[PATCH 07 of 11] SSL: style

Sergey Kandaurov pluknet at nginx.com
Thu Sep 15 05:42:01 UTC 2022


> On 26 Aug 2022, at 07:01, Maxim Dounin <mdounin at mdounin.ru> wrote:
> 
> # HG changeset patch
> # User Maxim Dounin <mdounin at mdounin.ru>
> # Date 1661481953 -10800
> #      Fri Aug 26 05:45:53 2022 +0300
> # Node ID 84919c2ee8173f704649a8cb4901887e1bf79588
> # Parent  d5c6eae914325fb6a9b19105fe09aecd04da21e2
> SSL: style.
> 
> Runtime OCSP functions separated from configuration ones.
> 
> diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
> --- a/src/event/ngx_event_openssl.h
> +++ b/src/event/ngx_event_openssl.h
> @@ -205,10 +205,12 @@ ngx_int_t ngx_ssl_ocsp(ngx_conf_t *cf, n
>     ngx_uint_t depth, ngx_shm_zone_t *shm_zone);
> ngx_int_t ngx_ssl_ocsp_resolver(ngx_conf_t *cf, ngx_ssl_t *ssl,
>     ngx_resolver_t *resolver, ngx_msec_t resolver_timeout);
> +
> ngx_int_t ngx_ssl_ocsp_validate(ngx_connection_t *c);
> ngx_int_t ngx_ssl_ocsp_get_status(ngx_connection_t *c, const char **s);
> void ngx_ssl_ocsp_cleanup(ngx_connection_t *c);
> ngx_int_t ngx_ssl_ocsp_cache_init(ngx_shm_zone_t *shm_zone, void *data);
> +
> ngx_array_t *ngx_ssl_read_password_file(ngx_conf_t *cf, ngx_str_t *file);
> ngx_array_t *ngx_ssl_preserve_passwords(ngx_conf_t *cf,
>     ngx_array_t *passwords);
> 

Speaking of style, this reminds me of various more style issues.

# HG changeset patch
# User Sergey Kandaurov <pluknet at nginx.com>
# Date 1663066823 -14400
#      Tue Sep 13 15:00:23 2022 +0400
# Node ID e3da137555cfb6a3eb80aae196a49b945a4f5048
# Parent  3b0846bd090e06cf277879d4ba4a67a0a2569233
SSL: style.

Using suitable naming for SSL_CTX variables.

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -64,7 +64,7 @@ static ngx_ssl_session_t *ngx_ssl_get_ca
     const
 #endif
     u_char *id, int len, int *copy);
-static void ngx_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess);
+static void ngx_ssl_remove_session(SSL_CTX *ssl_ctx, ngx_ssl_session_t *sess);
 static void ngx_ssl_expire_sessions(ngx_ssl_session_cache_t *cache,
     ngx_slab_pool_t *shpool, ngx_uint_t n);
 static void ngx_ssl_session_rbtree_insert_value(ngx_rbtree_node_t *temp,
@@ -4050,16 +4050,16 @@ done:
 
 
 void
-ngx_ssl_remove_cached_session(SSL_CTX *ssl, ngx_ssl_session_t *sess)
+ngx_ssl_remove_cached_session(SSL_CTX *ssl_ctx, ngx_ssl_session_t *sess)
 {
-    SSL_CTX_remove_session(ssl, sess);
-
-    ngx_ssl_remove_session(ssl, sess);
+    SSL_CTX_remove_session(ssl_ctx, sess);
+
+    ngx_ssl_remove_session(ssl_ctx, sess);
 }
 
 
 static void
-ngx_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess)
+ngx_ssl_remove_session(SSL_CTX *ssl_ctx, ngx_ssl_session_t *sess)
 {
     u_char                   *id;
     uint32_t                  hash;
@@ -4071,7 +4071,7 @@ ngx_ssl_remove_session(SSL_CTX *ssl, ngx
     ngx_ssl_sess_id_t        *sess_id;
     ngx_ssl_session_cache_t  *cache;
 
