{
const int fd = checklist->fd();
const bool goodDescriptor = 0 <= fd && fd <= Biggest_FD;
- auto ssl = goodDescriptor ? fd_table[fd].ssl : nullptr;
+ auto ssl = goodDescriptor ? fd_table[fd].ssl.get() : nullptr;
X509 *cert = SSL_get_peer_certificate(ssl);
const bool res = data->match (cert);
X509_free(cert);
PeerConnector(aServerConn, aCallback, timeout), icapService(service) {}
/* PeerConnector API */
- virtual Security::SessionPointer initializeSsl();
+ virtual Security::SessionPtr initializeSsl();
virtual void noteNegotiationDone(ErrorState *error);
virtual Security::ContextPtr getSslContext() {return icapService->sslContext;}
#if USE_OPENSSL
// If it is a reused connection and the SSL object is build
// we should not negotiate new SSL session
- auto ssl = fd_table[io.conn->fd].ssl;
+ const auto &ssl = fd_table[io.conn->fd].ssl;
if (!ssl && service().cfg().secure.encryptTransport) {
CbcPointer<Adaptation::Icap::Xaction> me(this);
securer = asyncCall(93, 4, "Adaptation::Icap::Xaction::handleSecuredPeer",
}
#if USE_OPENSSL
-Security::SessionPointer
+Security::SessionPtr
Ssl::IcapPeerConnector::initializeSsl()
{
auto ssl = Ssl::PeerConnector::initializeSsl();
return;
const int fd = serverConnection()->fd;
- auto ssl = fd_table[fd].ssl;
+ auto ssl = fd_table[fd].ssl.get();
assert(ssl);
if (!SSL_session_reused(ssl)) {
if (icapService->sslSession)
receivedFirstByte();
return;
}
- } else if (fd_table[io.conn->fd].ssl == NULL)
+ } else if (!fd_table[io.conn->fd].ssl)
#endif
{
const HttpRequestMethod method;
#if USE_OPENSSL
/** Create SSL connection structure and update fd_table */
-static Security::SessionPointer
+static Security::SessionPtr
httpsCreate(const Comm::ConnectionPointer &conn, Security::ContextPtr sslContext)
{
if (auto ssl = Ssl::CreateServer(sslContext, conn->fd, "client https start")) {
Squid_SSL_accept(ConnStateData *conn, PF *callback)
{
int fd = conn->clientConnection->fd;
- auto ssl = fd_table[fd].ssl;
+ auto ssl = fd_table[fd].ssl.get();
int ret;
errno = 0;
{
ConnStateData *conn = (ConnStateData *)data;
X509 *client_cert;
- auto ssl = fd_table[fd].ssl;
+ auto ssl = fd_table[fd].ssl.get();
int ret;
if ((ret = Squid_SSL_accept(conn, clientNegotiateSSL)) <= 0) {
static void
httpsEstablish(ConnStateData *connState, Security::ContextPtr sslContext)
{
- Security::SessionPointer ssl = nullptr;
+ Security::SessionPtr ssl = nullptr;
assert(connState);
const Comm::ConnectionPointer &details = connState->clientConnection;
debugs(33, 5, HERE << "Certificate for " << sslConnectHostOrIp << " was successfully recieved from ssl_crtd");
if (sslServerBump && (sslServerBump->act.step1 == Ssl::bumpPeek || sslServerBump->act.step1 == Ssl::bumpStare)) {
doPeekAndSpliceStep();
- auto ssl = fd_table[clientConnection->fd].ssl;
+ auto ssl = fd_table[clientConnection->fd].ssl.get();
bool ret = Ssl::configureSSLUsingPkeyAndCertFromMemory(ssl, reply_message.getBody().c_str(), *port);
if (!ret)
debugs(33, 5, "Failed to set certificates to ssl object for PeekAndSplice mode");
debugs(33, 5, HERE << "Generating SSL certificate for " << certProperties.commonName);
if (sslServerBump && (sslServerBump->act.step1 == Ssl::bumpPeek || sslServerBump->act.step1 == Ssl::bumpStare)) {
doPeekAndSpliceStep();
- auto ssl = fd_table[clientConnection->fd].ssl;
+ auto ssl = fd_table[clientConnection->fd].ssl.get();
