with_openssl=yes
esac
])
-AH_TEMPLATE(USE_SSL,[OpenSSL support is available])
+AH_TEMPLATE(USE_OPENSSL,[OpenSSL support is available])
## OpenSSL is default disable due to licensing issues on some OS
if test "x$with_openssl" = "xyes"; then
AC_CHECK_HEADERS( \
if test "x$LIBOPENSSL_LIBS" != "x" ; then
CXXFLAGS="$LIBOPENSSL_CFLAGS $CXXFLAGS"
SSLLIB="$LIBOPENSSL_LIBS $SSLLIB"
- AC_DEFINE(USE_SSL,1,[OpenSSL support is available])
+ AC_DEFINE(USE_OPENSSL,1,[OpenSSL support is available])
# check for other specific broken implementations
SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS
USE_SELECT \
USE_SELECT_WIN32 \
USE_SQUID_ESI \
- USE_SSL \
+ USE_OPENSSL \
USE_LINUX_TPROXY2 \
USE_LINUX_TPROXY4 \
USE_UNLINKD \
#include "HttpRequest.h"
#include "SquidConfig.h"
-#if USE_SSL
+#if USE_OPENSSL
#include "ssl/support.h"
AccessLogEntry::SslDetails::SslDetails(): user(NULL), bumpMode(::Ssl::bumpEnd)
{
}
-#endif /* USE_SSL */
+#endif /* USE_OPENSSL */
void
AccessLogEntry::getLogClientIp(char *buf, size_t bufsz) const
#if ICAP_CLIENT
#include "adaptation/icap/Elements.h"
#endif
-#if USE_SSL
+#if USE_OPENSSL
#include "ssl/gadgets.h"
#endif
const char *opcode;
} htcp;
-#if USE_SSL
+#if USE_OPENSSL
/// logging information specific to the SSL protocol
class SslDetails
{
msec(0),
rfc931 (NULL),
extuser(NULL),
-#if USE_SSL
+#if USE_OPENSSL
ssluser(NULL),
#endif
port(NULL) {
int msec;
const char *rfc931;
const char *extuser;
-#if USE_SSL
+#if USE_OPENSSL
const char *ssluser;
Ssl::X509_Pointer sslClientCert; ///< cert received from the client
#include "acl/SourceAsn.h"
#include "acl/SourceDomain.h"
#include "acl/SourceIp.h"
-#if USE_SSL
+#if USE_OPENSSL
#include "acl/Certificate.h"
#include "acl/CertificateData.h"
#include "acl/SslError.h"
#include "acl/Strategised.h"
#include "acl/Strategy.h"
#include "acl/StringData.h"
-#if USE_SSL
+#if USE_OPENSSL
#include "acl/ServerCertificate.h"
#endif
#include "acl/Tag.h"
ACL::Prototype ACLUrlPort::RegistryProtoype(&ACLUrlPort::RegistryEntry_, "port");
ACLStrategised<int> ACLUrlPort::RegistryEntry_(new ACLIntRange, ACLUrlPortStrategy::Instance(), "port");
-#if USE_SSL
+#if USE_OPENSSL
ACL::Prototype ACLSslError::RegistryProtoype(&ACLSslError::RegistryEntry_, "ssl_error");
ACLStrategised<const Ssl::CertErrors *> ACLSslError::RegistryEntry_(new ACLSslErrorData, ACLSslErrorStrategy::Instance(), "ssl_error");
ACL::Prototype ACLCertificate::UserRegistryProtoype(&ACLCertificate::UserRegistryEntry_, "user_cert");
//TODO: remove, it is unconditionally defined and always used.
#define PEER_MULTICAST_SIBLINGS 1
-#if USE_SSL
+#if HAVE_OPENSSL_SSL_H
#include <openssl/ssl.h>
#endif
int connect_fail_limit;
int max_conn;
char *domain; /* Forced domain */
-#if USE_SSL
+#if USE_OPENSSL
int use_ssl;
char *sslcert;
void adaptationAccessCheck();
#endif
-#if USE_SSL
+#if USE_OPENSSL
/**
* Initiates and start the acl checklist to check if the a CONNECT
* request must be bumped.
