--- a/testing/mochitest/ssltunnel/ssltunnel.cpp
+++ b/testing/mochitest/ssltunnel/ssltunnel.cpp
@@ -349,23 +349,23 @@ bool ReadConnectRequest(server_info_t* s
}
bool ConfigureSSLServerSocket(PRFileDesc* socket, server_info_t* si, const string &certificate,
const client_auth_option clientAuth, int32_t flags)
{
const char* certnick = certificate.empty() ?
si->cert_nickname.c_str() : certificate.c_str();
- ScopedCERTCertificate cert(PK11_FindCertFromNickname(certnick, nullptr));
+ UniqueCERTCertificate cert(PK11_FindCertFromNickname(certnick, nullptr));
if (!cert) {
LOG_ERROR(("Failed to find cert %s\n", certnick));
return false;
}
- ScopedSECKEYPrivateKey privKey(PK11_FindKeyByAnyCert(cert, nullptr));
+ UniqueSECKEYPrivateKey privKey(PK11_FindKeyByAnyCert(cert.get(), nullptr));
if (!privKey) {
LOG_ERROR(("Failed to find private key\n"));
return false;
}
PRFileDesc* ssl_socket = SSL_ImportFD(nullptr, socket);
if (!ssl_socket) {
LOG_ERROR(("Error importing SSL socket\n"));
@@ -373,18 +373,18 @@ bool ConfigureSSLServerSocket(PRFileDesc
}
if (flags & FAIL_HANDSHAKE) {
// deliberately cause handshake to fail by sending the client a client hello
SSL_ResetHandshake(ssl_socket, false);
return true;
}
- SSLKEAType certKEA = NSS_FindCertKEAType(cert);
- if (SSL_ConfigSecureServer(ssl_socket, cert, privKey, certKEA)
+ SSLKEAType certKEA = NSS_FindCertKEAType(cert.get());
+ if (SSL_ConfigSecureServer(ssl_socket, cert.get(), privKey.get(), certKEA)
!= SECSuccess) {
LOG_ERROR(("Error configuring SSL server socket\n"));
return false;
}
SSL_OptionSet(ssl_socket, SSL_SECURITY, true);
SSL_OptionSet(ssl_socket, SSL_HANDSHAKE_AS_CLIENT, false);
SSL_OptionSet(ssl_socket, SSL_HANDSHAKE_AS_SERVER, true);
@@ -574,79 +574,80 @@ bool AdjustRequestURI(relayBuffer& buffe
memmove(path + hostlength, path, buffer.buffertail - path);
memcpy(path, host->c_str(), hostlength);
buffer.buffertail += hostlength;
return true;
}
-bool ConnectSocket(PRFileDesc *fd, const PRNetAddr *addr, PRIntervalTime timeout)
+bool ConnectSocket(UniquePRFileDesc& fd, const PRNetAddr* addr,
+ PRIntervalTime timeout)
{
- PRStatus stat = PR_Connect(fd, addr, timeout);
+ PRStatus stat = PR_Connect(fd.get(), addr, timeout);
if (stat != PR_SUCCESS)
return false;
PRSocketOptionData option;
option.option = PR_SockOpt_Nonblocking;
option.value.non_blocking = true;
- PR_SetSocketOption(fd, &option);
+ PR_SetSocketOption(fd.get(), &option);
return true;
}
/*
* Handle an incoming client connection. The server thread has already
* accepted the connection, so we just need to connect to the remote
* port and then proxy data back and forth.
* The data parameter is a connection_info_t*, and must be deleted
* by this function.
