/*
- * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
+ * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
*
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
Security::PeerConnector::initialize(Security::SessionPointer &serverSession)
{
#if USE_OPENSSL
- Security::ContextPtr sslContext(getSslContext());
- assert(sslContext);
+ Security::ContextPointer ctx(getTlsContext());
+ assert(ctx);
- if (!Ssl::CreateClient(sslContext, serverConnection(), "server https start")) {
+ if (!Ssl::CreateClient(ctx, serverConnection(), "server https start")) {
+ const auto xerrno = errno;
+ const auto ssl_error = ERR_get_error();
ErrorState *anErr = new ErrorState(ERR_SOCKET_FAILURE, Http::scInternalServerError, request.getRaw());
- anErr->xerrno = errno;
- debugs(83, DBG_IMPORTANT, "Error allocating TLS handle: " << ERR_error_string(ERR_get_error(), NULL));
+ anErr->xerrno = xerrno;
+ debugs(83, DBG_IMPORTANT, "Error allocating TLS handle: " << Security::ErrorString(ssl_error));
noteNegotiationDone(anErr);
bail(anErr);
return false;
#if USE_OPENSSL
// retrieve TLS parsed extra info
BIO *b = SSL_get_rbio(session.get());
- Ssl::ServerBio *bio = static_cast<Ssl::ServerBio *>(b->ptr);
+ Ssl::ServerBio *bio = static_cast<Ssl::ServerBio *>(BIO_get_data(b));
if (const Security::TlsDetails::Pointer &details = bio->receivedHelloDetails())
serverConnection()->tlsNegotiations()->retrieveParsedInfo(details);
#endif
// Ssl::CertValidationRequest object used only to pass data to
// Ssl::CertValidationHelper::submit method.
validationRequest.ssl = session.get();
- validationRequest.domainName = request->url.host();
+ if (SBuf *dName = (SBuf *)SSL_get_ex_data(session.get(), ssl_ex_index_server))
+ validationRequest.domainName = dName->c_str();
if (Security::CertErrors *errs = static_cast<Security::CertErrors *>(SSL_get_ex_data(session.get(), ssl_ex_index_ssl_errors)))
// validationRequest disappears on return so no need to cbdataReference
validationRequest.errors = errs;
return;
}
- debugs(83,5, request->url.host() << " cert validation result: " << validationResponse->resultCode);
+ if (Debug::Enabled(83, 5)) {
+ Security::SessionPointer ssl(fd_table[serverConnection()->fd].ssl);
+ SBuf *server = static_cast<SBuf *>(SSL_get_ex_data(ssl.get(), ssl_ex_index_server));
+ debugs(83,5, RawPointer("host", server) << " cert validation result: " << validationResponse->resultCode);
+ }
if (validationResponse->resultCode == ::Helper::Error) {
if (Security::CertErrors *errs = sslCrtvdCheckForErrors(*validationResponse, errDetails)) {
#if USE_OPENSSL
Security::SessionPointer session(fd_table[fd].ssl);
BIO *b = SSL_get_rbio(session.get());
- Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(b->ptr);
+ Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(BIO_get_data(b));
if (srvBio->holdRead()) {
if (srvBio->gotHello()) {
if (checkForMissingCertificates())
const int fd = serverConnection()->fd;
debugs(83, DBG_IMPORTANT, "Error negotiating SSL on FD " << fd <<
- ": " << ERR_error_string(ssl_lib_error, NULL) << " (" <<
+ ": " << Security::ErrorString(ssl_lib_error) << " (" <<
ssl_error << "/" << ret << "/" << errno << ")");
ErrorState *anErr = NULL;
"Security::PeerConnector::certDownloadingDone",
PeerConnectorCertDownloaderDialer(&Security::PeerConnector::certDownloadingDone, this));
- const Downloader *csd = dynamic_cast<const Downloader*>(request->downloader.valid());
+ const Downloader *csd = (request ? dynamic_cast<const Downloader*>(request->downloader.valid()) : nullptr);
Downloader *dl = new Downloader(url, certCallback, csd ? csd->nestedLevel() + 1 : 1);
AsyncJob::Start(dl);
}
const int fd = serverConnection()->fd;
Security::SessionPointer session(fd_table[fd].ssl);
BIO *b = SSL_get_rbio(session.get());
- Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(b->ptr);
+ Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(BIO_get_data(b));
// Parse Certificate. Assume that it is in DER format.
// According to RFC 4325:
// certificate located in an SSL site which requires to download a
// a missing certificate (... from an SSL site which requires to ...).
- const Downloader *csd = request->downloader.get();
+ const Downloader *csd = (request ? request->downloader.get() : nullptr);
if (csd && csd->nestedLevel() >= MaxNestedDownloads)
return false;
const int fd = serverConnection()->fd;
Security::SessionPointer session(fd_table[fd].ssl);
BIO *b = SSL_get_rbio(session.get());
- Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(b->ptr);
+ Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(BIO_get_data(b));
const Security::CertList &certs = srvBio->serverCertificatesIfAny();
if (certs.size()) {