clientHttpConnectionsOpen(void)
{
for (AnyP::PortCfgPointer s = HttpPortList; s != NULL; s = s->next) {
+ const char *scheme = AnyP::UriScheme(s->transport.protocol).c_str();
+
if (MAXTCPLISTENPORTS == NHttpSockets) {
- debugs(1, DBG_IMPORTANT, "WARNING: You have too many 'http_port' lines.");
+ debugs(1, DBG_IMPORTANT, "WARNING: You have too many '" << scheme << "_port' lines.");
debugs(1, DBG_IMPORTANT, " The limit is " << MAXTCPLISTENPORTS << " HTTP ports.");
continue;
}
#if USE_OPENSSL
- if (s->flags.tunnelSslBumping && !Config.accessList.ssl_bump) {
- debugs(33, DBG_IMPORTANT, "WARNING: No ssl_bump configured. Disabling ssl-bump on " << AnyP::UriScheme(s->transport.protocol) << "_port " << s->s);
- s->flags.tunnelSslBumping = false;
+ if (s->flags.tunnelSslBumping) {
+ if (!Config.accessList.ssl_bump) {
+ debugs(33, DBG_IMPORTANT, "WARNING: No ssl_bump configured. Disabling ssl-bump on " << scheme << "_port " << s->s);
+ s->flags.tunnelSslBumping = false;
+ }
+ if (!s->staticSslContext && !s->generateHostCertificates) {
+ debugs(1, DBG_IMPORTANT, "Will not bump SSL at " << scheme << "_port " << s->s << " due to TLS initialization failure.");
+ s->flags.tunnelSslBumping = false;
+ if (s->transport.protocol == AnyP::PROTO_HTTP)
+ s->secure.encryptTransport = false;
+ }
+ if (s->flags.tunnelSslBumping) {
+ // Create ssl_ctx cache for this port.
+ auto sz = s->dynamicCertMemCacheSize == std::numeric_limits<size_t>::max() ? 4194304 : s->dynamicCertMemCacheSize;
+ Ssl::TheGlobalContextStorage.addLocalStorage(s->s, sz);
+ }
}
- if (s->flags.tunnelSslBumping &&
- !s->staticSslContext &&
- !s->generateHostCertificates) {
- debugs(1, DBG_IMPORTANT, "Will not bump SSL at http_port " << s->s << " due to SSL initialization failure.");
- s->flags.tunnelSslBumping = false;
- }
- if (s->flags.tunnelSslBumping) {
- // Create ssl_ctx cache for this port.
- Ssl::TheGlobalContextStorage.addLocalStorage(s->s, s->dynamicCertMemCacheSize == std::numeric_limits<size_t>::max() ? 4194304 : s->dynamicCertMemCacheSize);
+ if (s->secure.encryptTransport && !s->staticSslContext) {
+ debugs(1, DBG_CRITICAL, "ERROR: Ignoring " << scheme << "_port " << s->s << " due to TLS context initialization failure.");
+ continue;
}
#endif
// then pass back when active so we can start a TcpAcceptor subscription.
s->listenConn = new Comm::Connection;
s->listenConn->local = s->s;
- s->listenConn->flags = COMM_NONBLOCKING | (s->flags.tproxyIntercept ? COMM_TRANSPARENT : 0) | (s->flags.natIntercept ? COMM_INTERCEPTION : 0);
- // setup the subscriptions such that new connections accepted by listenConn are handled by HTTP
+ s->listenConn->flags = COMM_NONBLOCKING | (s->flags.tproxyIntercept ? COMM_TRANSPARENT : 0) |
+ (s->flags.natIntercept ? COMM_INTERCEPTION : 0);
+
typedef CommCbFunPtrCallT<CommAcceptCbPtrFun> AcceptCall;
- RefCount<AcceptCall> subCall = commCbCall(5, 5, "httpAccept", CommAcceptCbPtrFun(httpAccept, CommAcceptCbParams(NULL)));
- Subscription::Pointer sub = new CallSubscription<AcceptCall>(subCall);
+ if (s->transport.protocol == AnyP::PROTO_HTTP) {
+ // setup the subscriptions such that new connections accepted by listenConn are handled by HTTP
+ RefCount<AcceptCall> subCall = commCbCall(5, 5, "httpAccept", CommAcceptCbPtrFun(httpAccept, CommAcceptCbParams(NULL)));
+ Subscription::Pointer sub = new CallSubscription<AcceptCall>(subCall);
- AsyncCall::Pointer listenCall = asyncCall(33,2, "clientListenerConnectionOpened",
- ListeningStartedDialer(&clientListenerConnectionOpened, s, Ipc::fdnHttpSocket, sub));
- Ipc::StartListening(SOCK_STREAM, IPPROTO_TCP, s->listenConn, Ipc::fdnHttpSocket, listenCall);
-
- HttpSockets[NHttpSockets] = -1; // set in clientListenerConnectionOpened
- ++NHttpSockets;
- }
-}
+ AsyncCall::Pointer listenCall = asyncCall(33,2, "clientListenerConnectionOpened",
+ ListeningStartedDialer(&clientListenerConnectionOpened, s, Ipc::fdnHttpSocket, sub));
+ Ipc::StartListening(SOCK_STREAM, IPPROTO_TCP, s->listenConn, Ipc::fdnHttpSocket, listenCall);
#if USE_OPENSSL
-static void
-clientHttpsConnectionsOpen(void)
-{
- for (AnyP::PortCfgPointer s = HttpsPortList; s != NULL; s = s->next) {
- if (MAXTCPLISTENPORTS == NHttpSockets) {
- debugs(1, DBG_IMPORTANT, "Ignoring 'https_port' lines exceeding the limit.");
- debugs(1, DBG_IMPORTANT, "The limit is " << MAXTCPLISTENPORTS << " HTTPS ports.");
- continue;
- }
-
- if (!s->staticSslContext) {
- debugs(1, DBG_IMPORTANT, "Ignoring https_port " << s->s <<
- " due to SSL initialization failure.");
- continue;
- }
-
- // TODO: merge with similar code in clientHttpConnectionsOpen()
- if (s->flags.tunnelSslBumping && !Config.accessList.ssl_bump) {
- debugs(33, DBG_IMPORTANT, "WARNING: No ssl_bump configured. Disabling ssl-bump on " << AnyP::UriScheme(s->transport.protocol) << "_port " << s->s);
- s->flags.tunnelSslBumping = false;
- }
-
- if (s->flags.tunnelSslBumping && !s->staticSslContext && !s->generateHostCertificates) {
- debugs(1, DBG_IMPORTANT, "Will not bump SSL at https_port " << s->s << " due to SSL initialization failure.");
- s->flags.tunnelSslBumping = false;
- }
-
- if (s->flags.tunnelSslBumping) {
- // Create ssl_ctx cache for this port.
