SourceFormat Enforcement

[thirdparty/squid.git] / src / ssl / ssl_crtd.cc

diff --git a/src/ssl/ssl_crtd.cc b/src/ssl/ssl_crtd.cc
index 9ef7a2dba83b829fdd78bce1ad00bfa805e8ece3..f0181fa42173f2971b2f106f7f8b5bba5eefbf5e 100644 (file)
--- a/src/ssl/ssl_crtd.cc
+++ b/src/ssl/ssl_crtd.cc
@@ -1,28 +1,21 @@
 /*
- * $Id$
+ * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
+ *
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
  */
 
-#include "config.h"
+#include "squid.h"
 #include "helpers/defines.h"
-#include "ssl/gadgets.h"
-#include "ssl/crtd_message.h"
 #include "ssl/certificate_db.h"
+#include "ssl/crtd_message.h"
 
-#if HAVE_CSTRING
 #include <cstring>
-#endif
-#if HAVE_SSTREAM
-#include <sstream>
-#endif
-#if HAVE_IOSTREAM
 #include <iostream>
-#endif
-#if HAVE_STDEXCEPT
+#include <sstream>
 #include <stdexcept>
-#endif
-#if HAVE_STRING
 #include <string>
-#endif
 #if HAVE_GETOPT_H
 #include <getopt.h>
 #endif
@@ -134,7 +127,7 @@ static bool parseBytesOptionValue(size_t * bptr, char const * value)
     char const * number_end = value;
 
     while ((*number_end >= '0' && *number_end <= '9')) {
-        number_end++;
+        ++number_end;
     }
 
     std::string number(number_begin, number_end - number_begin);
@@ -207,22 +200,24 @@ static bool proccessNewRequest(Ssl::CrtdMessage & request_message, std::string c
         throw std::runtime_error("Error while parsing the crtd request: " + error);
 
     Ssl::CertificateDb db(db_path, max_db_size, fs_block_size);
+
     Ssl::X509_Pointer cert;
     Ssl::EVP_PKEY_Pointer pkey;
     std::string &cert_subject = certProperties.dbKey();
-    
+
     db.find(cert_subject, cert, pkey);
 
-    if (cert.get() && certProperties.mimicCert.get()) {
-        if (!Ssl::ssl_match_certificates(cert.get(), certProperties.mimicCert.get())) {
+    if (cert.get()) {
+        if (!Ssl::certificateMatchesProperties(cert.get(), certProperties)) {
             // The certificate changed (renewed or other reason).
             // Generete a new one with the updated fields.
             cert.reset(NULL);
             pkey.reset(NULL);
+            db.purgeCert(cert_subject);
         }
     }
 
-    if (!cert || !pkey) {        
+    if (!cert || !pkey) {
         if (!Ssl::generateSslCertificate(cert, pkey, certProperties))
             throw std::runtime_error("Cannot create ssl certificate or private key.");
 
@@ -234,7 +229,7 @@ static bool proccessNewRequest(Ssl::CrtdMessage & request_message, std::string c
     if (!Ssl::writeCertAndPrivateKeyToMemory(cert, pkey, bufferToWrite))
         throw std::runtime_error("Cannot write ssl certificate or/and private key to memory.");
 
-    Ssl::CrtdMessage response_message;
+    Ssl::CrtdMessage response_message(Ssl::CrtdMessage::REPLY);
     response_message.setCode("OK");
     response_message.setBody(bufferToWrite);
 
@@ -253,7 +248,7 @@ int main(int argc, char *argv[])
     try {
         size_t max_db_size = 0;
         size_t fs_block_size = 2048;
-        char c;
+        int8_t c;
         bool create_new_db = false;
         std::string db_path;
         // proccess options.
@@ -298,12 +293,15 @@ int main(int argc, char *argv[])
         }
 
         {
-            Ssl::CertificateDb::check(db_path, max_db_size);
+            Ssl::CertificateDb::check(db_path, max_db_size, fs_block_size);
         }
+        // Initialize SSL subsystem
+        SSL_load_error_strings();
+        SSLeay_add_ssl_algorithms();
         // proccess request.
         for (;;) {
             char request[HELPER_INPUT_BUFFER];
-            Ssl::CrtdMessage request_message;
+            Ssl::CrtdMessage request_message(Ssl::CrtdMessage::REQUEST);
             Ssl::CrtdMessage::ParseResult parse_result = Ssl::CrtdMessage::INCOMPLETE;
 
             while (parse_result == Ssl::CrtdMessage::INCOMPLETE) {
@@ -328,3 +326,4 @@ int main(int argc, char *argv[])
     }
     return 0;
 }
+