void
Security::PeerOptions::updateSessionOptions(Security::SessionPointer &s)
{
+#if USE_OPENSSL
// 'options=' value being set to session is a GnuTLS specific thing.
-#if !USE_OPENSSL && USE_GNUTLS
+#elif USE_GNUTLS
int x;
SBuf errMsg;
if (!parsedOptions) {
}
#endif
+#if USE_OPENSSL
+Security::SessionPointer
+Security::NewSessionObject(const Security::ContextPointer &ctx)
+{
+ Security::SessionPointer session(SSL_new(ctx.get()), [](SSL *p) {
+ debugs(83, 5, "SSL_free session=" << (void*)p);
+ SSL_free(p);
+ });
+ debugs(83, 5, "SSL_new session=" << (void*)session.get());
+ return session;
+}
+#endif
+
static bool
CreateSession(const Security::ContextPointer &ctx, const Comm::ConnectionPointer &conn, Security::Io::Type type, const char *squidCtx)
{
const char *errAction = "with no TLS/SSL library";
int errCode = 0;
#if USE_OPENSSL
- Security::SessionPointer session(SSL_new(ctx.get()), [](SSL *p) {
- debugs(83, 5, "SSL_free session=" << (void*)p);
- SSL_free(p);
- });
- debugs(83, 5, "SSL_new session=" << (void*)session.get());
+ Security::SessionPointer session(Security::NewSessionObject(ctx));
if (!session) {
errCode = ERR_get_error();
errAction = "failed to allocate handle";
/// Needs to be done before using the SessionPointer for a handshake.
void SetSessionResumeData(const Security::SessionPointer &, const Security::SessionStatePointer &);
+#if USE_OPENSSL
+/// \deprecated use the PeerOptions/ServerOptions API methods instead.
+/// Wraps SessionPointer value creation to reduce risk of
+/// a nasty hack in ssl/support.cc.
+Security::SessionPointer NewSessionObject(const Security::ContextPointer &);
+#endif
+
} // namespace Security
#endif /* SQUID_SRC_SECURITY_SESSION_H */
namespace Io
{
enum Type {
-#if USE_GNUTLS
+#if USE_OPENSSL
+ BIO_TO_CLIENT = 6000,
+ BIO_TO_SERVER
+#elif USE_GNUTLS
// NP: this is odd looking but correct.
// 'to-client' means we are a server, and vice versa.
BIO_TO_CLIENT = GNUTLS_SERVER,
class KeyData;
-#if !USE_OPENSSL && USE_GNUTLS
+#if USE_OPENSSL
+typedef long ParsedOptions;
+#elif USE_GNUTLS
typedef std::shared_ptr<struct gnutls_priority_st> ParsedOptions;
#else
-typedef long ParsedOptions;
+class ParsedOptions {}; // we never parse/use TLS options in this case
#endif
class PeerConnector;
assert(0);
#else
// Temporary ssl for getting X509 certificate from SSL_CTX.
- Security::SessionPointer ssl(SSL_new(ctx.get()), [](SSL *p) {
- debugs(83, 5, "SSL_free session=" << (void*)p);
- SSL_free(p);
- });
- debugs(83, 5, "SSL_new session=" << (void*)ssl.get());
+ Security::SessionPointer ssl(Security::NewSessionObject(ctx));
X509 * cert = SSL_get_certificate(ssl.get());
#endif
if (!cert)
#include "security/PeerOptions.h"
Security::PeerOptions Security::ProxyOutgoingConfig;
Security::PeerOptions::PeerOptions() {
-#if !USE_GNUTLS
+#if USE_OPENSSL
parsedOptions = 0;
#endif
STUB_NOP
bool SessionIsResumed(const Security::SessionPointer &) STUB_RETVAL(false)
void MaybeGetSessionResumeData(const Security::SessionPointer &, Security::SessionStatePointer &) STUB
void SetSessionResumeData(const Security::SessionPointer &, const Security::SessionStatePointer &) STUB
+#if USE_OPENSSL
+Security::SessionPointer NewSessionObject(const Security::ContextPointer &) STUB_RETVAL(nullptr)
+#endif
} // namespace Security
projects / thirdparty / squid.git / commitdiff