- Ssl::TheGlobalContextStorage.addLocalStorage(s->s, s->dynamicCertMemCacheSize == std::numeric_limits<size_t>::max() ? 4194304 : s->dynamicCertMemCacheSize);
+ } else if (s->transport.protocol == AnyP::PROTO_HTTPS) {
+ // setup the subscriptions such that new connections accepted by listenConn are handled by HTTPS
+ RefCount<AcceptCall> subCall = commCbCall(5, 5, "httpsAccept", CommAcceptCbPtrFun(httpsAccept, CommAcceptCbParams(NULL)));
+ Subscription::Pointer sub = new CallSubscription<AcceptCall>(subCall);
+
+ AsyncCall::Pointer listenCall = asyncCall(33, 2, "clientListenerConnectionOpened",
+ ListeningStartedDialer(&clientListenerConnectionOpened,
+ s, Ipc::fdnHttpsSocket, sub));
+ Ipc::StartListening(SOCK_STREAM, IPPROTO_TCP, s->listenConn, Ipc::fdnHttpsSocket, listenCall);
+#endif
}
- // Fill out a Comm::Connection which IPC will open as a listener for us
- s->listenConn = new Comm::Connection;
- s->listenConn->local = s->s;
- s->listenConn->flags = COMM_NONBLOCKING | (s->flags.tproxyIntercept ? COMM_TRANSPARENT : 0) |
- (s->flags.natIntercept ? COMM_INTERCEPTION : 0);
-
- // setup the subscriptions such that new connections accepted by listenConn are handled by HTTPS
- typedef CommCbFunPtrCallT<CommAcceptCbPtrFun> AcceptCall;
- RefCount<AcceptCall> subCall = commCbCall(5, 5, "httpsAccept", CommAcceptCbPtrFun(httpsAccept, CommAcceptCbParams(NULL)));
- Subscription::Pointer sub = new CallSubscription<AcceptCall>(subCall);
-
- AsyncCall::Pointer listenCall = asyncCall(33, 2, "clientListenerConnectionOpened",
- ListeningStartedDialer(&clientListenerConnectionOpened,
- s, Ipc::fdnHttpsSocket, sub));
- Ipc::StartListening(SOCK_STREAM, IPPROTO_TCP, s->listenConn, Ipc::fdnHttpsSocket, listenCall);
- HttpSockets[NHttpSockets] = -1;
+ HttpSockets[NHttpSockets] = -1; // set in clientListenerConnectionOpened
++NHttpSockets;
}
}
-#endif
void
clientStartListeningOn(AnyP::PortCfgPointer &port, const RefCount< CommCbFunPtrCallT<CommAcceptCbPtrFun> > &subCall, const Ipc::FdNoteId fdNote)
clientOpenListenSockets(void)
{
clientHttpConnectionsOpen();
-#if USE_OPENSSL
- clientHttpsConnectionsOpen();
-#endif
Ftp::StartListening();
if (NHttpSockets < 1)
{
for (AnyP::PortCfgPointer s = HttpPortList; s != NULL; s = s->next) {
if (s->listenConn != NULL) {
- debugs(1, DBG_IMPORTANT, "Closing HTTP port " << s->listenConn->local);
- s->listenConn->close();
- s->listenConn = NULL;
- }
- }
-
-#if USE_OPENSSL
- for (AnyP::PortCfgPointer s = HttpsPortList; s != NULL; s = s->next) {
- if (s->listenConn != NULL) {
- debugs(1, DBG_IMPORTANT, "Closing HTTPS port " << s->listenConn->local);
+ debugs(1, DBG_IMPORTANT, "Closing HTTP(S) port " << s->listenConn->local);
s->listenConn->close();
s->listenConn = NULL;
}
}
-#endif
Ftp::StopListening();