bool interpreted_req_hdrs;
bool tosToClientDone;
bool nfmarkToClientDone;
-#if USE_SSL
+#if USE_OPENSSL
bool sslBumpCheckDone;
#endif
ErrorState *error; ///< saved error page for centralized/delayed processing
#include "StoreClient.h"
#include "urn.h"
#include "whois.h"
-#if USE_SSL
+#if USE_OPENSSL
#include "ssl/cert_validate_message.h"
#include "ssl/Config.h"
#include "ssl/ErrorDetail.h"
static PSC fwdPeerSelectionCompleteWrapper;
static CLCB fwdServerClosedWrapper;
-#if USE_SSL
+#if USE_OPENSSL
static PF fwdNegotiateSSLWrapper;
#endif
static CNCB fwdConnectDoneWrapper;
assert(err);
errorAppendEntry(entry, err);
err = NULL;
-#if USE_SSL
+#if USE_OPENSSL
if (request->flags.sslPeek && request->clientConnectionManager.valid()) {
CallJobHere1(17, 4, request->clientConnectionManager, ConnStateData,
ConnStateData::httpsPeeked, Comm::ConnectionPointer(NULL));
fwd->serverClosed(params.fd);
}
-#if USE_SSL
+#if USE_OPENSSL
static void
fwdNegotiateSSLWrapper(int fd, void *data)
{
retryOrBail();
}
-#if USE_SSL
+#if USE_OPENSSL
void
FwdState::negotiateSSL(int fd)
{
if (serverConnection()->getPeer())
peerConnectSucceded(serverConnection()->getPeer());
-#if USE_SSL
+#if USE_OPENSSL
if (!request->flags.pinned) {
if ((serverConnection()->getPeer() && serverConnection()->getPeer()->use_ssl) ||
(!serverConnection()->getPeer() && request->protocol == AnyP::PROTO_HTTPS) ||
}
#endif
-#if USE_SSL
+#if USE_OPENSSL
if (request->flags.sslPeek) {
CallJobHere1(17, 4, request->clientConnectionManager, ConnStateData,
ConnStateData::httpsPeeked, serverConnection());
request->peer_domain = NULL;
switch (request->protocol) {
-#if USE_SSL
+#if USE_OPENSSL
case AnyP::PROTO_HTTPS:
httpStart(this);
#include "fde.h"
#include "http/StatusCode.h"
#include "ip/Address.h"
-#if USE_SSL
+#if USE_OPENSSL
#include "ssl/support.h"
#endif
class ErrorState;
class HttpRequest;
-#if USE_SSL
+#if USE_OPENSSL
namespace Ssl
{
class ErrorDetail;
/** return a ConnectionPointer to the current server connection (may or may not be open) */
Comm::ConnectionPointer const & serverConnection() const { return serverConn; };
-#if USE_SSL
+#if USE_OPENSSL
/// Callback function called when squid receive message from cert validator helper
static void sslCrtvdHandleReplyWrapper(void *data, Ssl::CertValidationResponse const &);
/// Process response from cert validator helper
#endif
hoRequest,
hoReply,
-#if USE_SSL
+#if USE_OPENSSL
hoErrorDetail,
#endif
hoEnd
#include "Store.h"
#include "StrList.h"
-#if USE_SSL
+#if USE_OPENSSL
#include "ssl/support.h"
#endif
#include "Notes.h"
#include "YesNoNone.h"
-#if USE_SSL
+#if USE_OPENSSL
+#if HAVE_OPENSSL_SSL_H
#include <openssl/ssl.h>
+#endif
+
class sslproxy_cert_sign;
class sslproxy_cert_adapt;
#endif
struct {
AnyP::PortCfg *http;
-#if USE_SSL
+#if USE_OPENSSL
AnyP::PortCfg *https;
#endif
} Sockaddr;
#endif
char *diskd;
-#if USE_SSL
+#if USE_OPENSSL
char *ssl_password;
#endif
acl_access *htcp_clr;
#endif
-#if USE_SSL
+#if USE_OPENSSL
acl_access *ssl_bump;
#endif
#if FOLLOW_X_FORWARDED_FOR
int rebuild_chunk_percentage;
} digest;
#endif
-#if USE_SSL
+#if USE_OPENSSL
struct {
int unclean_shutdown;
time_t minimum_expiry_time; /* seconds */
external_acl *externalAclHelperList;
-#if USE_SSL
+#if USE_OPENSSL
struct {
char *cert;
/* MS Visual Studio Projects are monolithic, so we need the following
* #if to exclude the SSL code from compile process when not needed.
*/
-#if USE_SSL
+#if USE_OPENSSL
#include "acl/Certificate.h"
#include "acl/CertificateData.h"
ACLCertificateStrategy ACLCertificateStrategy::Instance_;
-#endif /* USE_SSL */
+#endif /* USE_OPENSSL */
#if SQUID_SNMP
snmp_community(NULL),
#endif
-#if USE_SSL
+#if USE_OPENSSL
sslErrors(NULL),
#endif
extacl_entry (NULL),
cbdataReferenceDone(conn_);
-#if USE_SSL
+#if USE_OPENSSL
cbdataReferenceDone(sslErrors);
#endif
#if SQUID_SNMP
snmp_community(NULL),
#endif
-#if USE_SSL
+#if USE_OPENSSL
sslErrors(NULL),
#endif
extacl_entry (NULL),
#if USE_AUTH
#include "auth/UserRequest.h"
#endif
-#if USE_SSL
+#if USE_OPENSSL
#include "ssl/support.h"
#endif
char *snmp_community;
#endif
-#if USE_SSL
+#if USE_OPENSSL
/// SSL [certificate validation] errors, in undefined order
Ssl::CertErrors *sslErrors;
/// The peer certificate
#include "squid.h"
-#if USE_SSL
+#if USE_OPENSSL
#include "acl/CertificateData.h"