*/
void HandleConnection(void* data)
{
connection_info_t* ci = static_cast<connection_info_t*>(data);
PRIntervalTime connect_timeout = PR_SecondsToInterval(30);
- ScopedPRFileDesc other_sock(PR_NewTCPSocket());
+ UniquePRFileDesc other_sock(PR_NewTCPSocket());
bool client_done = false;
bool client_error = false;
bool connect_accepted = !do_http_proxy;
bool ssl_updated = !do_http_proxy;
bool expect_request_start = do_http_proxy;
string certificateToUse;
string locationHeader;
client_auth_option clientAuth;
string fullHost;
int32_t flags = 0;
LOG_DEBUG(("SSLTUNNEL(%p)): incoming connection csock(0)=%p, ssock(1)=%p\n",
static_cast<void*>(data),
static_cast<void*>(ci->client_sock),
- static_cast<void*>(other_sock)));
- if (other_sock)
+ static_cast<void*>(other_sock.get())));
+ if (other_sock)
{
int32_t numberOfSockets = 1;
relayBuffer buffers[2];
if (!do_http_proxy)
{
if (!ConfigureSSLServerSocket(ci->client_sock, ci->server_info,
certificateToUse, caNone, flags))
client_error = true;
else if (!ConnectSocket(other_sock, &remote_addr, connect_timeout))
client_error = true;
else
numberOfSockets = 2;
}
- PRPollDesc sockets[2] =
- {
+ PRPollDesc sockets[2] =
+ {
{ci->client_sock, PR_POLL_READ, 0},
- {other_sock, PR_POLL_READ, 0}
+ {other_sock.get(), PR_POLL_READ, 0}
};
bool socketErrorState[2] = {false, false};
while (!((client_error||client_done) && buffers[0].empty() && buffers[1].empty()))
{
sockets[0].in_flags |= PR_POLL_EXCEPT;
sockets[1].in_flags |= PR_POLL_EXCEPT;
LOG_DEBUG(("SSLTUNNEL(%p)): polling flags csock(0)=%c%c, ssock(1)=%c%c\n",
@@ -939,17 +940,17 @@ void HandleConnection(void* data)
} // while, poll
}
else
client_error = true;
LOG_DEBUG(("SSLTUNNEL(%p)): exiting root function for csock=%p, ssock=%p\n",
static_cast<void*>(data),
static_cast<void*>(ci->client_sock),
- static_cast<void*>(other_sock)));
+ static_cast<void*>(other_sock.get())));
if (!client_error)
PR_Shutdown(ci->client_sock, PR_SHUTDOWN_SEND);
PR_Close(ci->client_sock);
delete ci;
}
/*
@@ -958,55 +959,55 @@ void HandleConnection(void* data)
* The data parameter is a server_info_t*, owned by the calling
* function.
*/
void StartServer(void* data)
{
server_info_t* si = static_cast<server_info_t*>(data);
//TODO: select ciphers?
- ScopedPRFileDesc listen_socket(PR_NewTCPSocket());
+ UniquePRFileDesc listen_socket(PR_NewTCPSocket());
if (!listen_socket) {
LOG_ERROR(("failed to create socket\n"));
SignalShutdown();
return;
}
// In case the socket is still open in the TIME_WAIT state from a previous
// instance of ssltunnel we ask to reuse the port.
PRSocketOptionData socket_option;
socket_option.option = PR_SockOpt_Reuseaddr;
socket_option.value.reuse_addr = true;
- PR_SetSocketOption(listen_socket, &socket_option);
+ PR_SetSocketOption(listen_socket.get(), &socket_option);
PRNetAddr server_addr;
PR_InitializeNetAddr(PR_IpAddrAny, si->listen_port, &server_addr);
- if (PR_Bind(listen_socket, &server_addr) != PR_SUCCESS) {
+ if (PR_Bind(listen_socket.get(), &server_addr) != PR_SUCCESS) {
LOG_ERROR(("failed to bind socket on port %d: error %d\n", si->listen_port, PR_GetError()));
SignalShutdown();
return;
}
- if (PR_Listen(listen_socket, 1) != PR_SUCCESS) {
+ if (PR_Listen(listen_socket.get(), 1) != PR_SUCCESS) {
LOG_ERROR(("failed to listen on socket\n"));
SignalShutdown();
return;
}
LOG_INFO(("Server listening on port %d with cert %s\n", si->listen_port,
si->cert_nickname.c_str()));
while (!shutdown_server) {
connection_info_t* ci = new connection_info_t();
ci->server_info = si;
ci->http_proxy_only = do_http_proxy;
// block waiting for connections
- ci->client_sock = PR_Accept(listen_socket, &ci->client_addr,
+ ci->client_sock = PR_Accept(listen_socket.get(), &ci->client_addr,
PR_INTERVAL_NO_TIMEOUT);
-
+
PRSocketOptionData option;
option.option = PR_SockOpt_Nonblocking;
option.value.non_blocking = true;
PR_SetSocketOption(ci->client_sock, &option);
if (ci->client_sock)
// Not actually using this PRJob*...
//PRJob* job =