-    shm_zone = SSL_CTX_get_ex_data(ssl, ngx_ssl_session_cache_index);
+    shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index);
 
     if (shm_zone == NULL) {
         return;
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -233,7 +233,7 @@ ngx_int_t ngx_ssl_session_cache_init(ngx
 ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c,
     ngx_uint_t flags);
 
-void ngx_ssl_remove_cached_session(SSL_CTX *ssl, ngx_ssl_session_t *sess);
+void ngx_ssl_remove_cached_session(SSL_CTX *ssl_ctx, ngx_ssl_session_t *sess);
 ngx_int_t ngx_ssl_set_session(ngx_connection_t *c, ngx_ssl_session_t *session);
 ngx_ssl_session_t *ngx_ssl_get_session(ngx_connection_t *c);
 ngx_ssl_session_t *ngx_ssl_get0_session(ngx_connection_t *c);
# HG changeset patch
# User Sergey Kandaurov <pluknet at nginx.com>
# Date 1663199989 -14400
#      Thu Sep 15 03:59:49 2022 +0400
# Node ID b13b26ab24e9f12a808301bf4c8713d52c7944aa
# Parent  e3da137555cfb6a3eb80aae196a49b945a4f5048
SSL: fixed indentation.

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -998,12 +998,12 @@ static int
 ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store)
 {
 #if (NGX_DEBUG)
+    int                err, depth;
     char              *subject, *issuer;
-    int                err, depth;
     X509              *cert;
     X509_NAME         *sname, *iname;
+    ngx_ssl_conn_t    *ssl_conn;
     ngx_connection_t  *c;
-    ngx_ssl_conn_t    *ssl_conn;
 
     ssl_conn = X509_STORE_CTX_get_ex_data(x509_store,
                                           SSL_get_ex_data_X509_STORE_CTX_idx());
@@ -2274,8 +2274,8 @@ ngx_ssl_recv(ngx_connection_t *c, u_char
 static ssize_t
 ngx_ssl_recv_early(ngx_connection_t *c, u_char *buf, size_t size)
 {
-    int        n, bytes;
-    size_t     readbytes;
+    int     n, bytes;
+    size_t  readbytes;
 
     if (c->ssl->last == NGX_ERROR) {
         c->read->error = 1;
@@ -2528,9 +2528,9 @@ ngx_chain_t *
 ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
 {
     int           n;
-    ngx_uint_t    flush;
     ssize_t       send, size, file_size;
     ngx_buf_t    *buf;
+    ngx_uint_t    flush;
     ngx_chain_t  *cl;
 
     if (!c->ssl->buffer) {
@@ -3491,9 +3491,9 @@ ngx_ssl_error(ngx_uint_t level, ngx_log_
 {
     int          flags;
     u_long       n;
-    va_list      args;
     u_char      *p, *last;
     u_char       errstr[NGX_MAX_CONF_ERRSTR];
+    va_list      args;
     const char  *data;
 
     last = errstr + NGX_MAX_CONF_ERRSTR;
@@ -3809,12 +3809,12 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_
     int                       len;
     u_char                   *p, *session_id;
     size_t                    n;
+    SSL_CTX                  *ssl_ctx;
     uint32_t                  hash;
-    SSL_CTX                  *ssl_ctx;
     unsigned int              session_id_length;
     ngx_shm_zone_t           *shm_zone;
+    ngx_slab_pool_t          *shpool;
     ngx_connection_t         *c;
-    ngx_slab_pool_t          *shpool;
     ngx_ssl_sess_id_t        *sess_id;
     ngx_ssl_session_cache_t  *cache;
 