#include "acl/Checklist.h"
ACLServerCertificateStrategy ACLServerCertificateStrategy::Instance_;
-#endif /* USE_SSL */
+#endif /* USE_OPENSSL */
int processingTime() const;
String rfc931; ///< the username from ident
-#if USE_SSL
+#if USE_OPENSSL
String ssluser; ///< the username from SSL
#endif
LogTags logType; ///< the squid request status (TCP_MISS etc)
if (h->rfc931.size())
al.cache.rfc931 = h->rfc931.termedBuf();
-#if USE_SSL
+#if USE_OPENSSL
if (h->ssluser.size())
al.cache.ssluser = h->ssluser.termedBuf();
#endif
#include "anyp/PortCfg.h"
#include "comm.h"
#include "fatal.h"
-#if USE_SSL
+#if USE_OPENSSL
#include "ssl/support.h"
#endif
vport(0),
disable_pmtu_discovery(0),
listenConn()
-#if USE_SSL
+#if USE_OPENSSL
,cert(NULL),
key(NULL),
version(0),
safe_free(name);
safe_free(defaultsite);
-#if USE_SSL
+#if USE_OPENSSL
safe_free(cert);
safe_free(key);
safe_free(options);
#if 0
// TODO: AYJ: 2009-07-18: for now SSL does not clone. Configure separate ports with IPs and SSL settings
-#if USE_SSL
+#if USE_OPENSSL
char *cert;
char *key;
int version;
return b;
}
-#if USE_SSL
+#if USE_OPENSSL
void
AnyP::PortCfg::configureSslServerContext()
{
#include "anyp/TrafficMode.h"
#include "comm/Connection.h"
-#if USE_SSL
+#if USE_OPENSSL
#include "ssl/gadgets.h"
#endif
PortCfg();
~PortCfg();
AnyP::PortCfg *clone() const;
-#if USE_SSL
+#if USE_OPENSSL
/// creates, configures, and validates SSL context and related port options
void configureSslServerContext();
#endif
*/
Comm::ConnectionPointer listenConn;
-#if USE_SSL
+#if USE_OPENSSL
char *cert;
char *key;
int version;
#if USE_ECAP
#include "adaptation/ecap/Config.h"
#endif
-#if USE_SSL
+#if USE_OPENSSL
#include "ssl/Config.h"
#include "ssl/support.h"
#endif
#include <sys/stat.h>
#endif
-#if USE_SSL
+#if USE_OPENSSL
#include "ssl/gadgets.h"
#endif
static int parse_line(char *);
static void parse_obsolete(const char *);
static void parseBytesLine(size_t * bptr, const char *units);
-#if USE_SSL
+#if USE_OPENSSL
static void parseBytesOptionValue(size_t * bptr, const char *units, char const * value);
#endif
static void parseBytesLineSigned(ssize_t * bptr, const char *units);
static void dump_PortCfg(StoreEntry *, const char *, const AnyP::PortCfg *);
static void free_PortCfg(AnyP::PortCfg **);
-#if USE_SSL
+#if USE_OPENSSL
static void parse_sslproxy_cert_sign(sslproxy_cert_sign **cert_sign);
static void dump_sslproxy_cert_sign(StoreEntry *entry, const char *name, sslproxy_cert_sign *cert_sign);
static void free_sslproxy_cert_sign(sslproxy_cert_sign **cert_sign);
static void parse_sslproxy_ssl_bump(acl_access **ssl_bump);
static void dump_sslproxy_ssl_bump(StoreEntry *entry, const char *name, acl_access *ssl_bump);
static void free_sslproxy_ssl_bump(acl_access **ssl_bump);
-#endif /* USE_SSL */
+#endif /* USE_OPENSSL */
static void parse_b_size_t(size_t * var);
static void parse_b_int64_t(int64_t * var);
Config2.effectiveGroupID = grp->gr_gid;
}
-#if USE_SSL
+#if USE_OPENSSL
debugs(3, DBG_IMPORTANT, "Initializing https proxy context");
if (token[13])
p->domain = xstrdup(token + 13);
-#if USE_SSL
+#if USE_OPENSSL
} else if (strcmp(token, "ssl") == 0) {
p->use_ssl = 1;
++t;
s->tcp_keepalive.timeout = xatoui(t);
}
-#if USE_SSL
+#if USE_OPENSSL
} else if (strcmp(token, "sslBump") == 0) {
debugs(3, DBG_CRITICAL, "WARNING: '" << token << "' is deprecated " <<
"in http_port. Use 'ssl-bump' instead.");
parse_port_option(s, token);
}
-#if USE_SSL
+#if USE_OPENSSL
if (s->transport.protocol == AnyP::PROTO_HTTPS) {
/* ssl-bump on https_port configuration requires either tproxy or intercept, and vice versa */
const bool hijacked = s->flags.isIntercepted();
}
}
-#if USE_SSL
+#if USE_OPENSSL
if (s->flags.tunnelSslBumping)
storeAppendPrintf(e, " ssl-bump");
configFreeMemory(void)
{
free_all();
-#if USE_SSL
+#if USE_OPENSSL
SSL_CTX_free(Config.ssl_client.sslContext);
#endif
}
}
#endif
-#if USE_SSL
+#if USE_OPENSSL
static void parse_sslproxy_cert_adapt(sslproxy_cert_adapt **cert_adapt)
{
char *al;
NAME: acl
TYPE: acl
LOC: Config.aclList
-IF USE_SSL
+IF USE_OPENSSL
DEFAULT: ssl::certHasExpired ssl_error X509_V_ERR_CERT_HAS_EXPIRED
DEFAULT: ssl::certNotYetValid ssl_error X509_V_ERR_CERT_NOT_YET_VALID
DEFAULT: ssl::certDomainMismatch ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH
