Importing SslBump feature from Squid3 ssl-bump branch:

        Store connection file descriptor, to be used to get to the
        connection SSL structure when client-side ConnStateData is not
        available.

        Store SSL error code, to be used by ssl_error ACL
        (ACLSslError*).

        Polished comments. Added TODO.

diff --git a/src/ACLChecklist.cc b/src/ACLChecklist.cc
index 74eaead25d9bbfdd49dbb6166af60f5ef680d151..8ef3b2de3d02678dc89e860f177d6a237d8e82fb 100644 (file)
--- a/src/ACLChecklist.cc
+++ b/src/ACLChecklist.cc
@@ -1,5 +1,5 @@
 /*
- * $Id: ACLChecklist.cc,v 1.44 2008/02/07 18:16:24 rousskov Exp $
+ * $Id: ACLChecklist.cc,v 1.45 2008/02/11 22:25:53 rousskov Exp $
  *
  * DEBUG: section 28    Access Control
  * AUTHOR: Duane Wessels
@@ -363,11 +363,15 @@ ACLChecklist::ACLChecklist() :
         auth_user_request (NULL),
 #if SQUID_SNMP
         snmp_community(NULL),
+#endif
+#if USE_SSL
+        ssl_error(0),
 #endif
         callback (NULL),
         callback_data (NULL),
         extacl_entry (NULL),
         conn_(NULL),
+        fd_(-1),
         async_(false),
         finished_(false),
         allow_(ACCESS_DENIED),
@@ -418,6 +422,19 @@ ACLChecklist::conn(ConnStateData::Pointer aConn)
     conn_ = aConn;
 }
 
+int
+ACLChecklist::fd() const
+{
+    return conn_ != NULL ? conn_->fd : fd_;
+}
+
+void
+ACLChecklist::fd(int aDescriptor)
+{
+    assert(!conn() || conn()->fd == aDescriptor);
+    fd_ = aDescriptor;
+}
+
 void
 ACLChecklist::AsyncState::changeState (ACLChecklist *checklist, AsyncState *newState) const
 {
@@ -556,10 +573,10 @@ ACLChecklist::checking (bool const newValue)
  *    returns, ACLChecklist::checkCallback() will free the ACLChecklist using
  *    aclChecklistFree().
  */
-
 ACLChecklist *
 aclChecklistCreate(const acl_access * A, HttpRequest * request, const char *ident)
 {
+    // TODO: make this a constructor? On-stack creation uses the same code.
     ACLChecklist *checklist = new ACLChecklist;
 
     if (A)

diff --git a/src/ACLChecklist.h b/src/ACLChecklist.h
index 8746925b1f4f46a7615cb9448985b5ce9d64a010..ec33d44b4b791a8c4153d75396143c86ecac78cb 100644 (file)
--- a/src/ACLChecklist.h
+++ b/src/ACLChecklist.h
@@ -1,6 +1,6 @@
 
 /*
- * $Id: ACLChecklist.h,v 1.29 2007/12/14 23:11:45 amosjeffries Exp $
+ * $Id: ACLChecklist.h,v 1.30 2008/02/11 22:25:53 rousskov Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -97,8 +97,14 @@ class NullState : public AsyncState
     void checkCallback(allow_t answer);
     void preCheck();
     _SQUID_INLINE_ bool matchAclListFast(const ACLList * list);
+
     ConnStateData::Pointer conn();
+    int fd() const; // uses conn() if available
+
+    // set either conn or FD
     void conn(ConnStateData::Pointer);
+    void fd(int aDescriptor);
+
     int authenticated();
 
     bool asyncInProgress() const;
@@ -131,6 +137,10 @@ class NullState : public AsyncState
     char *snmp_community;
 #endif
 
+#if USE_SSL
+    int ssl_error;
+#endif
+
     PF *callback;
     void *callback_data;
     ExternalACLEntry *extacl_entry;
@@ -144,6 +154,7 @@ private:
     void matchAclListSlow(const ACLList * list);
     CBDATA_CLASS(ACLChecklist);
     ConnStateData::Pointer conn_;      /* hack for ident and NTLM */
+    int fd_; // may be available when conn_ is not
     bool async_;
     bool finished_;
     allow_t allow_;