From 91b5bfa75c928510c8fc3e001120a3bb894dbb1d Mon Sep 17 00:00:00 2001 From: lloyd Date: Thu, 26 Jan 2012 18:14:23 +0000 Subject: Deleting the return of private_key_for in the TLS server forces the credentials server to return a new copy each time which is slow and mostly pointless. Instead, specify that the key remains owned by the credentials manager. This is theoretically an issue if you have thousands of keys to manage; the credentials server doesn't actually know when they have gone out of scope until its destructor runs. So it could be forced to use a lot of memory in the meantime. I'm not sure that this is a case worth optimizing for, at least until someone comes along who actually has this as a problem. --- src/tls/tls_server.cpp | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'src/tls/tls_server.cpp') diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 33dc196bb..d3137a29e 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -268,24 +268,26 @@ void Server::process_handshake_msg(Handshake_Type type, cert_chains[sig_algo]); } - std::auto_ptr private_key(0); + Private_Key* private_key = 0; if(kex_algo == "RSA" || sig_algo != "") { - private_key.reset( - creds.private_key_for(state->server_certs->cert_chain()[0], - "tls-server", - m_hostname)); + private_key = creds.private_key_for(state->server_certs->cert_chain()[0], + "tls-server", + m_hostname); + + if(!private_key) + throw Internal_Error("No private key located for associated server cert"); } if(kex_algo == "RSA") { - state->server_rsa_kex_key = private_key.release(); + state->server_rsa_kex_key = private_key; } else { state->server_kex = - new Server_Key_Exchange(writer, state, policy, rng, private_key.get()); + new Server_Key_Exchange(writer, state, policy, rng, private_key); } std::vector client_auth_CAs = -- cgit v1.2.3