CbDataList (C const &);
~CbDataList();
+ bool push_back_unique(C const &);
bool find(C const &)const;
bool findAndTune(C const &);
CbDataList *next;
delete next;
}
+template <class C>
+bool
+CbDataList<C>::push_back_unique(C const &toAdd)
+{
+ CbDataList<C> *last;
+ for (last = this; last->next; last = last->next) {
+ if (last->element == toAdd)
+ return false;
+ }
+
+ last->next = new CbDataList<C> (toAdd);
+ return true;
+}
+
template <class C>
bool
CbDataList<C>::find (C const &toFind) const
#if USE_SSL
ACL::Prototype ACLSslError::RegistryProtoype(&ACLSslError::RegistryEntry_, "ssl_error");
-ACLStrategised<Ssl::Errors const &> ACLSslError::RegistryEntry_(new ACLSslErrorData, ACLSslErrorStrategy::Instance(), "ssl_error");
+ACLStrategised<const Ssl::Errors *> ACLSslError::RegistryEntry_(new ACLSslErrorData, ACLSslErrorStrategy::Instance(), "ssl_error");
ACL::Prototype ACLCertificate::UserRegistryProtoype(&ACLCertificate::UserRegistryEntry_, "user_cert");
ACLStrategised<SSL *> ACLCertificate::UserRegistryEntry_(new ACLCertificateData (sslGetUserAttribute), ACLCertificateStrategy::Instance(), "user_cert");
ACL::Prototype ACLCertificate::CARegistryProtoype(&ACLCertificate::CARegistryEntry_, "ca_cert");
#if SQUID_SNMP
snmp_community(NULL),
#endif
+ sslErrorList(NULL),
extacl_entry (NULL),
conn_(NULL),
fd_(-1),
cbdataReferenceDone(conn_);
+ cbdataReferenceDone(sslErrorList);
+
debugs(28, 4, HERE << "ACLFilledChecklist destroyed " << this);
}
#if SQUID_SNMP
snmp_community(NULL),
#endif
+ sslErrorList(NULL),
extacl_entry (NULL),
conn_(NULL),
fd_(-1),
#endif
#if USE_SSL
- Ssl::Errors sslErrorList;
+ Ssl::Errors *sslErrorList;
#endif
ExternalACLEntry *extacl_entry;
#include "acl/Strategised.h"
#include "ssl/support.h"
-class ACLSslErrorStrategy : public ACLStrategy<Ssl::Errors const&>
+class ACLSslErrorStrategy : public ACLStrategy<const Ssl::Errors *>
{
public:
private:
static ACL::Prototype RegistryProtoype;
- static ACLStrategised<Ssl::Errors const&> RegistryEntry_;
+ static ACLStrategised<const Ssl::Errors *> RegistryEntry_;
};
#endif /* SQUID_ACLSSL_ERROR_H */
}
bool
-ACLSslErrorData::match(Ssl::Errors const &toFind)
+ACLSslErrorData::match(const Ssl::Errors *toFind)
{
- typedef std::vector<Ssl::ssl_error_t>::const_iterator SEsI;
- for (SEsI it = toFind.begin() ; it != toFind.end(); it++ ) {
- if (values->findAndTune (*it))
+ const Ssl::Errors * err;
+ for (err = toFind ; err != NULL; err = err->next ) {
+ if (values->findAndTune (err->element))
return true;
}
return false;
/* explicit instantiation required for some systems */
/** \cond AUTODOCS-IGNORE */
// AYJ: 2009-05-20 : Removing. clashes with template <int> instantiation for other ACLs.
-// template cbdata_type CbDataList<Ssl::ssl_error_t>::CBDATA_CbDataList;
+// template cbdata_type Ssl::Errors::CBDATA_CbDataList;
/** \endcond */
wordlist *
ACLSslErrorData::dump()
{
wordlist *W = NULL;
- CbDataList<Ssl::ssl_error_t> *data = values;
+ Ssl::Errors *data = values;
while (data != NULL) {
wordlistAdd(&W, Ssl::GetErrorName(data->element));
void
ACLSslErrorData::parse()
{
- CbDataList<Ssl::ssl_error_t> **Tail;
+ Ssl::Errors **Tail;
char *t = NULL;
for (Tail = &values; *Tail; Tail = &((*Tail)->next));
while ((t = strtokFile())) {
- CbDataList<Ssl::ssl_error_t> *q = new CbDataList<Ssl::ssl_error_t>(Ssl::ParseErrorString(t));
+ Ssl::Errors *q = new Ssl::Errors(Ssl::ParseErrorString(t));
*(Tail) = q;
Tail = &q->next;
}
#include "ssl/ErrorDetail.h"
#include <vector>
-class ACLSslErrorData : public ACLData<Ssl::Errors const&>
+class ACLSslErrorData : public ACLData<const Ssl::Errors *>
{
public:
ACLSslErrorData(ACLSslErrorData const &);
ACLSslErrorData &operator= (ACLSslErrorData const &);
virtual ~ACLSslErrorData();
- bool match(Ssl::Errors const &);
+ bool match(const Ssl::Errors *);
wordlist *dump();
void parse();
bool empty() const;
virtual ACLSslErrorData *clone() const;
- CbDataList<Ssl::ssl_error_t> *values;
+ Ssl::Errors *values;
};
MEMPROXY_CLASS_INLINE(ACLSslErrorData);
if (bumpErrorEntry)
bumpErrorEntry->unlock();
#endif
+
+ cbdataReferenceDone(bumpSslErrorNoList);