if (!Ssl::configureSSL(ssl, certProperties, *port))
debugs(33, 5, "Failed to set certificates to ssl object for PeekAndSplice mode");
} else {
clientPeekAndSpliceSSL(int fd, void *data)
{
ConnStateData *conn = (ConnStateData *)data;
- auto ssl = fd_table[fd].ssl;
+ auto ssl = fd_table[fd].ssl.get();
debugs(83, 5, "Start peek and splice on FD " << fd);
Comm::SetSelect(clientConnection->fd, COMM_SELECT_READ, clientPeekAndSpliceSSL, this, 0);
switchedToHttps_ = true;
- auto ssl = fd_table[clientConnection->fd].ssl;
+ auto ssl = fd_table[clientConnection->fd].ssl.get();
BIO *b = SSL_get_rbio(ssl);
Ssl::ClientBio *bio = static_cast<Ssl::ClientBio *>(b->ptr);
bio->hold(true);
void
ConnStateData::splice()
{
- //Normally we can splice here, because we just got client hello message
- auto ssl = fd_table[clientConnection->fd].ssl;
+ // normally we can splice here, because we just got client hello message
+ auto ssl = fd_table[clientConnection->fd].ssl.get();
//retrieve received TLS client information
clientConnection->tlsNegotiations()->fillWith(ssl);
void
ConnStateData::doPeekAndSpliceStep()
{
- auto ssl = fd_table[clientConnection->fd].ssl;
+ auto ssl = fd_table[clientConnection->fd].ssl.get();
BIO *b = SSL_get_rbio(ssl);
assert(b);
Ssl::ClientBio *bio = static_cast<Ssl::ClientBio *>(b->ptr);
// renegotiations. We should close the connection except for the last case.
Must(pinning.serverConnection != nullptr);
- SSL *ssl = fd_table[pinning.serverConnection->fd].ssl;
+ auto ssl = fd_table[pinning.serverConnection->fd].ssl.get();
if (!ssl)
return false;
#if USE_OPENSSL
if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) {
- if (auto ssl = fd_table[aConn->clientConnection->fd].ssl)
+ if (auto ssl = fd_table[aConn->clientConnection->fd].ssl.get())
al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl));
}
#endif
ih->rfc931 = getConn()->clientConnection->rfc931;
#if USE_OPENSSL
if (getConn()->clientConnection->isOpen()) {
- ih->ssluser = sslGetUserEmail(fd_table[getConn()->clientConnection->fd].ssl);
+ ih->ssluser = sslGetUserEmail(fd_table[getConn()->clientConnection->fd].ssl.get());
}
#endif
}
void
commStartSslClose(const FdeCbParams ¶ms)
{
- assert(fd_table[params.fd].ssl != NULL);
- ssl_shutdown_method(fd_table[params.fd].ssl);
+ assert(fd_table[params.fd].ssl);
+ ssl_shutdown_method(fd_table[params.fd].ssl.get());
}
#endif
void
comm_close_complete(const FdeCbParams ¶ms)
{
-#if USE_OPENSSL
fde *F = &fd_table[params.fd];
+ F->ssl.reset(nullptr);
- if (F->ssl) {
- SSL_free(F->ssl);
- F->ssl = NULL;
- }
-
+#if USE_OPENSSL
if (F->dynamicSslContext) {
SSL_CTX_free(F->dynamicSslContext);
F->dynamicSslContext = NULL;
F->flags.open = false;
fdUpdateBiggest(fd, 0);
--Number_FD;
- *F = fde();
+ F->clear();
}
#if _SQUID_WINDOWS_
connection, whereas nfmarkToServer is the value to set on packets
*leaving* Squid. */
-private:
/** Clear the fde class back to NULL equivalent. */
inline void clear() {
type = 0;
halfClosedReader = NULL;
read_method = NULL;
write_method = NULL;
- ssl = NULL;
+ ssl.reset(nullptr);
dynamicSslContext = NULL;
#if _SQUID_WINDOWS_
win32.handle = (long)NULL;
case LFT_EXT_ACL_USER_CERT_RAW:
if (al->request) {
ConnStateData *conn = al->request->clientConnectionManager.get();
- if (conn != NULL && Comm::IsConnOpen(conn->clientConnection)) {
