2 * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
10 #include "anyp/PortCfg.h"
14 #include "ssl/support.h"
20 AnyP::PortCfgPointer HttpPortList
;
22 AnyP::PortCfgPointer HttpsPortList
;
24 AnyP::PortCfgPointer FtpPortList
;
27 int HttpSockets
[MAXTCPLISTENPORTS
];
29 AnyP::PortCfg::PortCfg() :
32 transport(AnyP::PROTO_HTTP
,1,1), // "Squid is an HTTP proxy", etc.
40 connection_auth_disabled(false),
41 ftp_track_dirs(false),
43 disable_pmtu_discovery(0),
57 sslContextSessionId(NULL
),
58 generateHostCertificates(false),
59 dynamicCertMemCacheSize(std::numeric_limits
<size_t>::max()),
64 untrustedSigningCert(),
74 memset(&tcp_keepalive
, 0, sizeof(tcp_keepalive
));
77 AnyP::PortCfg::~PortCfg()
79 if (Comm::IsConnOpen(listenConn
)) {
85 safe_free(defaultsite
);
98 safe_free(sslContextSessionId
);
103 AnyP::PortCfg::clone() const
105 AnyP::PortCfgPointer b
= new AnyP::PortCfg();
108 b
->name
= xstrdup(name
);
110 b
->defaultsite
= xstrdup(defaultsite
);
112 b
->transport
= transport
;
114 b
->allow_direct
= allow_direct
;
117 b
->connection_auth_disabled
= connection_auth_disabled
;
118 b
->ftp_track_dirs
= ftp_track_dirs
;
119 b
->disable_pmtu_discovery
= disable_pmtu_discovery
;
120 b
->tcp_keepalive
= tcp_keepalive
;
123 // TODO: AYJ: 2009-07-18: for now SSL does not clone. Configure separate ports with IPs and SSL settings
137 char *sslContextSessionId
;
148 AnyP::PortCfg::configureSslServerContext()
151 Ssl::readCertChainAndPrivateKeyFromFiles(signingCert
, signPkey
, certsToChain
, cert
, key
);
155 fatalf("No valid signing SSL certificate configured for %s_port %s", AnyP::ProtocolType_str
[transport
.protocol
], s
.toUrl(buf
, sizeof(buf
)));
159 debugs(3, DBG_IMPORTANT
, "No SSL private key configured for " << AnyP::ProtocolType_str
[transport
.protocol
] << "_port " << s
);
161 Ssl::generateUntrustedCert(untrustedSigningCert
, untrustedSignPkey
,
162 signingCert
, signPkey
);
164 if (!untrustedSigningCert
) {
166 fatalf("Unable to generate signing SSL certificate for untrusted sites for %s_port %s", AnyP::ProtocolType_str
[transport
.protocol
], s
.toUrl(buf
, sizeof(buf
)));
170 clientVerifyCrls
.reset(Ssl::loadCrl(crlfile
, sslContextFlags
));
173 clientCA
.reset(SSL_load_client_CA_file(clientca
));
174 if (clientCA
.get() == NULL
) {
175 fatalf("Unable to read client CAs! from %s", clientca
);
179 contextMethod
= Ssl::contextMethod(version
);
181 fatalf("Unable to compute context method to use");
184 dhParams
.reset(Ssl::readDHParams(dhfile
));
187 sslContextFlags
= Ssl::parse_flags(sslflags
);
189 sslOptions
= Ssl::parse_options(options
);
191 staticSslContext
.reset(sslCreateServerContext(*this));
193 if (!staticSslContext
) {
195 fatalf("%s_port %s initialization error", AnyP::ProtocolType_str
[transport
.protocol
], s
.toUrl(buf
, sizeof(buf
)));