# adaptation_meta because it starts matching immediately after
# the service has been selected for adaptation.
-IF USE_SSL
+IF USE_OPENSSL
acl aclname ssl_error errorname
# match against SSL certificate validation error [fast]
#
DOC_END
NAME: https_port
-IFDEF: USE_SSL
+IFDEF: USE_OPENSSL
TYPE: PortCfg
DEFAULT: none
LOC: Config.Sockaddr.https
COMMENT_END
NAME: ssl_unclean_shutdown
-IFDEF: USE_SSL
+IFDEF: USE_OPENSSL
TYPE: onoff
DEFAULT: off
LOC: Config.SSL.unclean_shutdown
DOC_END
NAME: ssl_engine
-IFDEF: USE_SSL
+IFDEF: USE_OPENSSL
TYPE: string
LOC: Config.SSL.ssl_engine
DEFAULT: none
DOC_END
NAME: sslproxy_client_certificate
-IFDEF: USE_SSL
+IFDEF: USE_OPENSSL
DEFAULT: none
LOC: Config.ssl_client.cert
TYPE: string
DOC_END
NAME: sslproxy_client_key
-IFDEF: USE_SSL
+IFDEF: USE_OPENSSL
DEFAULT: none
LOC: Config.ssl_client.key
TYPE: string
DOC_END
NAME: sslproxy_version
-IFDEF: USE_SSL
+IFDEF: USE_OPENSSL
DEFAULT: 1
DEFAULT_DOC: automatic SSL/TLS version negotiation
LOC: Config.ssl_client.version
DOC_END
NAME: sslproxy_options
-IFDEF: USE_SSL
+IFDEF: USE_OPENSSL
DEFAULT: none
LOC: Config.ssl_client.options
TYPE: string
DOC_END
NAME: sslproxy_cipher
-IFDEF: USE_SSL
+IFDEF: USE_OPENSSL
DEFAULT: none
LOC: Config.ssl_client.cipher
TYPE: string
DOC_END
NAME: sslproxy_cafile
-IFDEF: USE_SSL
+IFDEF: USE_OPENSSL
DEFAULT: none
LOC: Config.ssl_client.cafile
TYPE: string
DOC_END
NAME: sslproxy_capath
-IFDEF: USE_SSL
+IFDEF: USE_OPENSSL
DEFAULT: none
LOC: Config.ssl_client.capath
TYPE: string
DOC_END
NAME: sslproxy_session_ttl
-IFDEF: USE_SSL
+IFDEF: USE_OPENSSL
DEFAULT: 300
LOC: Config.SSL.session_ttl
TYPE: int
DOC_END
NAME: sslproxy_session_cache_size
-IFDEF: USE_SSL
+IFDEF: USE_OPENSSL
DEFAULT: 2 MB
LOC: Config.SSL.sessionCacheSize
TYPE: b_size_t
DOC_END
NAME: ssl_bump
-IFDEF: USE_SSL
+IFDEF: USE_OPENSSL
TYPE: sslproxy_ssl_bump
LOC: Config.accessList.ssl_bump
DEFAULT_DOC: Does not bump unless rules are present in squid.conf
DOC_END
NAME: sslproxy_flags
-IFDEF: USE_SSL
+IFDEF: USE_OPENSSL
DEFAULT: none
LOC: Config.ssl_client.flags
TYPE: string
DOC_END
NAME: sslproxy_cert_error
-IFDEF: USE_SSL
+IFDEF: USE_OPENSSL
DEFAULT: none
DEFAULT_DOC: Server certificate errors terminate the transaction.
