request_message.setCode(Ssl::CrtdMessage::code_new_certificate);
request_message.composeRequest(certProperties);
debugs(33, 5, HERE << "SSL crtd request: " << request_message.compose().c_str());
- Ssl::Helper::GetInstance()->sslSubmit(request_message, sslCrtdHandleReplyWrapper, this);
+ Ssl::Helper::Submit(request_message, sslCrtdHandleReplyWrapper, this);
return;
} catch (const std::exception &e) {
debugs(33, DBG_IMPORTANT, "ERROR: Failed to compose ssl_crtd " <<
entryData.password = label;
#endif
+ // XXX: This state->def access conflicts with the cbdata validity check
+ // below.
dlinkDelete(&state->list, &state->def->queue);
ExternalACLEntryPointer entry;
#if USE_HTCP
htcpClosePorts();
#endif
-#if USE_SSL_CRTD
- Ssl::Helper::GetInstance()->Shutdown();
-#endif
#if USE_OPENSSL
- if (Ssl::CertValidationHelper::GetInstance())
- Ssl::CertValidationHelper::GetInstance()->Shutdown();
Ssl::TheGlobalContextStorage.reconfigureStart();
#endif
- redirectShutdown();
#if USE_AUTH
authenticateReset();
#endif
storeLogOpen();
Dns::Init();
#if USE_SSL_CRTD
- Ssl::Helper::GetInstance()->Init();
+ Ssl::Helper::Reconfigure();
#endif
#if USE_OPENSSL
- if (Ssl::CertValidationHelper::GetInstance())
- Ssl::CertValidationHelper::GetInstance()->Init();
+ Ssl::CertValidationHelper::Reconfigure();
#endif
- redirectInit();
+ redirectReconfigure();
#if USE_AUTH
authenticateInit(&Auth::TheConfig.schemes);
#endif
Dns::Init();
#if USE_SSL_CRTD
- Ssl::Helper::GetInstance()->Init();
+ Ssl::Helper::Init();
#endif
#if USE_OPENSSL
- if (Ssl::CertValidationHelper::GetInstance())
- Ssl::CertValidationHelper::GetInstance()->Init();
+ Ssl::CertValidationHelper::Init();
#endif
redirectInit();
debugs(1, DBG_IMPORTANT, "Shutting down...");
#if USE_SSL_CRTD
- Ssl::Helper::GetInstance()->Shutdown();
+ Ssl::Helper::Shutdown();
#endif
#if USE_OPENSSL
- if (Ssl::CertValidationHelper::GetInstance())
- Ssl::CertValidationHelper::GetInstance()->Shutdown();
+ Ssl::CertValidationHelper::Shutdown();
#endif
redirectShutdown();
externalAclShutdown();
storeIdExtrasFmt = NULL;
}
+void
+redirectReconfigure()
+{
+ redirectShutdown();
+ redirectInit();
+}
void redirectInit(void);
void redirectShutdown(void);
+void redirectReconfigure();
void redirectStart(ClientHttpRequest *, HLPCB *, void *);
void storeIdStart(ClientHttpRequest *, HLPCB *, void *);
try {
debugs(83, 5, "Sending SSL certificate for validation to ssl_crtvd.");
AsyncCall::Pointer call = asyncCall(83,5, "Security::PeerConnector::sslCrtvdHandleReply", Ssl::CertValidationHelper::CbDialer(this, &Security::PeerConnector::sslCrtvdHandleReply, nullptr));
- Ssl::CertValidationHelper::GetInstance()->sslSubmit(validationRequest, call);
+ Ssl::CertValidationHelper::Submit(validationRequest, call);
return false;
} catch (const std::exception &e) {
debugs(83, DBG_IMPORTANT, "ERROR: Failed to compose ssl_crtvd " <<
/// pending Ssl::Helper requests (to all certificate generator helpers combined)
static Ssl::GeneratorRequests TheGeneratorRequests;
-Ssl::Helper * Ssl::Helper::GetInstance()
-{
- static Ssl::Helper sslHelper;
- return &sslHelper;
-}
-
-Ssl::Helper::Helper() : ssl_crtd(NULL)
-{
-}
-
-Ssl::Helper::~Helper()
-{
- Shutdown();
-}
+helper *Ssl::Helper::ssl_crtd = nullptr;
void Ssl::Helper::Init()
{
ssl_crtd = NULL;
}
-void Ssl::Helper::sslSubmit(CrtdMessage const & message, HLPCB * callback, void * data)
+void
+Ssl::Helper::Reconfigure()
{
- assert(ssl_crtd);
+ Shutdown();
+ Init();
+}
+void Ssl::Helper::Submit(CrtdMessage const & message, HLPCB * callback, void * data)
+{
SBuf rawMessage(message.compose().c_str()); // XXX: helpers cannot use SBuf
rawMessage.append("\n", 1);
request->emplace(callback, data);
TheGeneratorRequests.emplace(request->query, request);
debugs(83, 5, "request from " << data << " as " << *request);
- if (ssl_crtd->trySubmit(request->query.c_str(), HandleGeneratorReply, request))
+ // ssl_crtd becomes nil if Squid is reconfigured without SslBump or
+ // certificate generation disabled in the new configuration
+ if (ssl_crtd && ssl_crtd->trySubmit(request->query.c_str(), HandleGeneratorReply, request))
return;
::Helper::Reply failReply(::Helper::BrokenHelper);
}
#endif //USE_SSL_CRTD
-Ssl::CertValidationHelper * Ssl::CertValidationHelper::GetInstance()
-{
- static Ssl::CertValidationHelper sslHelper;
- if (!Ssl::TheConfig.ssl_crt_validator)
- return NULL;
- return &sslHelper;
-}
-
-Ssl::CertValidationHelper::CertValidationHelper() : ssl_crt_validator(NULL)
-{
-}
-
-Ssl::CertValidationHelper::~CertValidationHelper()
-{
- Shutdown();
-}