}
/**
checklist.conn(this);
checklist.src_addr = clientConnection->remote;
checklist.my_addr = clientConnection->local;
- checklist.sslErrorList = bumpSslErrorNoList;
+ checklist.sslErrorList = cbdataReference(bumpSslErrorNoList);
for (sslproxy_cert_adapt *ca = Config.ssl_client.cert_adapt; ca != NULL; ca = ca->next) {
if (ca->aclList && checklist.fastCheck(ca->aclList) == ACCESS_ALLOWED) {
StoreEntry *bumpServerFirstErrorEntry() const {return bumpErrorEntry;}
void setBumpServerCert(X509 *serverCert) {bumpServerCert.reset(serverCert);}
X509 *getBumpServerCert() {return bumpServerCert.get();}
- void setBumpSslErrorList(Ssl::Errors &errNoList) {bumpSslErrorNoList = errNoList;}
+ void setBumpSslErrorList(Ssl::Errors *errNoList) {bumpSslErrorNoList = cbdataReference(errNoList);}
/// Fill the certAdaptParams with the required data for certificate adaptation
/// and create the key for storing/retrieve the certificate to/from the cache
void buildSslCertAdaptParams(Ssl::CrtdMessage::BodyParams &certAdaptParams);
CbcPointer<Ssl::ServerPeeker> httpsPeeker;
StoreEntry *bumpErrorEntry;
Ssl::X509_Pointer bumpServerCert;
- Ssl::Errors bumpSslErrorNoList; ///< The list of SSL certificate errors which ignored
+ Ssl::Errors *bumpSslErrorNoList; ///< The list of SSL certificate errors which ignored
#endif
AsyncCall::Pointer reader; ///< set when we are reading
// if there is a list of ssl errors, pass it to connection manager
if (Ssl::Errors *errNoList = static_cast<Ssl::Errors *>(SSL_get_ex_data(ssl, ssl_ex_index_ssl_error_sslerrno)))
- request->clientConnectionManager->setBumpSslErrorList(*errNoList);
+ request->clientConnectionManager->setBumpSslErrorList(errNoList);
}
HttpRequest *fakeRequest = NULL;
if (request->clientConnectionManager.valid()) {
request->clientConnectionManager->setBumpServerCert(SSL_get_peer_certificate(ssl));
if (Ssl::Errors *errNoList = static_cast<Ssl::Errors *>(SSL_get_ex_data(ssl, ssl_ex_index_ssl_error_sslerrno)))
- request->clientConnectionManager->setBumpSslErrorList(*errNoList);
+ request->clientConnectionManager->setBumpSslErrorList(errNoList);
}
if (serverConnection()->getPeer() && !SSL_session_reused(ssl)) {
#define SQUID_SSL_CERTIFICATE_DB_H
#include "ssl/gadgets.h"
-#include "ssl/support.h"
#if HAVE_STRING
#include <string>
#endif
if (!ok) {
Ssl::Errors *errNoList = static_cast<Ssl::Errors *>(SSL_get_ex_data(ssl, ssl_ex_index_ssl_error_sslerrno));
if (!errNoList) {
- errNoList = new Ssl::Errors;
+ errNoList = new Ssl::Errors(error_no);
if (!SSL_set_ex_data(ssl, ssl_ex_index_ssl_error_sslerrno, (void *)errNoList)) {
debugs(83, 2, "Failed to set ssl error_no in ssl_verify_cb: Certificate " << buffer);
delete errNoList;
errNoList = NULL;
}
}
-
- if (errNoList) // Append the err no to the SSL errors lists.
- errNoList->push_back(error_no);
+ else // Append the err no to the SSL errors lists.
+ errNoList->push_back_unique(error_no);
if (const char *err_descr = Ssl::GetErrorDescr(error_no))
debugs(83, 5, err_descr << ": " << buffer);
if (check) {
ACLFilledChecklist *filledCheck = Filled(check);
- filledCheck->sslErrorList.clear();
- filledCheck->sslErrorList.push_back(error_no);
+ assert(filledCheck->sslErrorList == NULL);
+ filledCheck->sslErrorList = new Ssl::Errors(error_no);
if (check->fastCheck() == ACCESS_ALLOWED) {
debugs(83, 3, "bypassing SSL error " << error_no << " in " << buffer);
ok = 1;
} else {
debugs(83, 5, "confirming SSL error " << error_no);
}
+ // Delete the ssl error list
+ delete filledCheck->sslErrorList;
+ filledCheck->sslErrorList = NULL;
}
}
#ifndef SQUID_SSL_SUPPORT_H
#define SQUID_SSL_SUPPORT_H
+#include "CbDataList.h"
#include "ssl/gadgets.h"
#if HAVE_OPENSSL_SSL_H
/// Squid defined error code (<0), an error code returned by SSL X509 api, or SSL_ERROR_NONE
typedef int ssl_error_t;
-/// \ingroup ServerProtocolSSLAPI
-/// SSL error codes in the order they were encountered
-typedef std::vector<ssl_error_t> Errors;
+typedef CbDataList<Ssl::ssl_error_t> Errors;
+
} //namespace Ssl
/// \ingroup ServerProtocolSSLAPI
projects / thirdparty / squid.git / commitdiff
