Fix certificate checker callback lifetime.
OpenSSL's SSL_CTX_set_verify() function allows us to set a callback
called after certificate validation but doesn't provide a way to pass
private data to this callback. CL:183832 was passing the pointer to the
CertificateChecker instance using a global pointer, nevertheless the
lifetime of this pointer was wrong since libcurl can trigger this
callback asynchronously when the SSL certificates are downloaded.
This patch converts the CertificateChecker into a singleton class and
uses the same trick previously used to pass the ServerToCheck value
using different callbacks.
Bug: 25818567
Test: Run an update on edison-userdebug; FEATURES=test emerge-link update_engine
Change-Id: I84cdb2f8c5ac86d1463634e73e867f213f7a2f5a
diff --git a/real_system_state.h b/real_system_state.h
index 651d474..8ca1abc 100644
--- a/real_system_state.h
+++ b/real_system_state.h
@@ -28,6 +28,7 @@
#include <session_manager/dbus-proxies.h>
#include "update_engine/common/boot_control_interface.h"
+#include "update_engine/common/certificate_checker.h"
#include "update_engine/common/clock.h"
#include "update_engine/common/hardware_interface.h"
#include "update_engine/common/prefs.h"
@@ -88,7 +89,7 @@
}
inline UpdateAttempter* update_attempter() override {
- return &update_attempter_;
+ return update_attempter_.get();
}
inline OmahaRequestParams* request_params() override {
@@ -145,8 +146,12 @@
// states.
PayloadState payload_state_;
+ // OpenSSLWrapper and CertificateChecker used for checking SSL certificates.
+ OpenSSLWrapper openssl_wrapper_;
+ std::unique_ptr<CertificateChecker> certificate_checker_;
+
// Pointer to the update attempter object.
- UpdateAttempter update_attempter_{this, &libcros_proxy_, &debugd_proxy_};
+ std::unique_ptr<UpdateAttempter> update_attempter_;
// Common parameters for all Omaha requests.
OmahaRequestParams request_params_{this};