Google Git
Sign in
quiche/quiche.git/7d039d277833bfd5305cb8153b8e1bacb529eae4^!/.
commit
7d039d277833bfd5305cb8153b8e1bacb529eae4
[log]
author
davidben <davidben@google.com>
Tue May 20 15:18:44 2025 -0700
committer
Copybara-Service <copybara-worker@google.com>
Tue May 20 15:19:48 2025 -0700
tree
aae50ee88d312a5c7dcc965075c14eaef4f44bb5
parent
c2233b7646f78bc8d875b11ca51f7accc65bb41b [diff]
Use `bssl::UniquePtr` to own the `SSL_CREDENTIAL` in `SetCertChain`

This does the exact same thing, but is a little tidier.

PiperOrigin-RevId: 761249937

diff --git a/quiche/quic/core/crypto/tls_server_connection.cc b/quiche/quic/core/crypto/tls_server_connection.cc
index 2b7ddc7..80a3aa7 100644
--- a/quiche/quic/core/crypto/tls_server_connection.cc
+++ b/quiche/quic/core/crypto/tls_server_connection.cc

@@ -78,28 +78,28 @@
     const std::string& trust_anchor_id) {
   if (GetQuicReloadableFlag(enable_tls_trust_anchor_ids)) {
     QUIC_RELOADABLE_FLAG_COUNT_N(enable_tls_trust_anchor_ids, 1, 2);
-    SSL_CREDENTIAL* credential = SSL_CREDENTIAL_new_x509();
-    SSL_CREDENTIAL_set1_cert_chain(credential, cert_chain.data(),
+    bssl::UniquePtr<SSL_CREDENTIAL> credential(SSL_CREDENTIAL_new_x509());
+    SSL_CREDENTIAL_set1_cert_chain(credential.get(), cert_chain.data(),
                                    cert_chain.size());
     if (ssl_config().signing_algorithm_prefs.has_value()) {
       SSL_CREDENTIAL_set1_signing_algorithm_prefs(
-          credential, ssl_config().signing_algorithm_prefs->data(),
+          credential.get(), ssl_config().signing_algorithm_prefs->data(),
           ssl_config().signing_algorithm_prefs->size());
     }
     SSL_CREDENTIAL_set_private_key_method(
-        credential, &TlsServerConnection::kPrivateKeyMethod);
+        credential.get(), &TlsServerConnection::kPrivateKeyMethod);
 #if defined(BORINGSSL_API_VERSION) && BORINGSSL_API_VERSION >= 36
     if (!trust_anchor_id.empty()) {
       SSL_CREDENTIAL_set1_trust_anchor_id(
-          credential, reinterpret_cast<const uint8_t*>(trust_anchor_id.data()),
+          credential.get(),
+          reinterpret_cast<const uint8_t*>(trust_anchor_id.data()),
           trust_anchor_id.size());
-      SSL_CREDENTIAL_set_must_match_issuer(credential, 1);
+      SSL_CREDENTIAL_set_must_match_issuer(credential.get(), 1);
     }
 #else
     (void)trust_anchor_id;  // Suppress unused parameter error.
 #endif
-    SSL_add1_credential(ssl(), credential);
-    SSL_CREDENTIAL_free(credential);
+    SSL_add1_credential(ssl(), credential.get());
   } else {
     SSL_set_chain_and_key(ssl(), cert_chain.data(), cert_chain.size(), nullptr,
                           &TlsServerConnection::kPrivateKeyMethod);