The bulk of this patch is symbol shuffling to de-duplicate the TLS
settings storage and parsing code.
* Shuffle relevant AnyP::PortCfg settings into a Security::PeerOptions
member object.
- removes a lot of duplicate config parsing code.
* Remove the now obsolete and unused Ssl::OpenSSLtoSquidSSLVersion()
The actual logic changes are relatively small:
* Shuffle flags= and options= parsing code from Ssl:: to
Security::PeerOptions and update to use Tokenizer,
- fixes performance regression using c_str() on the stored SBuf,
- fixes performance issue with xstrdup() for option tokens,
- removes several calls to c-string manipulation.
* Add cachemgr 'config' report dumper of Security::PeerOptions for use
by all directives using it to dump tls-* parameter names. The old
parameter names are still accepted, and deprecation will follow in a
separate patch.
- fixes bug where cache_peer was not dumping out its SSL/TLS config
settings at all.
* Change the tls_outgoing_options default value from "disable" to setting
TLS/1.0 minimum version.
- fixes squid.conf parsing error on default value "disable".
* Fix tls-min-version=1.N handling not to alter stored options= config
string. Now updates the binary representation in parsedOptions directly.
* Expose the TLS context creation and configuration to non-OpenSSL builds.
- fixes bug where context creation by OpenSSL failed silently.
projects / thirdparty / squid.git / commitdiff
