/*
- * $Id: cache_cf.cc,v 1.466 2005/03/18 14:38:10 hno Exp $
+ * $Id: cache_cf.cc,v 1.467 2005/03/18 15:36:07 hno Exp $
*
* DEBUG: section 3 Configuration File Parsing
* AUTHOR: Harvest Derived
for (s = Config.Sockaddr.https; s != NULL; s = (https_port_list *) s->http.next) {
debug(3, 1) ("Initializing https_port %s:%d SSL context\n", inet_ntoa(s->http.s.sin_addr), ntohs(s->http.s.sin_port));
- s->sslContext = sslCreateServerContext(s->cert, s->key, s->version, s->cipher, s->options, s->sslflags, s->clientca, s->cafile, s->capath, s->dhfile);
+ s->sslContext = sslCreateServerContext(s->cert, s->key, s->version, s->cipher, s->options, s->sslflags, s->clientca, s->cafile, s->capath, s->dhfile, s->sslcontext);
}
}
} else if (strncmp(token, "sslflags=", 9) == 0) {
safe_free(s->sslflags);
s->sslflags = xstrdup(token + 9);
+ } else if (strncmp(token, "sslcontext=", 11) == 0) {
+ safe_free(s->sslcontext);
+ s->sslcontext = xstrdup(token + 11);
} else {
parse_http_port_option(&s->http, token);
}
if (s->sslflags)
storeAppendPrintf(e, " sslflags=%s", s->sslflags);
+ if (s->sslcontext)
+ storeAppendPrintf(e, " sslcontext=%s", s->sslcontext);
+
storeAppendPrintf(e, "\n");
s = (https_port_list *) s->http.next;
#
-# $Id: cf.data.pre,v 1.380 2005/03/09 20:14:37 serassio Exp $
+# $Id: cf.data.pre,v 1.381 2005/03/18 15:36:07 hno Exp $
#
#
# SQUID Web Proxy Cache http://www.squid-cache.org/
Don't use the default CA list built in
to OpenSSL
+ sslcontext= SSL session ID context identifier.
+
accel Accelerator mode. Also set implicit by the other
accelerator directives
/*
- * $Id: ssl_support.cc,v 1.23 2005/03/18 15:26:30 hno Exp $
+ * $Id: ssl_support.cc,v 1.24 2005/03/18 15:36:08 hno Exp $
*
* AUTHOR: Benno Rice
* DEBUG: section 83 SSL accelerator support
}
SSL_CTX *
-sslCreateServerContext(const char *certfile, const char *keyfile, int version, const char *cipher, const char *options, const char *flags, const char *clientCA, const char *CAfile, const char *CApath, const char *dhfile)
+sslCreateServerContext(const char *certfile, const char *keyfile, int version, const char *cipher, const char *options, const char *flags, const char *clientCA, const char *CAfile, const char *CApath, const char *dhfile, const char *context)
{
int ssl_error;
SSL_METHOD *method;
SSL_CTX_set_options(sslContext, ssl_parse_options(options));
+ if (context && *context) {
+ SSL_CTX_set_session_id_context(sslContext, context, strlen(context));
+ }
+
if (Config.SSL.unclean_shutdown) {
debug(83, 5) ("Enabling quiet SSL shutdowns (RFC violation).\n");
/*
- * $Id: ssl_support.h,v 1.8 2003/04/17 15:25:44 hno Exp $
+ * $Id: ssl_support.h,v 1.9 2005/03/18 15:36:08 hno Exp $
*
* AUTHOR: Benno Rice
*
#include <openssl/engine.h>
#endif
-SSL_CTX *sslCreateServerContext(const char *certfile, const char *keyfile, int version, const char *cipher, const char *options, const char *flags, const char *clientCA, const char *CAfile, const char *CApath, const char *dhpath);
+SSL_CTX *sslCreateServerContext(const char *certfile, const char *keyfile, int version, const char *cipher, const char *options, const char *flags, const char *clientCA, const char *CAfile, const char *CApath, const char *dhpath, const char *context);
SSL_CTX *sslCreateClientContext(const char *certfile, const char *keyfile, int version, const char *cipher, const char *options, const char *flags, const char *CAfile, const char *CApath);
int ssl_read_method(int, char *, int);
int ssl_write_method(int, const char *, int);
/*
- * $Id: structs.h,v 1.512 2005/03/06 21:08:13 serassio Exp $
+ * $Id: structs.h,v 1.513 2005/03/18 15:36:08 hno Exp $
*
*
* SQUID Web Proxy Cache http://www.squid-cache.org/
char *capath;
char *dhfile;
char *sslflags;
+ char *sslcontext;
SSL_CTX *sslContext;
};
projects / thirdparty / squid.git / commitdiff
