Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android_system_update_engine / 33e91e78bfe98c063b0c3b6d590976e275685686^! / . / common / libcurl_http_fetcher.h
commit33e91e78bfe98c063b0c3b6d590976e275685686[log] [tgz]
authorAlex Deymo <deymo@google.com>Tue Dec 01 18:26:08 2015 -0300
committerAlex Deymo <deymo@google.com>Fri Dec 04 19:27:34 2015 -0800
tree1912f6dbc00b546af84865eaf8da1e1b0b5df9db
parent2b4268c8f89d115b0895b3f0172f42c11d9b1d7c [diff] [blame]
Fix certificate checker callback lifetime.

OpenSSL's SSL_CTX_set_verify() function allows us to set a callback
called after certificate validation but doesn't provide a way to pass
private data to this callback. CL:183832 was passing the pointer to the
CertificateChecker instance using a global pointer, nevertheless the
lifetime of this pointer was wrong since libcurl can trigger this
callback asynchronously when the SSL certificates are downloaded.

This patch converts the CertificateChecker into a singleton class and
uses the same trick previously used to pass the ServerToCheck value
using different callbacks.

Bug: 25818567
Test: Run an update on edison-userdebug; FEATURES=test emerge-link update_engine

Change-Id: I84cdb2f8c5ac86d1463634e73e867f213f7a2f5a

diff --git a/common/libcurl_http_fetcher.h b/common/libcurl_http_fetcher.h
index df0a7be..900c973 100644
--- a/common/libcurl_http_fetcher.h
+++ b/common/libcurl_http_fetcher.h

@@ -40,11 +40,7 @@
 class LibcurlHttpFetcher : public HttpFetcher {
  public:
   LibcurlHttpFetcher(ProxyResolver* proxy_resolver,
-                     HardwareInterface* hardware,
-                     std::unique_ptr<CertificateChecker> certificate_checker);
-  LibcurlHttpFetcher(ProxyResolver* proxy_resolver,
-                     HardwareInterface* hardware)
-      : LibcurlHttpFetcher(proxy_resolver, hardware, nullptr) {}
+                     HardwareInterface* hardware);
 
   // Cleans up all internal state. Does not notify delegate
   ~LibcurlHttpFetcher() override;
@@ -85,6 +81,10 @@
     no_network_max_retries_ = retries;
   }
 
+  void set_server_to_check(ServerToCheck server_to_check) {
+    server_to_check_ = server_to_check;
+  }
+
   size_t GetBytesDownloaded() override {
     return static_cast<size_t>(bytes_downloaded_);
   }
@@ -231,9 +231,10 @@
   // if we get a terminate request, queue it until we can handle it.
   bool terminate_requested_{false};
 
-  // The CertificateChecker used to check this connection's certificate. If no
-  // certificate check needs to be performed, this should be empty.
-  std::unique_ptr<CertificateChecker> certificate_checker_;
+  // The ServerToCheck used when checking this connection's certificate. If no
+  // certificate check needs to be performed, this should be set to
+  // ServerToCheck::kNone.
+  ServerToCheck server_to_check_{ServerToCheck::kNone};
 
   int low_speed_limit_bps_{kDownloadLowSpeedLimitBps};
   int low_speed_time_seconds_{kDownloadLowSpeedTimeSeconds};