@@ -3959,12 +3959,12 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_
     const u_char             *p;
     ngx_shm_zone_t           *shm_zone;
     ngx_slab_pool_t          *shpool;
+    ngx_connection_t         *c;
     ngx_rbtree_node_t        *node, *sentinel;
     ngx_ssl_session_t        *sess;
     ngx_ssl_sess_id_t        *sess_id;
     ngx_ssl_session_cache_t  *cache;
     u_char                    buf[NGX_SSL_MAX_SESSION_SIZE];
-    ngx_connection_t         *c;
 
     hash = ngx_crc32_short((u_char *) (uintptr_t) id, (size_t) len);
     *copy = 0;
@@ -4500,7 +4500,7 @@ ngx_ssl_session_ticket_key_callback(ngx_
 static void
 ngx_ssl_session_ticket_keys_cleanup(void *data)
 {
-    ngx_array_t  *keys = data;
+    ngx_array_t *keys = data;
 
     ngx_explicit_memzero(keys->elts,
                          keys->nelts * sizeof(ngx_ssl_session_ticket_key_t));
@@ -4525,7 +4525,7 @@ ngx_ssl_session_ticket_keys(ngx_conf_t *
 void
 ngx_ssl_cleanup_ctx(void *data)
 {
-    ngx_ssl_t  *ssl = data;
+    ngx_ssl_t *ssl = data;
 
     X509  *cert, *next;
 
@@ -4544,7 +4544,7 @@ ngx_ssl_cleanup_ctx(void *data)
 ngx_int_t
 ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name)
 {
-    X509   *cert;
+    X509  *cert;
 
     cert = SSL_get_peer_certificate(c->ssl->connection);
     if (cert == NULL) {
@@ -4575,8 +4575,8 @@ ngx_ssl_check_host(ngx_connection_t *c, 
     int                      n, i;
     X509_NAME               *sname;
     ASN1_STRING             *str;
+    GENERAL_NAME            *altname;
     X509_NAME_ENTRY         *entry;
-    GENERAL_NAME            *altname;
     STACK_OF(GENERAL_NAME)  *altnames;
 
     /*
@@ -4851,9 +4851,9 @@ ngx_ssl_get_curves(ngx_connection_t *c, 
 {
 #ifdef SSL_CTRL_GET_CURVES
 
-    int         *curves, n, i, nid;
-    u_char      *p;
-    size_t       len;
+    int     *curves, n, i, nid;
+    u_char  *p;
+    size_t   len;
 
     n = SSL_get1_curves(c->ssl->connection, NULL);
 
@@ -5046,9 +5046,9 @@ ngx_ssl_get_alpn_protocol(ngx_connection
 ngx_int_t
 ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
 {
-    size_t   len;
     BIO     *bio;
     X509    *cert;
+    size_t   len;
 
     s->len = 0;
 
@@ -5098,8 +5098,8 @@ ngx_ssl_get_certificate(ngx_connection_t
 {
     u_char      *p;
     size_t       len;
+    ngx_str_t    cert;
     ngx_uint_t   i;
-    ngx_str_t    cert;
 
     if (ngx_ssl_get_raw_certificate(c, pool, &cert) != NGX_OK) {
         return NGX_ERROR;
@@ -5280,8 +5280,8 @@ ngx_ssl_get_subject_dn_legacy(ngx_connec
     ngx_str_t *s)
 {
     char       *p;
+    X509       *cert;
     size_t      len;
-    X509       *cert;
     X509_NAME  *name;
 
     s->len = 0;
@@ -5328,8 +5328,8 @@ ngx_ssl_get_issuer_dn_legacy(ngx_connect
     ngx_str_t *s)
 {
     char       *p;
+    X509       *cert;
     size_t      len;
-    X509       *cert;
     X509_NAME  *name;
 
     s->len = 0;
@@ -5374,9 +5374,9 @@ ngx_ssl_get_issuer_dn_legacy(ngx_connect
 ngx_int_t
 ngx_ssl_get_serial_number(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
 {
-    size_t   len;
+    BIO     *bio;
     X509    *cert;
-    BIO     *bio;
+    size_t   len;
 
     s->len = 0;
 

-- 
Sergey Kandaurov



More information about the nginx-devel mailing list