projects / thirdparty / squid.git / blame
| Commit | Line | Data |
|---|---|---|
| 95d2589c CT |
1 | /* |
| 2 | * 2008/11/14 | |
| 3 | */ | |
| 4 | ||
| f7f3304a | 5 | #include "squid.h" |
| 18f37f42 | 6 | #include "anyp/PortCfg.h" |
| 1bc8a1b7 | 7 | #include "protos.h" |
| 95d2589c CT |
8 | #include "ssl/Config.h" |
| 9 | #include "ssl/helper.h" | |
| 10 | #include "SquidTime.h" | |
| 11 | #include "SwapDir.h" | |
| 12 | ||
| 13 | Ssl::Helper * Ssl::Helper::GetInstance() | |
| 14 | { | |
| 15 | static Ssl::Helper sslHelper; | |
| 16 | return &sslHelper; | |
| 17 | } | |
| 18 | ||
| 19 | Ssl::Helper::Helper() | |
| 20 | { | |
| 95d2589c CT |
21 | } |
| 22 | ||
| 23 | Ssl::Helper::~Helper() | |
| 24 | { | |
| 25 | Shutdown(); | |
| 26 | } | |
| 27 | ||
| 28 | void Ssl::Helper::Init() | |
| 29 | { | |
| 586089cd CT |
30 | assert(ssl_crtd == NULL); |
| 31 | ||
| 24e6c8f1 AR |
32 | // we need to start ssl_crtd only if some port(s) need to bump SSL |
| 33 | bool found = false; | |
| 34 | for (AnyP::PortCfg *s = ::Config.Sockaddr.http; !found && s; s = s->next) | |
| 35 | found = s->sslBump; | |
| 36 | for (AnyP::PortCfg *s = ::Config.Sockaddr.https; !found && s; s = s->next) | |
| 37 | found = s->sslBump; | |
| 38 | if (!found) | |
| 586089cd CT |
39 | return; |
| 40 | ||
| 41 | ssl_crtd = new helper("ssl_crtd"); | |
| 1af735c7 | 42 | ssl_crtd->childs.updateLimits(Ssl::TheConfig.ssl_crtdChildren); |
| 95d2589c | 43 | ssl_crtd->ipc_type = IPC_STREAM; |
| 0af9303a CT |
44 | // The crtd messages may contain the eol ('\n') character. We are |
| 45 | // going to use the '\1' char as the end-of-message mark. | |
| 46 | ssl_crtd->eom = '\1'; | |
| 95d2589c CT |
47 | assert(ssl_crtd->cmdline == NULL); |
| 48 | { | |
| 49 | char *tmp = xstrdup(Ssl::TheConfig.ssl_crtd); | |
| 50 | char *tmp_begin = tmp; | |
| 51 | char * token = NULL; | |
| 52 | bool db_path_was_found = false; | |
| 53 | bool block_size_was_found = false; | |
| 54 | char buffer[20] = "2048"; | |
| 55 | while ((token = strwordtok(NULL, &tmp))) { | |
| 56 | wordlistAdd(&ssl_crtd->cmdline, token); | |
| 57 | if (!strcmp(token, "-b")) | |
| 58 | block_size_was_found = true; | |
| 59 | if (!strcmp(token, "-s")) { | |
| 60 | db_path_was_found = true; | |
| 61 | } else if (db_path_was_found) { | |
| 62 | db_path_was_found = false; | |
| 63 | int fs_block_size = 0; | |
| 64 | storeDirGetBlkSize(token, &fs_block_size); | |
| 65 | snprintf(buffer, sizeof(buffer), "%i", fs_block_size); | |
| 66 | } | |
| 67 | } | |
| 68 | if (!block_size_was_found) { | |
| 69 | wordlistAdd(&ssl_crtd->cmdline, "-b"); | |
| 70 | wordlistAdd(&ssl_crtd->cmdline, buffer); | |
| 71 | } | |
| 72 | safe_free(tmp_begin); | |
| 73 | } | |
| 95d2589c CT |
74 | helperOpenServers(ssl_crtd); |
| 75 | } | |
| 76 | ||
| 77 | void Ssl::Helper::Shutdown() | |
| 78 | { | |
| 79 | if (!ssl_crtd) | |
| 80 | return; | |
| 81 | helperShutdown(ssl_crtd); | |
| 82 | wordlistDestroy(&ssl_crtd->cmdline); | |
| 95d2589c CT |
83 | delete ssl_crtd; |
| 84 | ssl_crtd = NULL; | |
| 85 | } | |
| 86 | ||
| 87 | void Ssl::Helper::sslSubmit(CrtdMessage const & message, HLPCB * callback, void * data) | |
| 88 | { | |
| 89 | static time_t first_warn = 0; | |
| 586089cd | 90 | assert(ssl_crtd); |
| 95d2589c CT |
91 | |
| 92 | if (ssl_crtd->stats.queue_size >= (int)(ssl_crtd->childs.n_running * 2)) { | |
| 93 | if (first_warn == 0) | |
| 94 | first_warn = squid_curtime; | |
| 95 | if (squid_curtime - first_warn > 3 * 60) | |
| 96 | fatal("SSL servers not responding for 3 minutes"); | |
| e0236918 | 97 | debugs(34, DBG_IMPORTANT, HERE << "Queue overload, rejecting"); |
| 95d2589c CT |
98 | callback(data, (char *)"error 45 Temporary network problem, please retry later"); |
| 99 | return; | |
| 100 | } | |
| 101 | ||
| 102 | first_warn = 0; | |
| 0af9303a CT |
103 | std::string msg = message.compose(); |
| 104 | msg += '\n'; | |
| 105 | helperSubmit(ssl_crtd, msg.c_str(), callback, data); | |
| 95d2589c | 106 | } |