - + static void Destroy(X509* cert) noexcept { + X509_free(cert); + } + + static void Destroy(EVP_PKEY* pkey) noexcept { + EVP_PKEY_free(pkey); + } + static void Destroy(BIO* bio) noexcept { BIO_free(bio); } @@ -67,55 +67,55 @@ struct TSslHelpers { return ctx; } - static bool LoadX509Chain(TSslHolder<SSL_CTX>& ctx, const TString& pem) { - TSslHolder<BIO> bio(BIO_new_mem_buf(pem.c_str(), pem.size())); - if (bio == nullptr) { - return false; - } - TSslHolder<X509> cert(PEM_read_bio_X509_AUX(bio.Get(), nullptr, nullptr, nullptr)); - if (cert == nullptr) { - return false; - } - if (SSL_CTX_use_certificate(ctx.Get(), cert.Release()) <= 0) { - return false; - } - SSL_CTX_clear_chain_certs(ctx.Get()); - while (true) { - TSslHolder<X509> ca(PEM_read_bio_X509(bio.Get(), nullptr, nullptr, nullptr)); - if (ca == nullptr) { - break; - } - if (!SSL_CTX_add0_chain_cert(ctx.Get(), ca.Release())) { - return false; - } - } - return true; - } - - static bool LoadPrivateKey(TSslHolder<SSL_CTX>& ctx, const TString& pem) { - TSslHolder<BIO> bio(BIO_new_mem_buf(pem.c_str(), pem.size())); - if (bio == nullptr) { - return false; - } - TSslHolder<EVP_PKEY> pkey(PEM_read_bio_PrivateKey(bio.Get(), nullptr, nullptr, nullptr)); - if (SSL_CTX_use_PrivateKey(ctx.Get(), pkey.Release()) <= 0) { - return false; - } - return true; - } - - static TSslHolder<SSL_CTX> CreateServerContext(const TString& pem) { - TSslHolder<SSL_CTX> ctx = CreateSslCtx(SSLv23_server_method()); - SSL_CTX_set_ecdh_auto(ctx.Get(), 1); - if (!LoadX509Chain(ctx, pem)) { - return nullptr; - } - if (!LoadPrivateKey(ctx, pem)) { - return nullptr; - } - return ctx; - } - + static bool LoadX509Chain(TSslHolder<SSL_CTX>& ctx, const TString& pem) { + TSslHolder<BIO> bio(BIO_new_mem_buf(pem.c_str(), pem.size())); + if (bio == nullptr) { + return false; + } + TSslHolder<X509> cert(PEM_read_bio_X509_AUX(bio.Get(), nullptr, nullptr, nullptr)); + if (cert == nullptr) { + return false; + } + if (SSL_CTX_use_certificate(ctx.Get(), cert.Release()) <= 0) { + return false; + } + SSL_CTX_clear_chain_certs(ctx.Get()); + while (true) { + TSslHolder<X509> ca(PEM_read_bio_X509(bio.Get(), nullptr, nullptr, nullptr)); + if (ca == nullptr) { + break; + } + if (!SSL_CTX_add0_chain_cert(ctx.Get(), ca.Release())) { + return false; + } + } + return true; + } + + static bool LoadPrivateKey(TSslHolder<SSL_CTX>& ctx, const TString& pem) { + TSslHolder<BIO> bio(BIO_new_mem_buf(pem.c_str(), pem.size())); + if (bio == nullptr) { + return false; + } + TSslHolder<EVP_PKEY> pkey(PEM_read_bio_PrivateKey(bio.Get(), nullptr, nullptr, nullptr)); + if (SSL_CTX_use_PrivateKey(ctx.Get(), pkey.Release()) <= 0) { + return false; + } + return true; + } + + static TSslHolder<SSL_CTX> CreateServerContext(const TString& pem) { + TSslHolder<SSL_CTX> ctx = CreateSslCtx(SSLv23_server_method()); + SSL_CTX_set_ecdh_auto(ctx.Get(), 1); + if (!LoadX509Chain(ctx, pem)) { + return nullptr; + } + if (!LoadPrivateKey(ctx, pem)) { + return nullptr; + } + return ctx; + } + static TSslHolder<SSL> ConstructSsl(SSL_CTX* ctx, BIO* bio) { TSslHolder<SSL> ssl(SSL_new(ctx)); |