diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-08-26 10:29:59 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-08-26 10:29:59 +0000 |
| commit | ef9d2cfde6b877081c468c6d550b1e48866e9ed0 (patch) | |
| tree | 06a2d35c73bfee9212c3dda128d56c3f07608948 /tcpiohandler.cc | |
| parent | Adding upstream version 1.9.5. (diff) | |
| download | dnsdist-upstream.tar.xz dnsdist-upstream.zip | |
Adding upstream version 1.9.6.upstream/1.9.6upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tcpiohandler.cc')
| -rw-r--r-- | tcpiohandler.cc | 39 |
1 files changed, 29 insertions, 10 deletions
diff --git a/tcpiohandler.cc b/tcpiohandler.cc index cf82471..edee311 100644 --- a/tcpiohandler.cc +++ b/tcpiohandler.cc @@ -11,6 +11,8 @@ const bool TCPIOHandler::s_disableConnectForUnitTests = false; #include <sodium.h> #endif /* HAVE_LIBSODIUM */ +TLSCtx::tickets_key_added_hook TLSCtx::s_ticketsKeyAddedHook{nullptr}; + #if defined(HAVE_DNS_OVER_TLS) || defined(HAVE_DNS_OVER_HTTPS) #ifdef HAVE_LIBSSL @@ -987,6 +989,16 @@ public: throw; } } + [[nodiscard]] std::string content() const + { + std::string result{}; + if (d_key.data != nullptr && d_key.size > 0) { + // NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast) + result.append(reinterpret_cast<const char*>(d_key.data), d_key.size); + safe_memory_lock(result.data(), result.size()); + } + return result; + } ~GnuTLSTicketsKey() { @@ -1730,14 +1742,12 @@ public: return connection; } - void rotateTicketsKey(time_t now) override + void addTicketsKey(time_t now, std::shared_ptr<GnuTLSTicketsKey>&& newKey) { if (!d_enableTickets) { return; } - auto newKey = std::make_shared<GnuTLSTicketsKey>(); - { *(d_ticketsKey.write_lock()) = std::move(newKey); } @@ -1745,8 +1755,23 @@ public: if (d_ticketsKeyRotationDelay > 0) { d_ticketsKeyNextRotation = now + d_ticketsKeyRotationDelay; } + + if (TLSCtx::hasTicketsKeyAddedHook()) { + auto ticketsKey = *(d_ticketsKey.read_lock()); + auto content = ticketsKey->content(); + TLSCtx::getTicketsKeyAddedHook()(content); + safe_memory_release(content.data(), content.size()); + } } + void rotateTicketsKey(time_t now) override + { + if (!d_enableTickets) { + return; + } + auto newKey = std::make_shared<GnuTLSTicketsKey>(); + addTicketsKey(now, std::move(newKey)); + } void loadTicketsKeys(const std::string& file) final { if (!d_enableTickets) { @@ -1754,13 +1779,7 @@ public: } auto newKey = std::make_shared<GnuTLSTicketsKey>(file); - { - *(d_ticketsKey.write_lock()) = std::move(newKey); - } - - if (d_ticketsKeyRotationDelay > 0) { - d_ticketsKeyNextRotation = time(nullptr) + d_ticketsKeyRotationDelay; - } + addTicketsKey(time(nullptr), std::move(newKey)); } size_t getTicketsKeysCount() override |