connect_fail_limit(0),
max_conn(0),
domain(NULL),
-#if USE_OPENSSL
- sslContext(NULL),
-#endif
front_end_https(0),
connection_auth(2 /* auto */)
{
PeerPoolMgr::Checkpoint(standby.mgr, "peer gone");
xfree(domain);
-
-#if USE_OPENSSL
- if (sslContext)
- SSL_CTX_free(sslContext);
-#endif
}
/// security settings for peer connection
Security::PeerOptions secure;
- Security::ContextPtr sslContext;
+ Security::ContextPointer sslContext;
Security::SessionStatePointer sslSession;
int front_end_https;
external_acl *externalAclHelperList;
struct {
- Security::ContextPtr sslContext;
+ Security::ContextPointer sslContext;
#if USE_OPENSSL
char *foreignIntermediateCertsPath;
acl_access *cert_error;
Adaptation::Icap::ServiceRep::ServiceRep(const ServiceConfigPointer &svcCfg):
AsyncJob("Adaptation::Icap::ServiceRep"), Adaptation::Service(svcCfg),
- sslContext(NULL),
theOptions(NULL), theOptionsFetcher(0), theLastUpdate(0),
theBusyConns(0),
theAllWaiters(0),
// receive either an ICAP OPTIONS response header or an abort message
virtual void noteAdaptationAnswer(const Answer &answer);
- Security::ContextPtr sslContext;
+ Security::ContextPointer sslContext;
Security::SessionStatePointer sslSession;
private:
/* Security::PeerConnector API */
virtual bool initialize(Security::SessionPointer &);
virtual void noteNegotiationDone(ErrorState *error);
- virtual Security::ContextPtr getSslContext() {return icapService->sslContext;}
+ virtual Security::ContextPtr getSslContext() {
+ return icapService->sslContext.get();
+ }
private:
Adaptation::Icap::ServiceRep::Pointer icapService;
#endif
}
#if USE_OPENSSL
- Ssl::useSquidUntrusted(Config.ssl_client.sslContext);
+ Ssl::useSquidUntrusted(Config.ssl_client.sslContext.get());
#endif
}
configFreeMemory(void)
{
free_all();
+ Config.ssl_client.sslContext.reset();
#if USE_OPENSSL
- SSL_CTX_free(Config.ssl_client.sslContext);
Ssl::unloadSquidUntrusted();
#endif
}
$(top_builddir)/src/ip/libip.la \
$(top_builddir)/src/base/libbase.la \
$(COMPAT_LIB) \
+ $(SSLLIB) \
$(XTRA_LIBS)
CLEANFILES += $(COPIED_SOURCE)
{
if (const CachePeer *peer = serverConnection()->getPeer()) {
assert(peer->secure.encryptTransport);
- Security::ContextPtr sslContext(peer->sslContext);
- return sslContext;
+ return peer->sslContext.get();
}
- return ::Config.ssl_client.sslContext;
+ return ::Config.ssl_client.sslContext.get();
}
bool
return ctx;
}
-Security::ContextPtr
+Security::ContextPointer
Security::PeerOptions::createClientContext(bool setOptions)
{
updateTlsVersionLimits();
- Security::ContextPointer t = createBlankContext();
+ Security::ContextPointer t(createBlankContext());
if (t) {
#if USE_OPENSSL
// XXX: temporary performance regression. c_str() data copies and prevents this being a const method
updateContextCrl(t.get());
}
- return t.release();
+ return t;
}
/// set of options we can parse and what they map to
virtual Security::ContextPointer createBlankContext() const;
/// generate a security client-context from these configured options
- Security::ContextPtr createClientContext(bool setOptions);
+ Security::ContextPointer createClientContext(bool setOptions);
/// sync the context options with tls-min-version=N configuration
void updateTlsVersionLimits();
Security::ContextPtr
Ssl::PeekingPeerConnector::getSslContext()
{
- // XXX: locate a per-server context in Security:: instead
- return ::Config.ssl_client.sslContext;
+ return ::Config.ssl_client.sslContext.get();
}
bool
#include "security/PeerOptions.h"
Security::PeerOptions Security::ProxyOutgoingConfig;
void Security::PeerOptions::parse(char const*) STUB
-Security::ContextPtr Security::PeerOptions::createClientContext(bool) STUB_RETVAL(NULL)
+Security::ContextPointer Security::PeerOptions::createClientContext(bool) STUB_RETVAL(Security::ContextPointer())
void Security::PeerOptions::updateTlsVersionLimits() STUB
Security::ContextPointer Security::PeerOptions::createBlankContext() const STUB_RETVAL(Security::ContextPointer())
void Security::PeerOptions::updateContextCa(Security::ContextPtr) STUB
projects / thirdparty / squid.git / commitdiff