- if (SSL *ssl = fd_table[conn->clientConnection->fd].ssl)
+ if (conn && Comm::IsConnOpen(conn->clientConnection)) {
+ if (auto ssl = fd_table[conn->clientConnection->fd].ssl.get())
out = sslGetUserCertificatePEM(ssl);
}
}
case LFT_EXT_ACL_USER_CERTCHAIN_RAW:
if (al->request) {
ConnStateData *conn = al->request->clientConnectionManager.get();
- if (conn != NULL && Comm::IsConnOpen(conn->clientConnection)) {
- if (SSL *ssl = fd_table[conn->clientConnection->fd].ssl)
+ if (conn && Comm::IsConnOpen(conn->clientConnection)) {
+ if (auto ssl = fd_table[conn->clientConnection->fd].ssl.get())
out = sslGetUserCertificatePEM(ssl);
}
}
case LFT_EXT_ACL_USER_CERT:
if (al->request) {
ConnStateData *conn = al->request->clientConnectionManager.get();
- if (conn != NULL && Comm::IsConnOpen(conn->clientConnection)) {
- if (SSL *ssl = fd_table[conn->clientConnection->fd].ssl)
+ if (conn && Comm::IsConnOpen(conn->clientConnection)) {
+ if (auto ssl = fd_table[conn->clientConnection->fd].ssl.get())
out = sslGetUserAttribute(ssl, format->data.header.header);
}
}
case LFT_EXT_ACL_USER_CA_CERT:
if (al->request) {
ConnStateData *conn = al->request->clientConnectionManager.get();
- if (conn != NULL && Comm::IsConnOpen(conn->clientConnection)) {
- if (SSL *ssl = fd_table[conn->clientConnection->fd].ssl)
+ if (conn && Comm::IsConnOpen(conn->clientConnection)) {
+ if (auto ssl = fd_table[conn->clientConnection->fd].ssl.get())
out = sslGetCAAttribute(ssl, format->data.header.header);
}
}
#endif
}
-#if USE_OPENSSL
void
-Security::NegotiationHistory::fillWith(SSL *ssl)
+Security::NegotiationHistory::fillWith(Security::SessionPtr ssl)
{
+#if USE_OPENSSL
if ((cipher = SSL_get_current_cipher(ssl)) != NULL) {
// Set the negotiated version only if the cipher negotiated
// else probably the negotiation is not completed and version
debugs(83, 5, "SSL connection info on FD " << bio->fd() <<
" SSL version " << version_ <<
" negotiated cipher " << cipherName());
-}
#endif
+}
const char *
Security::NegotiationHistory::cipherName() const
#ifndef SQUID_SRC_SECURITY_NEGOTIATIONHISTORY_H
#define SQUID_SRC_SECURITY_NEGOTIATIONHISTORY_H
-#if USE_OPENSSL
-#if HAVE_OPENSSL_SSL_H
-#include <openssl/ssl.h>
-#endif
-#endif
+#include "security/Session.h"
namespace Security {
{
public:
NegotiationHistory();
-#if USE_OPENSSL
- void fillWith(SSL *); ///< Extract negotiation information from TLS object
-#endif
+ void fillWith(Security::SessionPtr); ///< Extract negotiation information from TLS object
const char *cipherName() const; ///< The name of negotiated cipher
/// String representation of TLS negotiated version
const char *negotiatedVersion() const {return printTlsVersion(version_);}
#ifndef SQUID_SRC_SECURITY_SESSION_H
#define SQUID_SRC_SECURITY_SESSION_H
+// LockingPointer.h instead of TidyPointer.h for CtoCpp1()
+#include "security/LockingPointer.h"
+
#if USE_OPENSSL
#if HAVE_OPENSSL_SSL_H
#include <openssl/ssl.h>
#endif
#endif
+/*
+ * NOTE: we use TidyPointer for sessions. OpenSSL provides explicit reference
+ * locking mechanisms, but GnuTLS only provides init/deinit. To ensure matching
+ * behaviour we cannot use LockingPointer (yet) and must ensure that there is
+ * no possibility of double-free being used on the raw pointers. That is
+ * currently done by using a TidyPointer in the global fde table so its
+ * lifetime matched the connection.
