HPCC-17711 Roxie ssl listener passphrase decrypt

Signed-off-by: Mark Kelly <mark.kelly@lexisnexisrisk.com>

roxie/ccd/ccdmain.cpp

@@ -1129,11 +1129,8 @@ int STARTQUERY_API start_query(int argc, const char *argv[])
                 if (port)
                 {
                     const char *protocol = roxieFarm.queryProp("@protocol");
-                    const char *certFilePtr = nullptr;
                     StringBuffer certFileName;
-                    const char *keyFilePtr = nullptr;
                     StringBuffer keyFileName;
-                    const char *passPhrasePtr = nullptr;
                     StringBuffer passPhraseStr;
                     if (protocol && streq(protocol, "ssl"))
                     {
@@ -1147,7 +1144,6 @@ int STARTQUERY_API start_query(int argc, const char *argv[])
                             certFileName.append(codeDirectory.str()).append(certFile);
                         if (!checkFileExists(certFileName.str()))
                             throw MakeStringException(ROXIE_FILE_ERROR, "Roxie SSL Farm Listener on port %d missing certificateFile (%s)", port, certFileName.str());
-                        certFilePtr = certFileName.str();
 
                         const char *keyFile = roxieFarm.queryProp("@privateKeyFileName");
                         if (!keyFile)
@@ -1158,14 +1154,10 @@ int STARTQUERY_API start_query(int argc, const char *argv[])
                             keyFileName.append(codeDirectory.str()).append(keyFile);
                         if (!checkFileExists(keyFileName.str()))
                             throw MakeStringException(ROXIE_FILE_ERROR, "Roxie SSL Farm Listener on port %d missing privateKeyFile (%s)", port, keyFileName.str());
-                        keyFilePtr = keyFileName.str();
 
                         const char *passPhrase = roxieFarm.queryProp("@passphrase");
                         if (!isEmptyString(passPhrase))
-                        {
                             decrypt(passPhraseStr, passPhrase);
-                            passPhrasePtr = passPhraseStr.str();
-                        }
 #else
                         WARNLOG("Skipping Roxie SSL Farm Listener on port %d : OpenSSL disabled in build", port);
                         continue;
@@ -1174,7 +1166,7 @@ int STARTQUERY_API start_query(int argc, const char *argv[])
                     const char *soname =  roxieFarm.queryProp("@so");
                     const char *config  = roxieFarm.queryProp("@config");
                     Owned<IHpccProtocolPlugin> protocolPlugin = ensureProtocolPlugin(*protocolCtx, soname);
-                    roxieServer.setown(protocolPlugin->createListener(protocol ? protocol : "native", createRoxieProtocolMsgSink(ip, port, numThreads, suspended), port, listenQueue, config, certFilePtr, keyFilePtr, passPhrasePtr));
+                    roxieServer.setown(protocolPlugin->createListener(protocol ? protocol : "native", createRoxieProtocolMsgSink(ip, port, numThreads, suspended), port, listenQueue, config, certFileName.str(), keyFileName.str(), passPhraseStr.str()));
                 }
                 else
                     roxieServer.setown(createRoxieWorkUnitListener(numThreads, suspended));

roxie/ccd/ccdprotocol.cpp

@@ -283,7 +283,7 @@ public:
             Owned<ISecureSocket> ssock;
             if (client)
             {
-                if (protocol.get() && streq(protocol.get(), "ssl"))
+                if (streq(protocol.str(), "ssl"))
                 {
 #ifdef _USE_OPENSSL
                     try