+helper *Ssl::CertValidationHelper::ssl_crt_validator = nullptr;
void Ssl::CertValidationHelper::Init()
{
+ if (!Ssl::TheConfig.ssl_crt_validator)
+ return;
+
assert(ssl_crt_validator == NULL);
// we need to start ssl_crtd only if some port(s) need to bump SSL
HelperCache = NULL;
}
+void
+Ssl::CertValidationHelper::Reconfigure()
+{
+ Shutdown();
+ Init();
+}
+
class submitData
{
CBDATA_CLASS(submitData);
delete crtdvdData;
}
-void Ssl::CertValidationHelper::sslSubmit(Ssl::CertValidationRequest const &request, AsyncCall::Pointer &callback)
+void Ssl::CertValidationHelper::Submit(Ssl::CertValidationRequest const &request, AsyncCall::Pointer &callback)
{
- assert(ssl_crt_validator);
-
Ssl::CertValidationMsg message(Ssl::CrtdMessage::REQUEST);
message.setCode(Ssl::CertValidationMsg::code_cert_validate);
message.composeRequest(request);
return;
}
- if (!ssl_crt_validator->trySubmit(crtdvdData->query.c_str(), sslCrtvdHandleReplyWrapper, crtdvdData)) {
- Ssl::CertValidationResponse::Pointer resp = new Ssl::CertValidationResponse(crtdvdData->ssl);
- resp->resultCode = ::Helper::BrokenHelper;
- Ssl::CertValidationHelper::CbDialer *dialer = dynamic_cast<Ssl::CertValidationHelper::CbDialer*>(callback->getDialer());
- Must(dialer);
- dialer->arg1 = resp;
- ScheduleCallHere(callback);
- delete crtdvdData;
+ // ssl_crt_validator becomes nil if Squid is reconfigured with cert
+ // validator disabled in the new configuration
+ if (ssl_crt_validator && ssl_crt_validator->trySubmit(crtdvdData->query.c_str(), sslCrtvdHandleReplyWrapper, crtdvdData))
return;
- }
+
+ Ssl::CertValidationResponse::Pointer resp = new Ssl::CertValidationResponse(crtdvdData->ssl);
+ resp->resultCode = ::Helper::BrokenHelper;
+ Ssl::CertValidationHelper::CbDialer *dialer = dynamic_cast<Ssl::CertValidationHelper::CbDialer*>(callback->getDialer());
+ Must(dialer);
+ dialer->arg1 = resp;
+ ScheduleCallHere(callback);
+ delete crtdvdData;
+ return;
}
{
#if USE_SSL_CRTD
/**
- * Set of thread for ssl_crtd. This class is singleton. Use this class only
- * over GetIntance() static method. This class use helper structure
- * for threads management.
+ * Set of thread for ssl_crtd. This class is singleton.
+ * This class use helper structure for threads management.
*/
class Helper
{
public:
- static Helper * GetInstance(); ///< Instance class.
- void Init(); ///< Init helper structure.
- void Shutdown(); ///< Shutdown helper structure.
+ static void Init(); ///< Init helper structure.
+ static void Shutdown(); ///< Shutdown helper structure.
+ static void Reconfigure(); ///< Reconfigure helper structure.
/// Submit crtd message to external crtd server.
- void sslSubmit(CrtdMessage const & message, HLPCB * callback, void *data);
+ static void Submit(CrtdMessage const & message, HLPCB * callback, void *data);
private:
- Helper();
- ~Helper();
-
- helper * ssl_crtd; ///< helper for management of ssl_crtd.
+ static helper * ssl_crtd; ///< helper for management of ssl_crtd.
};
#endif
typedef UnaryMemFunT<Security::PeerConnector, CertValidationResponse::Pointer> CbDialer;
typedef void CVHCB(void *, Ssl::CertValidationResponse const &);
- static CertValidationHelper * GetInstance(); ///< Instance class.
- void Init(); ///< Init helper structure.
- void Shutdown(); ///< Shutdown helper structure.
+ static void Init(); ///< Init helper structure.
+ static void Shutdown(); ///< Shutdown helper structure.
+ static void Reconfigure(); ///< Reconfigure helper structure
/// Submit crtd request message to external crtd server.
- void sslSubmit(Ssl::CertValidationRequest const & request, AsyncCall::Pointer &);
+ static void Submit(Ssl::CertValidationRequest const & request, AsyncCall::Pointer &);
private:
- CertValidationHelper();
- ~CertValidationHelper();
-
- helper * ssl_crt_validator; ///< helper for management of ssl_crtd.
+ static helper * ssl_crt_validator; ///< helper for management of ssl_crtd.
public:
typedef LruMap<SBuf, Ssl::CertValidationResponse::Pointer, sizeof(Ssl::CertValidationResponse::Pointer) + sizeof(Ssl::CertValidationResponse)> LruCache;
static LruCache *HelperCache; ///< cache for cert validation helper
bool Ssl::sslDateIsInTheFuture(char const *) STUB_RETVAL(false)
#include "ssl/helper.h"
-Ssl::Helper * Ssl::Helper::GetInstance() STUB_RETVAL(NULL)
void Ssl::Helper::Init() STUB
void Ssl::Helper::Shutdown() STUB
-void Ssl::Helper::sslSubmit(Ssl::CrtdMessage const & message, HLPCB * callback, void *data) STUB
+void Ssl::Helper::Submit(Ssl::CrtdMessage const & message, HLPCB * callback, void *data) STUB
projects / thirdparty / squid.git / commitdiff