+ */
+
namespace Security {
#if USE_OPENSSL
-typedef SSL* SessionPointer;
+typedef SSL* SessionPtr;
+CtoCpp1(SSL_free, SSL *);
+typedef TidyPointer<SSL, Security::SSL_free_cpp> SessionPointer;
#elif USE_GNUTLS
-typedef gnutls_session_t SessionPointer;
+typedef gnutls_session_t SessionPtr;
+CtoCpp1(gnutls_deinit, gnutls_session_t);
+typedef TidyPointer<struct gnutls_session_int, Security::gnutls_deinit_cpp> SessionPointer;
#else
// use void* so we can check against NULL
-typedef void* SessionPointer;
+typedef void* SessionPtr;
+typedef TidyPointer<void, nullptr> SessionPointer;
+
#endif
} // namespace Security
{
AsyncJob::start();
- if (prepareSocket() && (initializeSsl() != NULL))
+ if (prepareSocket() && initializeSsl())
negotiateSsl();
}
return true;
}
-SSL *
+Security::SessionPtr
Ssl::PeerConnector::initializeSsl()
{
Security::ContextPtr sslContext(getSslContext());
const int fd = serverConnection()->fd;
- SSL *ssl = Ssl::CreateClient(sslContext, fd, "server https start");
+ auto ssl = Ssl::CreateClient(sslContext, fd, "server https start");
if (!ssl) {
ErrorState *anErr = new ErrorState(ERR_SOCKET_FAILURE, Http::scInternalServerError, request.getRaw());
anErr->xerrno = errno;
noteNegotiationDone(anErr);
bail(anErr);
- return NULL;
+ return nullptr;
}
// If CertValidation Helper used do not lookup checklist for errors,
return;
const int fd = serverConnection()->fd;
- SSL *ssl = fd_table[fd].ssl;
+ Security::SessionPtr ssl = fd_table[fd].ssl.get();
const int result = SSL_connect(ssl);
if (result <= 0) {
handleNegotiateError(result);
{
if (Ssl::TheConfig.ssl_crt_validator && useCertValidator_) {
const int fd = serverConnection()->fd;
- SSL *ssl = fd_table[fd].ssl;
+ Security::SessionPtr ssl = fd_table[fd].ssl.get();
Ssl::CertValidationRequest validationRequest;
// WARNING: Currently we do not use any locking for any of the
acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpStare));
acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpClientFirst));
acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpServerFirst));
- SSL *ssl = fd_table[serverConn->fd].ssl;
+ Security::SessionPtr ssl = fd_table[serverConn->fd].ssl.get();
BIO *b = SSL_get_rbio(ssl);
Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(b->ptr);
if (!srvBio->canSplice())
void
Ssl::PeekingPeerConnector::checkForPeekAndSpliceMatched(const Ssl::BumpMode action)
{
- SSL *ssl = fd_table[serverConn->fd].ssl;
+ Security::SessionPtr ssl = fd_table[serverConn->fd].ssl.get();
BIO *b = SSL_get_rbio(ssl);
Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(b->ptr);
debugs(83,5, "Will check for peek and splice on FD " << serverConn->fd);
if (acl_access *acl = ::Config.ssl_client.cert_error)
check = new ACLFilledChecklist(acl, request.getRaw(), dash_str);
- SSL *ssl = fd_table[serverConnection()->fd].ssl;
+ Security::SessionPtr ssl = fd_table[serverConnection()->fd].ssl.get();
typedef Ssl::CertValidationResponse::RecvdErrors::const_iterator SVCRECI;
for (SVCRECI i = resp.errors.begin(); i != resp.errors.end(); ++i) {
debugs(83, 7, "Error item: " << i->error_no << " " << i->error_reason);
{
const int fd = serverConnection()->fd;
unsigned long ssl_lib_error = SSL_ERROR_NONE;
- SSL *ssl = fd_table[fd].ssl;
+ Security::SessionPtr ssl = fd_table[fd].ssl.get();
const int ssl_error = SSL_get_error(ssl, ret);
switch (ssl_error) {
anErr = new ErrorState(ERR_SECURE_CONNECT_FAIL, Http::scServiceUnavailable, NULL);
anErr->xerrno = sysErrNo;
- SSL *ssl = fd_table[fd].ssl;
+ Security::SessionPtr ssl = fd_table[fd].ssl.get();
Ssl::ErrorDetail *errFromFailure = (Ssl::ErrorDetail *)SSL_get_ex_data(ssl, ssl_ex_index_ssl_error_detail);
if (errFromFailure != NULL) {
// The errFromFailure is attached to the ssl object
return ::Config.ssl_client.sslContext;
}
-SSL *
+Security::SessionPtr
Ssl::BlindPeerConnector::initializeSsl()
{
- SSL *ssl = Ssl::PeerConnector::initializeSsl();
+ auto ssl = Ssl::PeerConnector::initializeSsl();
if (!ssl)
- return NULL;
+ return nullptr;
if (const CachePeer *peer = serverConnection()->getPeer()) {
assert(peer);
}
const int fd = serverConnection()->fd;
- SSL *ssl = fd_table[fd].ssl;
+ Security::SessionPtr ssl = fd_table[fd].ssl.get();
if (serverConnection()->getPeer() && !SSL_session_reused(ssl)) {
if (serverConnection()->getPeer()->sslSession)
SSL_SESSION_free(serverConnection()->getPeer()->sslSession);
return ::Config.ssl_client.sslContext;
}
-SSL *
+Security::SessionPtr
Ssl::PeekingPeerConnector::initializeSsl()
{
- SSL *ssl = Ssl::PeerConnector::initializeSsl();
+ auto ssl = Ssl::PeerConnector::initializeSsl();
if (!ssl)
- return NULL;
+ return nullptr;
if (ConnStateData *csd = request->clientConnectionManager.valid()) {
SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp);
// In server-first bumping mode, clientSsl is NULL.
