Fix certificate checker callback lifetime.
OpenSSL's SSL_CTX_set_verify() function allows us to set a callback
called after certificate validation but doesn't provide a way to pass
private data to this callback. CL:183832 was passing the pointer to the
CertificateChecker instance using a global pointer, nevertheless the
lifetime of this pointer was wrong since libcurl can trigger this
callback asynchronously when the SSL certificates are downloaded.
This patch converts the CertificateChecker into a singleton class and
uses the same trick previously used to pass the ServerToCheck value
using different callbacks.
Bug: 25818567
Test: Run an update on edison-userdebug; FEATURES=test emerge-link update_engine
Change-Id: I84cdb2f8c5ac86d1463634e73e867f213f7a2f5a
diff --git a/update_attempter.h b/update_attempter.h
index 500f48f..21fa362 100644
--- a/update_attempter.h
+++ b/update_attempter.h
@@ -60,6 +60,7 @@
static const int kMaxDeltaUpdateFailures;
UpdateAttempter(SystemState* system_state,
+ CertificateChecker* cert_checker,
LibCrosProxy* libcros_proxy,
org::chromium::debugdProxyInterface* debugd_proxy);
~UpdateAttempter() override;
@@ -393,6 +394,9 @@
// carved out separately to mock out easily in unit tests.
SystemState* system_state_;
+ // Pointer to the certificate checker instance to use.
+ CertificateChecker* cert_checker_;
+
// If non-null, this UpdateAttempter will send status updates over this
// dbus service.
UpdateEngineAdaptor* dbus_adaptor_ = nullptr;
@@ -446,9 +450,6 @@
DirectProxyResolver direct_proxy_resolver_;
ChromeBrowserProxyResolver chrome_proxy_resolver_;
- // OpenSSLWrapper used for checking certificates.
- OpenSSLWrapper openssl_wrapper_;
-
// Originally, both of these flags are false. Once UpdateBootFlags is called,
// |update_boot_flags_running_| is set to true. As soon as UpdateBootFlags
// completes its asynchronous run, |update_boot_flags_running_| is reset to