}
}
-// XXX: make a GnuTLS variant
+Security::ContextPtr
+Security::PeerOptions::createBlankContext() const
+{
+ Security::ContextPtr t = nullptr;
+
+#if USE_OPENSSL
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ t = SSL_CTX_new(TLS_client_method());
+#else
+ t = SSL_CTX_new(SSLv23_client_method());
+#endif
+ if (!t) {
+ const auto x = ERR_error_string(ERR_get_error(), nullptr);
+ fatalf("Failed to allocate TLS client context: %s\n", x);
+ }
+
+#elif USE_GNUTLS
+ // Initialize for X.509 certificate exchange
+ if (const int x = gnutls_certificate_allocate_credentials(&t)) {
+ fatalf("Failed to allocate TLS client context: error=%d\n", x);
+ }
+
+#else
+ fatal("Failed to allocate TLS client context: No TLS library\n");
+
+#endif
+
+ return t;
+}
+
Security::ContextPtr
Security::PeerOptions::createClientContext(bool setOptions)
{
// XXX: temporary performance regression. c_str() data copies and prevents this being a const method
t = sslCreateClientContext(certFile.c_str(), privateKeyFile.c_str(), sslCipher.c_str(),
(setOptions ? parsedOptions : 0), parsedFlags);
+
+#elif USE_GNUTLS && WHEN_READY_FOR_GNUTLS
+ t = createBlankContext();
+
#endif
if (t) {
/// reset the configuration details to default
virtual void clear() {*this = PeerOptions();}
+ /// generate an unset security context object
+ virtual Security::ContextPtr createBlankContext() const;
+
/// generate a security client-context from these configured options
Security::ContextPtr createClientContext(bool setOptions);
p->appendf(" %sdh=" SQUIDSBUFPH, pfx, SQUIDSBUFPRINT(dh));
}
+Security::ContextPtr
+Security::ServerOptions::createBlankContext() const
+{
+ Security::ContextPtr t = nullptr;
+
+#if USE_OPENSSL
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ t = SSL_CTX_new(TLS_server_method());
+#else
+ t = SSL_CTX_new(SSLv23_server_method());
+#endif
+ if (!t) {
+ const auto x = ERR_error_string(ERR_get_error(), nullptr);
+ debugs(83, DBG_CRITICAL, "ERROR: Failed to allocate TLS server context: " << x);
+ }
+
+#elif USE_GNUTLS
+ // Initialize for X.509 certificate exchange
+ if (const int x = gnutls_certificate_allocate_credentials(&t)) {
+ debugs(83, DBG_CRITICAL, "ERROR: Failed to allocate TLS server context: error=" << x);
+ }
+
+#else
+ debugs(83, DBG_CRITICAL, "ERROR: Failed to allocate TLS server context: No TLS library");
+
+#endif
+
+ return t;
+}
+
void
Security::ServerOptions::loadDhParams()
{
/* Security::PeerOptions API */
virtual void parse(const char *);
virtual void clear() {*this = ServerOptions();}
+ virtual Security::ContextPtr createBlankContext() const;
virtual void dumpCfg(Packable *, const char *pfx) const;
/// update the context with DH, EDH, EECDH settings
{
ssl_initialize();
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
- Security::ContextPtr sslContext(SSL_CTX_new(TLS_server_method()));
-#else
- Security::ContextPtr sslContext(SSL_CTX_new(SSLv23_server_method()));
-#endif
-
- if (sslContext == NULL) {
- const int ssl_error = ERR_get_error();
- debugs(83, DBG_CRITICAL, "ERROR: Failed to allocate SSL context: " << ERR_error_string(ssl_error, NULL));
- return NULL;
- }
+ Security::ContextPtr sslContext(port.secure.createBlankContext());
+ if (!sslContext)
+ return nullptr;
if (!SSL_CTX_use_certificate(sslContext, port.signingCert.get())) {
const int ssl_error = ERR_get_error();
projects / thirdparty / squid.git / commitdiff