LOC: Config.ssl_client.cert_error
DOC_END
NAME: sslproxy_cert_sign
-IFDEF: USE_SSL
+IFDEF: USE_OPENSSL
DEFAULT: none
POSTSCRIPTUM: signUntrusted ssl::certUntrusted
POSTSCRIPTUM: signSelf ssl::certSelfSigned
DOC_END
NAME: sslproxy_cert_adapt
-IFDEF: USE_SSL
+IFDEF: USE_OPENSSL
DEFAULT: none
TYPE: sslproxy_cert_adapt
LOC: Config.ssl_client.cert_adapt
DOC_END
NAME: sslpassword_program
-IFDEF: USE_SSL
+IFDEF: USE_OPENSSL
DEFAULT: none
LOC: Config.Program.ssl_password
TYPE: string
NAME: sslcrtvalidator_program
TYPE: eol
-IFDEF: USE_SSL
+IFDEF: USE_OPENSSL
DEFAULT: none
LOC: Ssl::TheConfig.ssl_crt_validator
DOC_START
NAME: sslcrtvalidator_children
TYPE: HelperChildConfig
-IFDEF: USE_SSL
+IFDEF: USE_OPENSSL
DEFAULT: 32 startup=5 idle=1 concurrency=1
LOC: Ssl::TheConfig.ssl_crt_validator_Children
DOC_START
define["USE_SQUID_ESI"]="--enable-esi"
define["USE_SQUID_EUI"]="--enable-eui"
define["USE_SSL_CRTD"]="--enable-ssl-crtd"
- define["USE_SSL"]="--enable-ssl"
+ define["USE_OPENSSL"]="--with-openssl"
define["USE_UNLINKD"]="--enable-unlinkd"
define["USE_WCCP"]="--enable-wccp"
define["USE_WCCPv2"]="--enable-wccpv2"
#if USE_DELAY_POOLS
#include "ClientInfo.h"
#endif
-#if USE_SSL
+#if USE_OPENSSL
#include "ssl/context_storage.h"
#include "ssl/gadgets.h"
#include "ssl/helper.h"
static IOCB clientWriteComplete;
static IOCB clientWriteBodyComplete;
static IOACB httpAccept;
-#if USE_SSL
+#if USE_OPENSSL
static IOACB httpsAccept;
#endif
static CTCB clientLifetimeTimeout;
if (getConn() != NULL && getConn()->clientConnection != NULL && getConn()->clientConnection->rfc931[0])
al->cache.rfc931 = getConn()->clientConnection->rfc931;
-#if USE_SSL && 0
+#if USE_OPENSSL && 0
/* This is broken. Fails if the connection has been closed. Needs
* to snarf the ssl details some place earlier..
if (bodyPipe != NULL)
stopProducingFor(bodyPipe, false);
-#if USE_SSL
+#if USE_OPENSSL
delete sslServerBump;
#endif
}
debugs(33,4, HERE << "Will close after error: " << clientConnection);
}
-#if USE_SSL
+#if USE_OPENSSL
bool ConnStateData::serveDelayedError(ClientSocketContext *context)
{
ClientHttpRequest *http = context->http;
return false;
}
-#endif // USE_SSL
+#endif // USE_OPENSSL
static void
clientProcessRequest(ConnStateData *conn, HttpParser *hp, ClientSocketContext *context, const HttpRequestMethod& method, Http::ProtocolVersion http_ver)
conn->flags.readMore = false;
}
-#if USE_SSL
+#if USE_OPENSSL
if (conn->switchedToHttps() && conn->serveDelayedError(context))
goto finish;
#endif
ConnStateData::ConnStateData(const MasterXaction::Pointer &xact) :
AsyncJob("ConnStateData"),
-#if USE_SSL
+#if USE_OPENSSL
sslBumpMode(Ssl::bumpEnd),
switchedToHttps_(false),
sslServerBump(NULL),
#endif
}
-#if USE_SSL
+#if USE_OPENSSL
/** Create SSL connection structure and update fd_table */
static SSL *
getSslContextStart();
}
-#endif /* USE_SSL */
+#endif /* USE_OPENSSL */
/// check FD after clientHttp[s]ConnectionOpened, adjust HttpSockets as needed
static bool
continue;
}
-#if USE_SSL
+#if USE_OPENSSL
if (s->flags.tunnelSslBumping && !Config.accessList.ssl_bump) {
debugs(33, DBG_IMPORTANT, "WARNING: No ssl_bump configured. Disabling ssl-bump on " << AnyP::UriScheme(s->transport.protocol) << "_port " << s->s);
s->flags.tunnelSslBumping = false;
}
}
-#if USE_SSL
+#if USE_OPENSSL
static void
clientHttpsConnectionsOpen(void)
{
clientOpenListenSockets(void)
{
clientHttpConnectionsOpen();
-#if USE_SSL
+#if USE_OPENSSL
clientHttpsConnectionsOpen();
#endif
}
}
-#if USE_SSL
+#if USE_OPENSSL
for (AnyP::PortCfg *s = Config.Sockaddr.https; s; s = s->next) {
if (s->listenConn != NULL) {
debugs(1, DBG_IMPORTANT, "Closing HTTPS port " << s->listenConn->local);
#if USE_AUTH
#include "auth/UserRequest.h"
#endif
-#if USE_SSL
+#if USE_OPENSSL
#include "ssl/support.h"
#endif
};
class ConnectionDetail;
-#if USE_SSL
+#if USE_OPENSSL
namespace Ssl
{
class ServerBump;
/// The caller assumes responsibility for connection closure detection.
