ss: policy: adaptations for dynamic policy

2025-03-09 00:00:04 +01:00 · 2021-10-21 14:44:33 +01:00 · 2021-10-21 14:44:33 +01:00 · b43f90a8ed
commit b43f90a8ed
parent 63db023f58
4 changed files with 17 additions and 4 deletions
--- a/lib/core-net/private-lib-core-net.h
+++ b/lib/core-net/private-lib-core-net.h
@ -524,7 +524,7 @@ struct lws_vhost {
 	uint32_t		tls_session_cache_max;
 #endif

-#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY)
+#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) || defined(LWS_WITH_SECURE_STREAMS_CPP)
 	int8_t			ss_refcount;
 	/**< refcount of number of ss connections with streamtypes using this
 	 * trust store */
--- a/lib/secure-streams/policy-common.c
+++ b/lib/secure-streams/policy-common.c
@ -367,7 +367,7 @@ lws_ss_policy_ref_trust_store(struct lws_context *context,
 	}

 accepted:
-#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY)
+#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) || defined(LWS_WITH_SECURE_STREAMS_CPP)
 	if (doref)
 		v->ss_refcount++;
 #endif
@ -375,7 +375,7 @@ accepted:
 	return v;
 }

-#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY)
+#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) || defined(LWS_WITH_SECURE_STREAMS_CPP)
 int
 lws_ss_policy_unref_trust_store(struct lws_context *context,
 				const lws_ss_policy_t *pol)
--- a/lib/secure-streams/private-lib-secure-streams.h
+++ b/lib/secure-streams/private-lib-secure-streams.h
@ -541,7 +541,7 @@ lws_ss_cancel_notify_dll(struct lws_dll2 *d, void *user);
 int
 lws_sspc_cancel_notify_dll(struct lws_dll2 *d, void *user);

-#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY)
+#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) || defined(LWS_WITH_SECURE_STREAMS_CPP)
 int
 lws_ss_policy_unref_trust_store(struct lws_context *context,
 				const lws_ss_policy_t *pol);
--- a/lib/secure-streams/secure-streams.c
+++ b/lib/secure-streams/secure-streams.c
@ -1283,6 +1283,14 @@ extant:
 		lwsl_err("%s: unable to get vhost / trust store\n", __func__);
 		goto fail_creation;
 	}
+#else
+#if defined(LWS_WITH_SECURE_STREAMS_CPP)
+        if (!ssi->streamtype &&
+	    !lws_ss_policy_ref_trust_store(context, h->policy, 1 /* do the ref */)) {
+		lwsl_err("%s: unable to get vhost / trust store\n", __func__);
+		goto fail_creation;
+	}
+#endif
 #endif

 	r = lws_ss_event_helper(h, LWSSSCS_CREATING);
@ -1487,6 +1495,11 @@ lws_ss_destroy(lws_ss_handle_t **ppss)

 	if (h->policy)
 		lws_ss_policy_unref_trust_store(h->context, h->policy);
+#else
+#if defined(LWS_WITH_SECURE_STREAMS_CPP)
+	if (!h->info.streamtype || !*(h->info.streamtype))
+		lws_ss_policy_unref_trust_store(h->context, h->policy);
+#endif
 #endif

 #if defined(LWS_WITH_SERVER)