- if (SSL *clientSsl = fd_table[clientConn->fd].ssl) {
+ if (auto clientSsl = fd_table[clientConn->fd].ssl.get()) {
BIO *b = SSL_get_rbio(clientSsl);
cltBio = static_cast<Ssl::ClientBio *>(b->ptr);
const Ssl::Bio::sslFeatures &features = cltBio->receivedHelloFeatures();
void
Ssl::PeekingPeerConnector::noteNegotiationDone(ErrorState *error)
{
- SSL *ssl = fd_table[serverConnection()->fd].ssl;
+ Security::SessionPtr ssl = fd_table[serverConnection()->fd].ssl.get();
// Check the list error with
if (!request->clientConnectionManager.valid() || ! ssl)
serverCertificateVerified();
if (splice) {
//retrieved received TLS client informations
- SSL *clientSsl = fd_table[clientConn->fd].ssl;
+ auto clientSsl = fd_table[clientConn->fd].ssl.get();
clientConn->tlsNegotiations()->fillWith(clientSsl);
switchToTunnel(request.getRaw(), clientConn, serverConn);
}
Ssl::PeekingPeerConnector::noteWantWrite()
{
const int fd = serverConnection()->fd;
- SSL *ssl = fd_table[fd].ssl;
+ Security::SessionPtr ssl = fd_table[fd].ssl.get();
BIO *b = SSL_get_rbio(ssl);
Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(b->ptr);
Ssl::PeekingPeerConnector::noteSslNegotiationError(const int result, const int ssl_error, const int ssl_lib_error)
{
const int fd = serverConnection()->fd;
- SSL *ssl = fd_table[fd].ssl;
+ Security::SessionPtr ssl = fd_table[fd].ssl.get();
BIO *b = SSL_get_rbio(ssl);
Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(b->ptr);
if (ConnStateData *csd = request->clientConnectionManager.valid()) {
const int fd = serverConnection()->fd;
- SSL *ssl = fd_table[fd].ssl;
+ Security::SessionPtr ssl = fd_table[fd].ssl.get();
Security::CertPointer serverCert(SSL_get_peer_certificate(ssl));
if (!serverCert.get())
return;
serverCert.resetAndLock(serverBump->serverCert.get());
else {
const int fd = serverConnection()->fd;
- SSL *ssl = fd_table[fd].ssl;
+ Security::SessionPtr ssl = fd_table[fd].ssl.get();
serverCert.reset(SSL_get_peer_certificate(ssl));
}
if (serverCert.get()) {
/// silent server
void setReadTimeout();
- virtual SSL *initializeSsl(); ///< Initializes SSL state
+ virtual Security::SessionPtr initializeSsl(); ///< Initializes SSL state
/// Performs a single secure connection negotiation step.
/// It is called multiple times untill the negotiation finish or aborted.