void stopPinnedConnectionMonitoring();
-#if USE_SSL
+#if USE_OPENSSL
/// called by FwdState when it is done bumping the server
void httpsPeeked(Comm::ConnectionPointer serverConnection);
// XXX: CBDATA plays with public/private and leaves the following 'private' fields all public... :(
-#if USE_SSL
+#if USE_OPENSSL
bool switchedToHttps_;
/// The SSL server host name appears in CONNECT request or the server ip address for the intercepted requests
String sslConnectHostOrIp; ///< The SSL server host name as passed in the CONNECT request
#include "adaptation/icap/History.h"
#endif
#endif
-#if USE_SSL
+#if USE_OPENSSL
#include "ssl/ServerBump.h"
#include "ssl/support.h"
#endif
/* Local functions */
/* other */
static void clientAccessCheckDoneWrapper(allow_t, void *);
-#if USE_SSL
+#if USE_OPENSSL
static void sslBumpAccessCheckDoneWrapper(allow_t, void *);
#endif
static int clientHierarchical(ClientHttpRequest * http);
store_id_fail_count = 0;
no_cache_done = false;
interpreted_req_hdrs = false;
-#if USE_SSL
+#if USE_OPENSSL
sslBumpCheckDone = false;
#endif
debugs(85,3, HERE << this << " ClientRequestContext constructed");
al->cache.port = cbdataReference(aConn->port);
al->cache.caddr = aConn->log_addr;
-#if USE_SSL
+#if USE_OPENSSL
if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) {
if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl)
al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl));
#if USE_ADAPTATION
request_satisfaction_mode = false;
#endif
-#if USE_SSL
+#if USE_OPENSSL
sslBumpNeed_ = Ssl::bumpEnd;
#endif
}
if (ih != NULL) {
if (getConn() != NULL && getConn()->clientConnection != NULL) {
ih->rfc931 = getConn()->clientConnection->rfc931;
-#if USE_SSL
+#if USE_OPENSSL
if (getConn()->clientConnection->isOpen()) {
ih->ssluser = sslGetUserEmail(fd_table[getConn()->clientConnection->fd].ssl);
}
http->doCallouts();
}
-#if USE_SSL
+#if USE_OPENSSL
bool
ClientRequestContext::sslBumpAccessCheck()
{
debugs(85, 4, "clientProcessRequest: " << RequestMethodStr(request->method) << " '" << uri << "'");
if (request->method == Http::METHOD_CONNECT && !redirect.status) {
-#if USE_SSL
+#if USE_OPENSSL
if (sslBumpNeeded()) {
sslBumpStart();
return;
PROF_stop(httpStart);
}
-#if USE_SSL
+#if USE_OPENSSL
void
ClientHttpRequest::sslBumpNeed(Ssl::BumpMode mode)
}
}
-#if USE_SSL
+#if USE_OPENSSL
// We need to check for SslBump even if the calloutContext->error is set
// because bumping may require delaying the error until after CONNECT.
if (!calloutContext->sslBumpCheckDone) {
if (calloutContext->error) {
const char *storeUri = request->storeId();
StoreEntry *e= storeCreateEntry(storeUri, storeUri, request->flags, request->method);
-#if USE_SSL
+#if USE_OPENSSL
if (sslBumpNeeded()) {
// set final error but delay sending until we bump
Ssl::ServerBump *srvBump = new Ssl::ServerBump(request, e);
StoreEntry *loggingEntry_;
ConnStateData * conn_;
-#if USE_SSL
+#if USE_OPENSSL
/// whether (and how) the request needs to be bumped
Ssl::BumpMode sslBumpNeed_;
#include "StoreIOBuffer.h"
#include "tools.h"
-#if USE_SSL
+#if USE_OPENSSL
#include "ssl/support.h"
#endif
void
comm_lingering_close(int fd)
{
-#if USE_SSL
+#if USE_OPENSSL
if (fd_table[fd].ssl)
ssl_shutdown_method(fd_table[fd].ssl);
#endif
comm_close(fd);
}
-#if USE_SSL
+#if USE_OPENSSL
void
commStartSslClose(const FdeCbParams ¶ms)
{
void
comm_close_complete(const FdeCbParams ¶ms)
{
-#if USE_SSL
+#if USE_OPENSSL
fde *F = &fd_table[params.fd];
if (F->ssl) {
F->flags.close_request = true;
-#if USE_SSL
+#if USE_OPENSSL
if (F->ssl) {
AsyncCall::Pointer startCall=commCbCall(5,4, "commStartSslClose",
FdeCbPtrFun(commStartSslClose, NULL));
#include "auth/UserRequest.h"
#endif
#include "SquidTime.h"
-#if USE_SSL
+#if USE_OPENSSL
#include "ssl/ErrorDetailManager.h"
#endif
error_stylesheet.Printf("%s",tmpl.text());
}
-#if USE_SSL
+#if USE_OPENSSL
Ssl::errorDetailInitialize();
#endif
}
error_page_count = 0;
-#if USE_SSL
+#if USE_OPENSSL
Ssl::errorDetailClean();
#endif
}
callback_data(NULL),
request_hdrs(NULL),
err_msg(NULL),
-#if USE_SSL
+#if USE_OPENSSL
detail(NULL),
#endif
detailCode(ERR_DETAIL_NONE)
if (err_language != Config.errorDefaultLanguage)
#endif
safe_free(err_language);
-#if USE_SSL
+#if USE_OPENSSL
delete detail;
#endif
}
case 'D':
if (!allowRecursion)
p = "%D"; // if recursion is not allowed, do not convert
-#if USE_SSL
+#if USE_OPENSSL
// currently only SSL error details implemented
else if (detail) {
detail->useRequest(request);
break;
case 'x':
-#if USE_SSL
+#if USE_OPENSSL
if (detail)
mb.Printf("%s", detail->errorName());
else
// error tracking.
