defer reading of certificates until the first SSL connection

2025-10-03 18:31:55 -04:00 · 2002-10-17 21:25:14 +00:00 · 2002-10-17 21:25:14 +00:00 · e926155c82
commit e926155c82
parent b12571edd9
3 changed files with 24 additions and 13 deletions
--- a/panda/src/downloader/httpChannel.cxx
+++ b/panda/src/downloader/httpChannel.cxx
@ -670,7 +670,7 @@ run_proxy_reading_header() {
 ////////////////////////////////////////////////////////////////////
 bool HTTPChannel::
 run_setup_ssl() {
-  _sbio = BIO_new_ssl(_client->_ssl_ctx, true);
+  _sbio = BIO_new_ssl(_client->get_ssl_ctx(), true);
  BIO_push(_sbio, *_bio);

  if (downloader_cat.is_debug()) {
@ -2120,8 +2120,9 @@ show_send(const string &message) {
  size_t start = 0;
  size_t newline = message.find('\n', start);
  while (newline != string::npos) {
+    // Assume every \n is preceded by a \r.
    downloader_cat.spam()
-      << "send: " << message.substr(start, newline - start + 1);
+      << "send: " << message.substr(start, newline - start - 1) << "\n";
    start = newline + 1;
    newline = message.find('\n', start);
  }
--- a/panda/src/downloader/httpClient.cxx
+++ b/panda/src/downloader/httpClient.cxx
@ -53,7 +53,13 @@ HTTPClient::
 HTTPClient() {
  _http_version = HV_11;
  _verify_ssl = verify_ssl ? VS_normal : VS_no_verify;
-  make_ctx();
+  _ssl_ctx = (SSL_CTX *)NULL;
+
+  // The first time we create an HTTPClient, we must initialize the
+  // OpenSSL library.
+  if (!_ssl_initialized) {
+    initialize_ssl();
+  }
 }

 ////////////////////////////////////////////////////////////////////
@ -67,7 +73,7 @@ HTTPClient(const HTTPClient &copy) {
  // function will copy them in a second.
  _http_version = HV_11;
  _verify_ssl = verify_ssl ? VS_normal : VS_no_verify;
-  make_ctx();
+  _ssl_ctx = (SSL_CTX *)NULL;

  (*this) = copy;
 }
@ -356,15 +362,15 @@ get_header(const URLSpec &url) {


 ////////////////////////////////////////////////////////////////////
-//     Function: HTTPClient::make_ctx
-//       Access: Private
-//  Description: Creates the OpenSSL context object.  This is only
-//               called by the constructor.
+//     Function: HTTPClient::get_ssl_ctx
+//       Access: Public
+//  Description: Returns the OpenSSL context object, creating it first
+//               if needed.
 ////////////////////////////////////////////////////////////////////
-void HTTPClient::
-make_ctx() {
-  if (!_ssl_initialized) {
-    initialize_ssl();
+SSL_CTX *HTTPClient::
+get_ssl_ctx() {
+  if (_ssl_ctx != (SSL_CTX *)NULL) {
+    return _ssl_ctx;
  }

  _ssl_ctx = SSL_CTX_new(SSLv23_client_method());
@ -428,6 +434,8 @@ make_ctx() {
      }
    }
  }
+
+  return _ssl_ctx;
 }

 ////////////////////////////////////////////////////////////////////
--- a/panda/src/downloader/httpClient.h
+++ b/panda/src/downloader/httpClient.h
@ -95,8 +95,10 @@ PUBLISHED:
                                const string &body = string());
  PT(HTTPChannel) get_header(const URLSpec &url);

+public:
+  SSL_CTX *get_ssl_ctx();
+
 private:
-  void make_ctx();
  static void initialize_ssl();
  static int load_verify_locations(SSL_CTX *ctx, const Filename &ca_file);