/// Calls parent initializeSSL, configure the created SSL object to try reuse SSL session
/// and sets the hostname to use for certificates validation
- virtual SSL *initializeSsl();
+ virtual Security::SessionPtr initializeSsl();
/// Return the configured Security::ContextPtr object
virtual Security::ContextPtr getSslContext();
}
/* PeerConnector API */
- virtual SSL *initializeSsl();
+ virtual Security::SessionPtr initializeSsl();
virtual Security::ContextPtr getSslContext();
virtual void noteWantWrite();
virtual void noteSslNegotiationError(const int result, const int ssl_error, const int ssl_lib_error);
//Hello message is the first message we write to server
assert(helloMsg.isEmpty());
- SSL *ssl = fd_table[fd_].ssl;
+ auto ssl = fd_table[fd_].ssl.get();
if (clientFeatures.initialized_ && ssl) {
if (bumpMode_ == Ssl::bumpPeek) {
if (adjustSSL(ssl, clientFeatures))
CtoCpp1(SSL_CTX_free, SSL_CTX *)
typedef TidyPointer<SSL_CTX, SSL_CTX_free_cpp> SSL_CTX_Pointer;
-CtoCpp1(SSL_free, SSL *)
-typedef TidyPointer<SSL, SSL_free_cpp> SSL_Pointer;
-
sk_free_wrapper(sk_X509_NAME, STACK_OF(X509_NAME) *, X509_NAME_free)
typedef TidyPointer<STACK_OF(X509_NAME), sk_X509_NAME_free_wrapper> X509_NAME_STACK_Pointer;
int
ssl_read_method(int fd, char *buf, int len)
{
- SSL *ssl = fd_table[fd].ssl;
- int i;
+ auto ssl = fd_table[fd].ssl.get();
#if DONT_DO_THIS
#endif
- i = SSL_read(ssl, buf, len);
+ int i = SSL_read(ssl, buf, len);
if (i > 0 && SSL_pending(ssl) > 0) {
debugs(83, 2, "SSL FD " << fd << " is pending");
int
ssl_write_method(int fd, const char *buf, int len)
{
- SSL *ssl = fd_table[fd].ssl;
- int i;
-
+ auto ssl = fd_table[fd].ssl.get();
if (!SSL_is_init_finished(ssl)) {
errno = ENOTCONN;
return -1;
}
- i = SSL_write(ssl, buf, len);
-
+ int i = SSL_write(ssl, buf, len);
return i;
}
assert(0);
#else
// Temporary ssl for getting X509 certificate from SSL_CTX.
- Ssl::SSL_Pointer ssl(SSL_new(sslContext));
+ Security::SessionPointer ssl(SSL_new(sslContext));
X509 * cert = SSL_get_certificate(ssl.get());
#endif
if (!cert)
const char *errAction = NULL;
int errCode = 0;
- if (SSL *ssl = SSL_new(sslContext)) {
+ if (auto ssl = SSL_new(sslContext)) {
// without BIO, we would call SSL_set_fd(ssl, fd) instead
if (BIO *bio = Ssl::Bio::Create(fd, type)) {
Ssl::Bio::Link(ssl, bio); // cannot fail
- fd_table[fd].ssl = ssl;
+ fd_table[fd].ssl.reset(ssl);
fd_table[fd].read_method = &ssl_read_method;
fd_table[fd].write_method = &ssl_write_method;
fd_note(fd, squidCtx);
-
return ssl;
}
errCode = ERR_get_error();
p = conn->clientConnection->rfc931;
#if USE_OPENSSL
-
if (!p && conn != NULL && Comm::IsConnOpen(conn->clientConnection))
- p = sslGetUserEmail(fd_table[conn->clientConnection->fd].ssl);
-
+ p = sslGetUserEmail(fd_table[conn->clientConnection->fd].ssl.get());
#endif
if (!p)
void Security::ServerOptions::updateContextEecdh(Security::ContextPtr &) STUB
#include "security/NegotiationHistory.h"
-
Security::NegotiationHistory::NegotiationHistory() STUB
-#if USE_OPENSSL
-void Security::NegotiationHistory::fillWith(SSL *) STUB
-#endif
+void Security::NegotiationHistory::fillWith(Security::SessionPtr) STUB
const char *Security::NegotiationHistory::cipherName() const STUB
const char *Security::NegotiationHistory::printTlsVersion(int) const STUB
fd_table[srvConn->fd].read_method = &default_read_method;
fd_table[srvConn->fd].write_method = &default_write_method;
- auto ssl = fd_table[srvConn->fd].ssl;
+ auto ssl = fd_table[srvConn->fd].ssl.get();
assert(ssl);
BIO *b = SSL_get_rbio(ssl);
Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(b->ptr);