if (request) {
int edc = ERR_DETAIL_NONE; // error detail code
-#if USE_SSL
+#if USE_OPENSSL
if (detail)
edc = detail->errorNo();
else
#include "SquidString.h"
/* auth/UserRequest.h is empty unless USE_AUTH is defined */
#include "auth/UserRequest.h"
-#if USE_SSL
+#if USE_OPENSSL
#include "ssl/ErrorDetail.h"
#endif
char *request_hdrs;
char *err_msg; /* Preformatted error message from the cache */
-#if USE_SSL
+#if USE_OPENSSL
Ssl::ErrorDetail *detail;
#endif
/// type-specific detail about the transaction error;
#include "tools.h"
#include "URL.h"
#include "wordlist.h"
-#if USE_SSL
+#if USE_OPENSSL
#include "ssl/support.h"
#endif
#if USE_AUTH
EXT_ACL_HEADER_REPLY_ID,
EXT_ACL_HEADER_REPLY_ID_MEMBER,
-#if USE_SSL
+#if USE_OPENSSL
EXT_ACL_USER_CERT,
EXT_ACL_USER_CA_CERT,
EXT_ACL_USER_CERT_RAW,
format->type = _external_acl_format::EXT_ACL_PATH;
else if (strcmp(token, "%METHOD") == 0 || strcmp(token, "%>rm") == 0)
format->type = _external_acl_format::EXT_ACL_METHOD;
-#if USE_SSL
+#if USE_OPENSSL
else if (strcmp(token, "%USER_CERT") == 0)
format->type = _external_acl_format::EXT_ACL_USER_CERT_RAW;
else if (strcmp(token, "%USER_CERTCHAIN") == 0)
DUMP_EXT_ACL_TYPE(PORT);
DUMP_EXT_ACL_TYPE(PATH);
DUMP_EXT_ACL_TYPE(METHOD);
-#if USE_SSL
+#if USE_OPENSSL
DUMP_EXT_ACL_TYPE_FMT(USER_CERT_RAW, " %%USER_CERT_RAW");
DUMP_EXT_ACL_TYPE_FMT(USER_CERTCHAIN_RAW, " %%USER_CERTCHAIN_RAW");
DUMP_EXT_ACL_TYPE_FMT(USER_CERT, " %%USER_CERT_%s", format->header);
str = sb.termedBuf();
}
break;
-#if USE_SSL
+#if USE_OPENSSL
case _external_acl_format::EXT_ACL_USER_CERT_RAW:
#include "defines.h"
#include "ip/Address.h"
-#if USE_SSL
+#if HAVE_OPENSSL_SSL_H
#include <openssl/ssl.h>
#endif
CommWriteStateData *wstate; /* State data for comm_write */
READ_HANDLER *read_method;
WRITE_HANDLER *write_method;
-#if USE_SSL
+#if USE_OPENSSL
SSL *ssl;
SSL_CTX *dynamicSslContext; ///< cached and then freed when fd is closed
#endif
wstate = NULL;
read_method = NULL;
write_method = NULL;
-#if USE_SSL
+#if USE_OPENSSL
ssl = NULL;
dynamicSslContext = NULL;
#endif
#endif
LFT_CREDENTIALS,
-#if USE_SSL
+#if USE_OPENSSL
LFT_SSL_BUMP_MODE,
LFT_SSL_USER_CERT_SUBJECT,
LFT_SSL_USER_CERT_ISSUER,
#include "SquidTime.h"
#include "Store.h"
#include "URL.h"
-#if USE_SSL
+#if USE_OPENSSL
#include "ssl/ErrorDetail.h"
#endif
#endif
if (!out)
out = strOrNull(al->cache.extuser);
-#if USE_SSL
+#if USE_OPENSSL
if (!out)
out = strOrNull(al->cache.ssluser);
#endif
break;
case LFT_SQUID_ERROR_DETAIL:
-#if USE_SSL
+#if USE_OPENSSL
if (al->request && al->request->errType == ERR_SECURE_CONNECT_FAIL) {
if (! (out = Ssl::GetErrorName(al->request->errDetail))) {
snprintf(tmp, sizeof(tmp), "SSL_ERR=%d", al->request->errDetail);
dooff = 1;
break;
-#if USE_SSL
+#if USE_OPENSSL
case LFT_SSL_BUMP_MODE: {
const Ssl::BumpMode mode = static_cast<Ssl::BumpMode>(al->ssl.bumpMode);
// for Ssl::bumpEnd, Ssl::bumpMode() returns NULL and we log '-'
};
#endif
-#if USE_SSL
+#if USE_OPENSSL
// SSL (ssl::) tokens
static TokenTableEntry TokenTableSsl[] = {
{"bump_mode", LFT_SSL_BUMP_MODE},
#if ICAP_CLIENT
TheConfig.registerTokens(String("icap"),::Format::TokenTableIcap);
#endif
-#if USE_SSL
+#if USE_OPENSSL
TheConfig.registerTokens(String("ssl"),::Format::TokenTableSsl);
#endif
}
if (!user)
user = ::Format::QuoteUrlEncodeUsername(al->cache.extuser);
-#if USE_SSL
+#if USE_OPENSSL
if (!user)
user = ::Format::QuoteUrlEncodeUsername(al->cache.ssluser);
#endif
if (!user)
user = ::Format::QuoteUrlEncodeUsername(al->cache.extuser);
