[multiple] http_header APIs to reduce str copies

author: Glenn Strauss <gstrauss@gluelogic.com> 2021-03-21 04:04:51 -0400
committer: Glenn Strauss <gstrauss@gluelogic.com> 2021-03-26 22:38:36 -0400
commit: 26f354cb371e09b2c05c2fa49d1ae94e123a95af (patch)
tree: d02d8ed06d3e0744b30d024daf272d2243d45b14 /src/mod_nss.c
parent: f83ff671fcd348afde41ee50fea69149920004c0 (diff)
download: lighttpd-git-26f354cb371e09b2c05c2fa49d1ae94e123a95af.tar.gz
1 files changed, 16 insertions, 25 deletions
diff --git a/src/mod_nss.c b/src/mod_nss.c
index ad796a70..e03980ef 100644
--- a/src/mod_nss.c
+++ b/src/mod_nss.c
@@ -2423,11 +2423,11 @@ https_add_ssl_client_cert (request_st * const r, CERTCertificate *peer)
     for (uint32_t i = 0; pem[i]; ++i) {
         if (pem[i] != '\r') pem[len++] = pem[i]; /*(translate \r\n to \n)*/
     }
-    buffer * const tb = r->tmp_buf;
-    buffer_copy_string_len(tb, CONST_STR_LEN(PEM_BEGIN_CERT"\n"));
-    buffer_append_string_len(tb, pem, len);
-    buffer_append_string_len(tb,CONST_STR_LEN("\n"PEM_END_CERT"\n"));
-    http_header_env_set(r, CONST_STR_LEN("SSL_CLIENT_CERT"), CONST_BUF_LEN(tb));
+    buffer * const vb =
+      http_header_env_set_ptr(r, CONST_STR_LEN("SSL_CLIENT_CERT"));
+    buffer_copy_string_len(vb, CONST_STR_LEN(PEM_BEGIN_CERT"\n"));
+    buffer_append_string_len(vb, pem, len);
+    buffer_append_string_len(vb,CONST_STR_LEN("\n"PEM_END_CERT"\n"));
     PORT_Free(pem);
 }
 
@@ -2477,35 +2477,28 @@ https_add_ssl_client_entries (request_st * const r, handler_ctx * const hctx)
 {
     PRFileDesc *ssl = hctx->ssl;
     CERTCertificate *crt = NULL;
-    buffer * const tb = r->tmp_buf;
+    buffer *vb = http_header_env_set_ptr(r, CONST_STR_LEN("SSL_CLIENT_VERIFY"));
 
     if (hctx->verify_status != -1)
         crt = SSL_PeerCertificate(ssl);
     if (NULL == crt) { /* || hctx->verify_status == -1) */
         /*(e.g. no cert, or verify result not available)*/
-        http_header_env_set(r,
-                            CONST_STR_LEN("SSL_CLIENT_VERIFY"),
-                            CONST_STR_LEN("NONE"));
+        buffer_copy_string_len(vb, CONST_STR_LEN("NONE"));
         return;
     }
     else if (0 != hctx->verify_status) {
-        buffer_copy_string_len(tb, CONST_STR_LEN("FAILED:"));
+        buffer_copy_string_len(vb, CONST_STR_LEN("FAILED:"));
         const char *s = PR_ErrorToName(hctx->verify_status);
         if (s)
-            buffer_append_string_len(tb, s, strlen(s));
-        buffer_append_string_len(tb, CONST_STR_LEN(":"));
+            buffer_append_string_len(vb, s, strlen(s));
+        buffer_append_string_len(vb, CONST_STR_LEN(":"));
         s = PR_ErrorToString(hctx->verify_status, PR_LANGUAGE_I_DEFAULT);
-        buffer_append_string_len(tb, s, strlen(s));
-        http_header_env_set(r,
-                            CONST_STR_LEN("SSL_CLIENT_VERIFY"),
-                            CONST_BUF_LEN(tb));
+        buffer_append_string_len(vb, s, strlen(s));
         CERT_DestroyCertificate(crt);
         return;
     }
     else {
-        http_header_env_set(r,
-                            CONST_STR_LEN("SSL_CLIENT_VERIFY"),
-                            CONST_STR_LEN("SUCCESS"));
+        buffer_copy_string_len(vb, CONST_STR_LEN("SUCCESS"));
     }
 
     char *s = CERT_NameToAsciiInvertible(&crt->subject, CERT_N2A_STRICT);
@@ -2518,11 +2511,9 @@ https_add_ssl_client_entries (request_st * const r, handler_ctx * const hctx)
 
     https_add_ssl_client_subject(r, &crt->subject);
 
-    buffer_string_set_length(tb, 0);
-    buffer_append_uint_hex_lc(tb, DER_GetInteger(&crt->serialNumber));
-    http_header_env_set(r,
-                        CONST_STR_LEN("SSL_CLIENT_M_SERIAL"),
-                        CONST_BUF_LEN(tb));
+    buffer_append_uint_hex_lc(
+      http_header_env_set_ptr(r, CONST_STR_LEN("SSL_CLIENT_M_SERIAL")),
+      DER_GetInteger(&crt->serialNumber));
 
     if (!buffer_string_is_empty(hctx->conf.ssl_verifyclient_username)) {
         /* pick one of the exported values as "REMOTE_USER", for example
@@ -2531,7 +2522,7 @@ https_add_ssl_client_entries (request_st * const r, handler_ctx * const hctx)
          *   ssl.verifyclient.username = "SSL_CLIENT_S_DN_emailAddress"
          */
         const buffer *varname = hctx->conf.ssl_verifyclient_username;
-        const buffer *vb = http_header_env_get(r, CONST_BUF_LEN(varname));
+        vb = http_header_env_get(r, CONST_BUF_LEN(varname));
         if (vb) { /* same as http_auth.c:http_auth_setenv() */
             http_header_env_set(r,
                                 CONST_STR_LEN("REMOTE_USER"),
author	Glenn Strauss <gstrauss@gluelogic.com>	2021-03-21 04:04:51 -0400
committer	Glenn Strauss <gstrauss@gluelogic.com>	2021-03-26 22:38:36 -0400
commit	26f354cb371e09b2c05c2fa49d1ae94e123a95af (patch)
tree	d02d8ed06d3e0744b30d024daf272d2243d45b14 /src/mod_nss.c
parent	f83ff671fcd348afde41ee50fea69149920004c0 (diff)
download	lighttpd-git-26f354cb371e09b2c05c2fa49d1ae94e123a95af.tar.gz