/*
- * $Id$
+ * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
+ *
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
*/
-#include "config.h"
+#include "squid.h"
#include "helpers/defines.h"
-#include "ssl/gadgets.h"
-#include "ssl/crtd_message.h"
#include "ssl/certificate_db.h"
+#include "ssl/crtd_message.h"
-#if HAVE_CSTRING
#include <cstring>
-#endif
-#if HAVE_SSTREAM
-#include <sstream>
-#endif
-#if HAVE_IOSTREAM
#include <iostream>
-#endif
-#if HAVE_STDEXCEPT
+#include <sstream>
#include <stdexcept>
-#endif
-#if HAVE_STRING
#include <string>
-#endif
#if HAVE_GETOPT_H
#include <getopt.h>
#endif
char const * number_end = value;
while ((*number_end >= '0' && *number_end <= '9')) {
- number_end++;
+ ++number_end;
}
std::string number(number_begin, number_end - number_begin);
throw std::runtime_error("Error while parsing the crtd request: " + error);
Ssl::CertificateDb db(db_path, max_db_size, fs_block_size);
+
Ssl::X509_Pointer cert;
Ssl::EVP_PKEY_Pointer pkey;
std::string &cert_subject = certProperties.dbKey();
-
+
db.find(cert_subject, cert, pkey);
- if (cert.get() && certProperties.mimicCert.get()) {
- if (!Ssl::ssl_match_certificates(cert.get(), certProperties.mimicCert.get())) {
+ if (cert.get()) {
+ if (!Ssl::certificateMatchesProperties(cert.get(), certProperties)) {
// The certificate changed (renewed or other reason).
// Generete a new one with the updated fields.
cert.reset(NULL);
pkey.reset(NULL);
+ db.purgeCert(cert_subject);
}
}
- if (!cert || !pkey) {
+ if (!cert || !pkey) {
if (!Ssl::generateSslCertificate(cert, pkey, certProperties))
throw std::runtime_error("Cannot create ssl certificate or private key.");
if (!Ssl::writeCertAndPrivateKeyToMemory(cert, pkey, bufferToWrite))
throw std::runtime_error("Cannot write ssl certificate or/and private key to memory.");
- Ssl::CrtdMessage response_message;
+ Ssl::CrtdMessage response_message(Ssl::CrtdMessage::REPLY);
response_message.setCode("OK");
response_message.setBody(bufferToWrite);
try {
size_t max_db_size = 0;
size_t fs_block_size = 2048;
- char c;
+ int8_t c;
bool create_new_db = false;
std::string db_path;
// proccess options.
}
{
- Ssl::CertificateDb::check(db_path, max_db_size);
+ Ssl::CertificateDb::check(db_path, max_db_size, fs_block_size);
}
+ // Initialize SSL subsystem
+ SSL_load_error_strings();
+ SSLeay_add_ssl_algorithms();
// proccess request.
for (;;) {
char request[HELPER_INPUT_BUFFER];
- Ssl::CrtdMessage request_message;
+ Ssl::CrtdMessage request_message(Ssl::CrtdMessage::REQUEST);
Ssl::CrtdMessage::ParseResult parse_result = Ssl::CrtdMessage::INCOMPLETE;
while (parse_result == Ssl::CrtdMessage::INCOMPLETE) {
}
return 0;
}
+