From 2f230033794fafdf10822568e763d4db68cf6c6b Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sat, 13 Apr 2024 23:14:49 +0200
Subject: Merging upstream version 1.9.3.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 libssl.hh | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'libssl.hh')

diff --git a/libssl.hh b/libssl.hh
index fd5d90c..8dd7ff3 100644
--- a/libssl.hh
+++ b/libssl.hh
@@ -12,6 +12,7 @@
 #include "config.h"
 #include "circular_buffer.hh"
 #include "lock.hh"
+#include "misc.hh"
 
 enum class LibsslTLSVersion : uint8_t { Unknown, TLS10, TLS11, TLS12, TLS13 };
 
@@ -21,7 +22,7 @@ struct TLSCertKeyPair
   std::optional<std::string> d_key;
   std::optional<std::string> d_password;
   explicit TLSCertKeyPair(const std::string& cert, std::optional<std::string> key = std::nullopt, std::optional<std::string> password = std::nullopt):
-    d_cert(cert), d_key(key), d_password(password) {
+    d_cert(cert), d_key(std::move(key)), d_password(std::move(password)) {
   }
 };
 
@@ -53,6 +54,8 @@ public:
   bool d_asyncMode{false};
   /* enable kTLS mode, if supported */
   bool d_ktls{false};
+  /* set read ahead mode, if supported */
+  bool d_readAhead{true};
 };
 
 struct TLSErrorCounters
@@ -113,7 +116,6 @@ class OpenSSLTLSTicketKeysRing
 public:
   OpenSSLTLSTicketKeysRing(size_t capacity);
   ~OpenSSLTLSTicketKeysRing();
-  void addKey(std::shared_ptr<OpenSSLTLSTicketKey> newKey);
   std::shared_ptr<OpenSSLTLSTicketKey> getEncryptionKey();
   std::shared_ptr<OpenSSLTLSTicketKey> getDecryptionKey(unsigned char name[TLS_TICKETS_KEY_NAME_SIZE], bool& activeKey);
   size_t getKeysCount();
@@ -121,6 +123,8 @@ public:
   void rotateTicketsKey(time_t now);
 
 private:
+  void addKey(std::shared_ptr<OpenSSLTLSTicketKey>&& newKey);
+
   SharedLockGuarded<boost::circular_buffer<std::shared_ptr<OpenSSLTLSTicketKey> > > d_ticketKeys;
 };
 
@@ -151,7 +155,7 @@ bool libssl_set_min_tls_version(std::unique_ptr<SSL_CTX, decltype(&SSL_CTX_free)
 std::pair<std::unique_ptr<SSL_CTX, decltype(&SSL_CTX_free)>, std::vector<std::string>> libssl_init_server_context(const TLSConfig& config,
                                                                                                             std::map<int, std::string>& ocspResponses);
 
-std::unique_ptr<FILE, int(*)(FILE*)> libssl_set_key_log_file(std::unique_ptr<SSL_CTX, decltype(&SSL_CTX_free)>& ctx, const std::string& logFile);
+pdns::UniqueFilePtr libssl_set_key_log_file(std::unique_ptr<SSL_CTX, decltype(&SSL_CTX_free)>& ctx, const std::string& logFile);
 
 /* called in a client context, if the client advertised more than one ALPN values and the server returned more than one as well, to select the one to use. */
 #ifndef DISABLE_NPN
-- 
cgit v1.2.3