-#if USE_SSL
+#if USE_OPENSSL
if (!user)
user = ::Format::QuoteUrlEncodeUsername(al->cache.ssluser);
#endif
#if USE_SSL_CRTD
#include "ssl/certificate_db.h"
#endif
-#if USE_SSL
+#if USE_OPENSSL
#include "ssl/context_storage.h"
#include "ssl/helper.h"
#endif
#if USE_SSL_CRTD
Ssl::Helper::GetInstance()->Shutdown();
#endif
-#if USE_SSL
+#if USE_OPENSSL
if (Ssl::CertValidationHelper::GetInstance())
Ssl::CertValidationHelper::GetInstance()->Shutdown();
Ssl::TheGlobalContextStorage.reconfigureStart();
#if USE_SSL_CRTD
Ssl::Helper::GetInstance()->Init();
#endif
-#if USE_SSL
+#if USE_OPENSSL
if (Ssl::CertValidationHelper::GetInstance())
Ssl::CertValidationHelper::GetInstance()->Init();
#endif
Ssl::Helper::GetInstance()->Init();
#endif
-#if USE_SSL
+#if USE_OPENSSL
if (!configured_once)
Ssl::initialize_session_cache();
#if USE_SSL_CRTD
Ssl::Helper::GetInstance()->Shutdown();
#endif
-#if USE_SSL
+#if USE_OPENSSL
if (Ssl::CertValidationHelper::GetInstance())
Ssl::CertValidationHelper::GetInstance()->Shutdown();
#endif
#if USE_AUTH
#include "auth/UserRequest.h"
#endif
-#if USE_SSL
+#if USE_OPENSSL
#include "ssl/support.h"
#endif
*
*/
-#if USE_SSL
+#if USE_OPENSSL
#include "acl/forward.h"
class sslproxy_cert_sign
#include "StoreEntryStream.h"
#include <limits>
-#if USE_SSL
+#if HAVE_OPENSSL_SSL_H
#include <openssl/ssl.h>
#endif
#ifndef SQUID_SSL_CONTEXT_STORAGE_H
#define SQUID_SSL_CONTEXT_STORAGE_H
-#if USE_SSL
+#if USE_OPENSSL
#include "base/LruMap.h"
#include "CacheManager.h"
#include <list>
#include <map>
+#if HAVE_OPENSSL_SSL_H
#include <openssl/ssl.h>
+#endif
/// TODO: Replace on real size.
#define SSL_CTX_SIZE 1024
/// Global cache for store all SSL server certificates.
extern GlobalContextStorage TheGlobalContextStorage;
} //namespace Ssl
-#endif // USE_SSL
+#endif // USE_OPENSSL
#endif // SQUID_SSL_CONTEXT_STORAGE_H
#include "squid.h"
#include "ssl/gadgets.h"
+
#if HAVE_OPENSSL_X509V3_H
#include <openssl/x509v3.h>
#endif
/* MS Visual Studio Projects are monolithic, so we need the following
* #if to exclude the SSL code from compile process when not needed.
*/
-#if USE_SSL
+#if USE_OPENSSL
#include "acl/FilledChecklist.h"
#include "anyp/PortCfg.h"
delete owner;
}
-#endif /* USE_SSL */
+#endif /* USE_OPENSSL */
#if USE_DELAY_POOLS
#include "DelayId.h"
#endif
-#if USE_SSL
+#if USE_OPENSSL
#include "ssl/support.h"
#endif
if (!p && conn != NULL && conn->clientConnection->rfc931[0])
p = conn->clientConnection->rfc931;
-#if USE_SSL
+#if USE_OPENSSL
if (!p && conn != NULL && Comm::IsConnOpen(conn->clientConnection))
p = sslGetUserEmail(fd_table[conn->clientConnection->fd].ssl);
void ConnStateData::requestTimeout(const CommTimeoutCbParams ¶ms) STUB
void ConnStateData::swanSong() STUB
void ConnStateData::quitAfterError(HttpRequest *request) STUB
-#if USE_SSL
+#if USE_OPENSSL
void ConnStateData::httpsPeeked(Comm::ConnectionPointer serverConnection) STUB
void ConnStateData::getSslContextStart() STUB
void ConnStateData::getSslContextDone(SSL_CTX * sslContext, bool isNew) STUB
#include "squid.h"
-#if USE_SSL
+#if USE_OPENSSL
#include "fatal.h"
if (Config.Sockaddr.http && sa.isAnyAddr())
sa = Config.Sockaddr.http->s;
-#if USE_SSL
+#if USE_OPENSSL
if (Config.Sockaddr.https && sa.isAnyAddr())
sa = Config.Sockaddr.https->s;
return p->s.port();
}
-#if USE_SSL
+#if USE_OPENSSL
if ((p = Config.Sockaddr.https)) {
// skip any special interception ports
while (p && p->flags.isIntercepted())
break;
case AnyP::PROTO_HTTPS:
-#if USE_SSL
+#if USE_OPENSSL
rc = 1;