2 #include "anyp/PortCfg.h"
3 #include "ssl/Config.h"
4 #include "ssl/helper.h"
5 #include "SquidString.h"
9 #include "SquidConfig.h"
12 Ssl::Helper
* Ssl::Helper::GetInstance()
14 static Ssl::Helper sslHelper
;
22 Ssl::Helper::~Helper()
27 void Ssl::Helper::Init()
29 assert(ssl_crtd
== NULL
);
31 // we need to start ssl_crtd only if some port(s) need to bump SSL
33 for (AnyP::PortCfg
*s
= ::Config
.Sockaddr
.http
; !found
&& s
; s
= s
->next
)
35 for (AnyP::PortCfg
*s
= ::Config
.Sockaddr
.https
; !found
&& s
; s
= s
->next
)
40 ssl_crtd
= new helper("ssl_crtd");
41 ssl_crtd
->childs
.updateLimits(Ssl::TheConfig
.ssl_crtdChildren
);
42 ssl_crtd
->ipc_type
= IPC_STREAM
;
43 // The crtd messages may contain the eol ('\n') character. We are
44 // going to use the '\1' char as the end-of-message mark.
46 assert(ssl_crtd
->cmdline
== NULL
);
48 char *tmp
= xstrdup(Ssl::TheConfig
.ssl_crtd
);
49 char *tmp_begin
= tmp
;
51 bool db_path_was_found
= false;
52 bool block_size_was_found
= false;
53 char buffer
[20] = "2048";
54 while ((token
= strwordtok(NULL
, &tmp
))) {
55 wordlistAdd(&ssl_crtd
->cmdline
, token
);
56 if (!strcmp(token
, "-b"))
57 block_size_was_found
= true;
58 if (!strcmp(token
, "-s")) {
59 db_path_was_found
= true;
60 } else if (db_path_was_found
) {
61 db_path_was_found
= false;
62 int fs_block_size
= 0;
63 storeDirGetBlkSize(token
, &fs_block_size
);
64 snprintf(buffer
, sizeof(buffer
), "%i", fs_block_size
);
67 if (!block_size_was_found
) {
68 wordlistAdd(&ssl_crtd
->cmdline
, "-b");
69 wordlistAdd(&ssl_crtd
->cmdline
, buffer
);
73 helperOpenServers(ssl_crtd
);
76 void Ssl::Helper::Shutdown()
80 helperShutdown(ssl_crtd
);
81 wordlistDestroy(&ssl_crtd
->cmdline
);
86 void Ssl::Helper::sslSubmit(CrtdMessage
const & message
, HLPCB
* callback
, void * data
)
88 static time_t first_warn
= 0;
91 if (ssl_crtd
->stats
.queue_size
>= (int)(ssl_crtd
->childs
.n_running
* 2)) {
93 first_warn
= squid_curtime
;
94 if (squid_curtime
- first_warn
> 3 * 60)
95 fatal("SSL servers not responding for 3 minutes");
96 debugs(34, DBG_IMPORTANT
, HERE
<< "Queue overload, rejecting");
97 HelperReply failReply
;
98 failReply
.result
= HelperReply::BrokenHelper
;
99 failReply
.notes
.add("message", "error 45 Temporary network problem, please retry later");
100 callback(data
, failReply
);
105 std::string msg
= message
.compose();
107 helperSubmit(ssl_crtd
, msg
.c_str(), callback
, data
);
109 #endif //USE_SSL_CRTD
111 #if 1 // USE_SSL_CERT_VALIDATOR
112 /*ssl_crtd_validator*/
114 Ssl::CertValidationHelper
* Ssl::CertValidationHelper::GetInstance()
116 static Ssl::CertValidationHelper sslHelper
;
117 if (!Ssl::TheConfig
.ssl_crt_validator
)
122 Ssl::CertValidationHelper::CertValidationHelper() : ssl_crt_validator(NULL
)
126 Ssl::CertValidationHelper::~CertValidationHelper()
131 void Ssl::CertValidationHelper::Init()
133 assert(ssl_crt_validator
== NULL
);
135 // we need to start ssl_crtd only if some port(s) need to bump SSL
137 for (AnyP::PortCfg
*s
= ::Config
.Sockaddr
.http
; !found
&& s
; s
= s
->next
)
139 for (AnyP::PortCfg
*s
= ::Config
.Sockaddr
.https
; !found
&& s
; s
= s
->next
)
144 ssl_crt_validator
= new helper("ssl_crt_validator");
145 ssl_crt_validator
->childs
.updateLimits(Ssl::TheConfig
.ssl_crt_validator_Children
);
146 ssl_crt_validator
->ipc_type
= IPC_STREAM
;
147 // The crtd messages may contain the eol ('\n') character. We are
148 // going to use the '\1' char as the end-of-message mark.
149 ssl_crt_validator
->eom
= '\1';
150 assert(ssl_crt_validator
->cmdline
== NULL
);
152 char *tmp
= xstrdup(Ssl::TheConfig
.ssl_crt_validator
);
153 char *tmp_begin
= tmp
;
155 while ((token
= strwordtok(NULL
, &tmp
))) {
156 wordlistAdd(&ssl_crt_validator
->cmdline
, token
);
160 helperOpenServers(ssl_crt_validator
);
163 void Ssl::CertValidationHelper::Shutdown()
165 if (!ssl_crt_validator
)
167 helperShutdown(ssl_crt_validator
);
168 wordlistDestroy(&ssl_crt_validator
->cmdline
);
169 delete ssl_crt_validator
;
170 ssl_crt_validator
= NULL
;
173 void Ssl::CertValidationHelper::sslSubmit(CrtdMessage
const & message
, HLPCB
* callback
, void * data
)
175 static time_t first_warn
= 0;
176 assert(ssl_crt_validator
);
178 if (ssl_crt_validator
->stats
.queue_size
>= (int)(ssl_crt_validator
->childs
.n_running
* 2)) {
180 first_warn
= squid_curtime
;
181 if (squid_curtime
- first_warn
> 3 * 60)
182 fatal("ssl_crtvd queue being overloaded for long time");
183 debugs(83, DBG_IMPORTANT
, "WARNING: ssl_crtvd queue overload, rejecting");
184 HelperReply failReply
;
185 failReply
.result
= HelperReply::BrokenHelper
;
186 failReply
.notes
.add("message", "error 45 Temporary network problem, please retry later");
187 callback(data
, failReply
);
192 std::string msg
= message
.compose();
194 helperSubmit(ssl_crt_validator
, msg
.c_str(), callback
, data
);
196 #endif // USE_SSL_CERT_VALIDATOR