git.ipfire.org Git - thirdparty/squid.git/commit

author	Amos Jeffries <squid3@treenet.co.nz>
	Thu, 24 Sep 2015 21:08:23 +0000 (14:08 -0700)
committer	Amos Jeffries <squid3@treenet.co.nz>
	Thu, 24 Sep 2015 21:08:23 +0000 (14:08 -0700)
commit	6b19d1f9da9516dfb1ec49a7847ff282b88e6b3f
tree	c43946ee9d1bb818131cc5480a88c9e3f6ec8420	tree \| snapshot
parent	43713e729bf808fe95bc1ce8763535f2551bd189	commit \| diff

Crypto-NG: cleanup and optimize CRL handling

Certificate Revokation Lists have gone through several iterations
of logic redesign leading to duplicated code and non-optimal I/O.
Client contexts were loading CRL directly from disk into the
context on every new context creation. Whereas the server contexts
were loading into an OpenSSL STACK_OF structure and adding from
memory instead of disk. This later design is more performant.

* Move the pre-loaded CRL set to Security::PeerOptions and store
  in a std::list structure as LockingPointer which will deallocate
  as needed on shutdwown and reconfigure.
  This depends on trunk rev.14304

* Replace the client context disk I/O with the pre-loaded CRL list

* Add GnuTLS CRL list types. Though at this point GnuTLS does not
  pre-load the CRL files.

src/Makefile.am		diff \| blob \| blame \| history
src/anyp/PortCfg.cc		diff \| blob \| blame \| history
src/anyp/PortCfg.h		diff \| blob \| blame \| history
src/security/PeerOptions.cc		diff \| blob \| blame \| history
src/security/PeerOptions.h		diff \| blob \| blame \| history
src/security/forward.h		diff \| blob \| blame \| history
src/ssl/gadgets.h		diff \| blob \| blame \| history
src/ssl/support.cc		diff \| blob \| blame \| history
src/ssl/support.h		diff \| blob \| blame \| history
src/tests/stub_libsecurity.cc		diff \| blob \| blame \| history
src/tests/stub_libsslsquid.cc		diff \| blob \| blame \| history