/*
- * DEBUG: section 28 Access Control
- * AUTHOR: Duane Wessels
+ * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
*
- * SQUID Web Proxy Cache http://www.squid-cache.org/
- * ----------------------------------------------------------
- *
- * Squid is the result of efforts by numerous individuals from
- * the Internet community; see the CONTRIBUTORS file for full
- * details. Many organizations have provided support for Squid's
- * development; see the SPONSORS file for full details. Squid is
- * Copyrighted (C) 2001 by the Regents of the University of
- * California; see the COPYRIGHT file for full details. Squid
- * incorporates software developed and/or copyrighted by other
- * sources; see the CREDITS file for full details.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
- *
- *
- * Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
*/
+/* DEBUG: section 28 Access Control */
+
#include "squid.h"
/* MS Visual Studio Projects are monolithic, so we need the following
* #if to exclude the SSL code from compile process when not needed.
*/
-#if USE_SSL
+#if USE_OPENSSL
#include "acl/Certificate.h"
-#include "acl/Checklist.h"
#include "acl/CertificateData.h"
-#include "HttpRequest.h"
+#include "acl/Checklist.h"
#include "client_side.h"
#include "fde.h"
#include "globals.h"
+#include "http/Stream.h"
+#include "HttpRequest.h"
int
-ACLCertificateStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+ACLCertificateStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
{
const int fd = checklist->fd();
const bool goodDescriptor = 0 <= fd && fd <= Biggest_FD;
- SSL *ssl = goodDescriptor ? fd_table[fd].ssl : 0;
- return data->match (ssl);
+ auto ssl = goodDescriptor ? fd_table[fd].ssl.get() : nullptr;
+ X509 *cert = SSL_get_peer_certificate(ssl);
+ const bool res = data->match (cert);
+ X509_free(cert);
+ return res;
}
ACLCertificateStrategy *
ACLCertificateStrategy ACLCertificateStrategy::Instance_;
-#endif /* USE_SSL */
+#endif /* USE_OPENSSL */
+