if test "x$with_openssl" = "xyes"; then
AC_CHECK_HEADERS( \
openssl/bio.h \
+ openssl/crypto.h \
openssl/err.h \
openssl/md5.h \
openssl/opensslv.h \
bool generateHostCertificates; ///< dynamically make host cert for sslBump
size_t dynamicCertMemCacheSize; ///< max size of generated certificates memory cache
- Ssl::SSL_CTX_Pointer staticSslContext; ///< for HTTPS accelerator or static sslBump
+ Security::ContextPointer staticSslContext; ///< for HTTPS accelerator or static sslBump
Security::CertPointer signingCert; ///< x509 certificate for signing generated certificates
Ssl::EVP_PKEY_Pointer signPkey; ///< private key for sighing generated certificates
Ssl::X509_STACK_Pointer certsToChain; ///< x509 certificates to send with the generated cert
#ifndef SQUID_SRC_SECURITY_CONTEXT_H
#define SQUID_SRC_SECURITY_CONTEXT_H
+#include "security/LockingPointer.h"
+
#if USE_OPENSSL
#if HAVE_OPENSSL_SSL_H
#include <openssl/ssl.h>
#endif
-#endif
-#if USE_GNUTLS
+#elif USE_GNUTLS
#if HAVE_GNUTLS_GNUTLS_H
#include <gnutls/gnutls.h>
#endif
namespace Security {
+/* IMPORTANT:
+ * Due to circular dependency issues between ssl/libsquidssl.la and
+ * security/libsecurity.la the code within src/ssl/ is restricted to
+ * only using Security::ContextPtr, it MUST NOT use ContextPointer
+ *
+ * Code outside of src/ssl/ should always use Security::ContextPointer
+ * when storing a reference to a context.
+ */
#if USE_OPENSSL
typedef SSL_CTX* ContextPtr;
+CtoCpp1(SSL_CTX_free, SSL_CTX *);
+typedef LockingPointer<SSL_CTX, SSL_CTX_free_cpp, CRYPTO_LOCK_SSL_CTX> ContextPointer;
#elif USE_GNUTLS
typedef gnutls_certificate_credentials_t ContextPtr;
+CtoCpp1(gnutls_certificate_free_credentials, gnutls_certificate_credentials_t);
+typedef Security::LockingPointer<struct gnutls_certificate_credentials_st, gnutls_certificate_free_credentials_cpp, -1> ContextPointer;
#else
// use void* so we can check against nullptr
typedef void* ContextPtr;
+typedef Security::LockingPointer<void, nullptr, -1> ContextPointer;
+
#endif
} // namespace Security
#include "base/TidyPointer.h"
+#if USE_OPENSSL
+#if HAVE_OPENSSL_CRYPTO_H
+#include <openssl/crypto.h>
+#endif
+
+// Macro to be used to define the C++ wrapper function of a sk_*_pop_free
+// openssl family functions. The C++ function suffixed with the _free_wrapper
+// extension
+#define sk_free_wrapper(sk_object, argument, freefunction) \
+ extern "C++" inline void sk_object ## _free_wrapper(argument a) { \
+ sk_object ## _pop_free(a, freefunction); \
+ }
+
+#endif
+
+// Macro to be used to define the C++ equivalent function of an extern "C"
+// function. The C++ function suffixed with the _cpp extension
+#define CtoCpp1(function, argument) \
+ extern "C++" inline void function ## _cpp(argument a) { \
+ function(a); \
+ }
+
namespace Security
{
#define SQUID_SRC_SECURITY_FORWARD_H
#include "security/Context.h"
-#include "security/LockingPointer.h"
#include "security/Session.h"
#if USE_GNUTLS
#define SSL_FLAG_VERIFY_CRL (1<<5)
#define SSL_FLAG_VERIFY_CRL_ALL (1<<6)
-// Macro to be used to define the C++ equivalent function of an extern "C"
-// function. The C++ function suffixed with the _cpp extension
-#define CtoCpp1(function, argument) \
- extern "C++" inline void function ## _cpp(argument a) { \
- function(a); \
- }
-
-#if USE_OPENSSL
-// Macro to be used to define the C++ wrapper function of a sk_*_pop_free
-// openssl family functions. The C++ function suffixed with the _free_wrapper
-// extension
-#define sk_free_wrapper(sk_object, argument, freefunction) \
- extern "C++" inline void sk_object ## _free_wrapper(argument a) { \
- sk_object ## _pop_free(a, freefunction); \
- }
-#endif
-
/// Network/connection security abstraction layer
namespace Security
{
projects / thirdparty / squid.git / commitdiff
