Commit 490a36e3 authored by Kenton Varda's avatar Kenton Varda

Make TlsNetworkAddress::connect() not require to stick arouncd.

Although contrary to conventions, it's surprisingly easy to write code that calls connect() and then drops the address before the connection completes, and such code works with the default network implementation, so let's accept it.
parent c45bd150
...@@ -132,8 +132,7 @@ public: ...@@ -132,8 +132,7 @@ public:
throwOpensslError(); throwOpensslError();
} }
return sslCall([this]() { return SSL_connect(ssl); }) return sslCall([this]() { return SSL_connect(ssl); }).then([this](size_t) {
.then([this,expectedServerHostname](size_t) {
X509* cert = SSL_get_peer_certificate(ssl); X509* cert = SSL_get_peer_certificate(ssl);
KJ_REQUIRE(cert != nullptr, "TLS peer provided no certificate"); KJ_REQUIRE(cert != nullptr, "TLS peer provided no certificate");
X509_free(cert); X509_free(cert);
...@@ -386,9 +385,15 @@ public: ...@@ -386,9 +385,15 @@ public:
: tls(tls), hostname(kj::mv(hostname)), inner(kj::mv(inner)) {} : tls(tls), hostname(kj::mv(hostname)), inner(kj::mv(inner)) {}
Promise<Own<AsyncIoStream>> connect() override { Promise<Own<AsyncIoStream>> connect() override {
return inner->connect().then([this](Own<AsyncIoStream>&& stream) { // Note: It's unfortunately pretty common for people to assume they can drop the NetworkAddress
return tls.wrapClient(kj::mv(stream), hostname); // as soon as connect() returns, and this works with the native network implementation.
}); // So, we make some copies here.
auto& tlsRef = tls;
auto hostnameCopy = kj::str(hostname);
return inner->connect().then(kj::mvCapture(hostnameCopy,
[&tlsRef](kj::String&& hostname, Own<AsyncIoStream>&& stream) {
return tlsRef.wrapClient(kj::mv(stream), hostname);
}));
} }
Own<ConnectionReceiver> listen() override { Own<ConnectionReceiver> listen() override {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment