git.ipfire.org Git - thirdparty/squid.git/commit

author	Amos Jeffries <squid3@treenet.co.nz>
	Tue, 8 Dec 2015 01:48:40 +0000 (17:48 -0800)
committer	Amos Jeffries <squid3@treenet.co.nz>
	Tue, 8 Dec 2015 01:48:40 +0000 (17:48 -0800)
commit	d1d72d438501b135b7443bffa41fcb432dd2132b
tree	f327a0c64f49932714c80d62e36dd7bca2807cff	tree \| snapshot
parent	41e803be87496d682628ace31c2a2383438a7531	commit \| diff

TLS: refactor cert=/key= storage in libsecurity

This updates the cert=/key= filename storage from single entries
in PeerOptions to a list of key pairs in preparation for supporting
multiple certificates on client or server TLS contexts.

key= following a cert= parameter is now enforced, rather than just
warned about.

squid.conf can now be configured with multiple [cert= [key=...]]
pairs of filenames, however only the first is used. This differs
from older behaviour where the last value(s) were used. But since
configurations with multiple values was not supported previously
this seems acceptible breakage.

Since the multi-cert support is not fully existing yet this config
ability is left undocumented for now.

src/anyp/PortCfg.cc		diff \| blob \| blame \| history
src/security/KeyData.h	[new file with mode: 0644]	blob
src/security/Makefile.am		diff \| blob \| blame \| history
src/security/PeerOptions.cc		diff \| blob \| blame \| history
src/security/PeerOptions.h		diff \| blob \| blame \| history
src/security/forward.h		diff \| blob \| blame \| history
src/ssl/support.cc		diff \| blob \| blame \| history
src/ssl/support.h		diff \| blob \| blame \| history
src/tests/stub_libsslsquid.cc		diff \| blob \| blame \| history