/*
- * $Id: enums.h,v 1.260 2007/12/14 20:07:15 hno Exp $
+ * $Id: enums.h,v 1.261 2008/02/11 22:26:39 rousskov Exp $
*
*
* SQUID Web Proxy Cache http://www.squid-cache.org/
ERR_WRITE_ERROR,
ERR_SHUTTING_DOWN,
ERR_CONNECT_FAIL,
+ ERR_SECURE_CONNECT_FAIL,
ERR_INVALID_REQ,
ERR_UNSUP_REQ,
ERR_INVALID_URL,
/*
- * $Id: forward.cc,v 1.174 2008/02/07 18:22:23 rousskov Exp $
+ * $Id: forward.cc,v 1.175 2008/02/11 22:26:39 rousskov Exp $
*
* DEBUG: section 17 Request Forwarding
* AUTHOR: Duane Wessels
debugs(81, 1, "fwdNegotiateSSL: Error negotiating SSL connection on FD " << fd <<
": " << ERR_error_string(ERR_get_error(), NULL) << " (" << ssl_error <<
"/" << ret << "/" << errno << ")");
- ErrorState *anErr = errorCon(ERR_CONNECT_FAIL, HTTP_SERVICE_UNAVAILABLE, request);
+ ErrorState *anErr = errorCon(ERR_SECURE_CONNECT_FAIL, HTTP_SERVICE_UNAVAILABLE, request);
#ifdef EPROTO
anErr->xerrno = EPROTO;
SSL_set_ex_data(ssl, ssl_ex_index_server, (void*)request->GetHost());
}
+ // Create the ACL check list now, while we have access to more info.
+ // The list is used in ssl_verify_cb() and is freed in ssl_free().
+ if (acl_access *acl = Config.ssl_client.cert_error) {
+ ACLChecklist *check = aclChecklistCreate(acl, request, dash_str);
+ check->fd(fd);
+ SSL_set_ex_data(ssl, ssl_ex_index_cert_error_check, check);
+ }
+
fd_table[fd].ssl = ssl;
fd_table[fd].read_method = &ssl_read_method;
fd_table[fd].write_method = &ssl_write_method;
projects / thirdparty / squid.git / commitdiff
