From: hno <>
Date: Fri, 18 Mar 2005 22:36:07 +0000 (+0000)
Subject: From ssl-2.5 2004/04/18 01:09:07
X-Git-Tag: SQUID_3_0_PRE4~840
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6b2936d5f814e1bbf9619ef82e46a3ac8ab649fb;p=thirdparty%2Fsquid.git

From ssl-2.5 2004/04/18 01:09:07

sslcontext parameter, for controlling the SSL Session cache context ID
---

diff --git a/src/cache_cf.cc b/src/cache_cf.cc
index 8f73fbe688..4656b90130 100644
--- a/src/cache_cf.cc
+++ b/src/cache_cf.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: cache_cf.cc,v 1.466 2005/03/18 14:38:10 hno Exp $
+ * $Id: cache_cf.cc,v 1.467 2005/03/18 15:36:07 hno Exp $
  *
  * DEBUG: section 3     Configuration File Parsing
  * AUTHOR: Harvest Derived
@@ -649,7 +649,7 @@ configDoConfigure(void)
 
         for (s = Config.Sockaddr.https; s != NULL; s = (https_port_list *) s->http.next) {
             debug(3, 1) ("Initializing https_port %s:%d SSL context\n", inet_ntoa(s->http.s.sin_addr), ntohs(s->http.s.sin_port));
-            s->sslContext = sslCreateServerContext(s->cert, s->key, s->version, s->cipher, s->options, s->sslflags, s->clientca, s->cafile, s->capath, s->dhfile);
+            s->sslContext = sslCreateServerContext(s->cert, s->key, s->version, s->cipher, s->options, s->sslflags, s->clientca, s->cafile, s->capath, s->dhfile, s->sslcontext);
         }
     }
 
@@ -2927,6 +2927,9 @@ parse_https_port_list(https_port_list ** head)
         } else if (strncmp(token, "sslflags=", 9) == 0) {
             safe_free(s->sslflags);
             s->sslflags = xstrdup(token + 9);
+        } else if (strncmp(token, "sslcontext=", 11) == 0) {
+            safe_free(s->sslcontext);
+            s->sslcontext = xstrdup(token + 11);
         } else {
             parse_http_port_option(&s->http, token);
         }
@@ -2971,6 +2974,9 @@ dump_https_port_list(StoreEntry * e, const char *n, const https_port_list * s)
         if (s->sslflags)
             storeAppendPrintf(e, " sslflags=%s", s->sslflags);
 
+        if (s->sslcontext)
+            storeAppendPrintf(e, " sslcontext=%s", s->sslcontext);
+
         storeAppendPrintf(e, "\n");
 
         s = (https_port_list *) s->http.next;
diff --git a/src/cf.data.pre b/src/cf.data.pre
index bff4a2fe18..9650ff5870 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.380 2005/03/09 20:14:37 serassio Exp $
+# $Id: cf.data.pre,v 1.381 2005/03/18 15:36:07 hno Exp $
 #
 #
 # SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -198,6 +198,8 @@ DOC_START
 				Don't use the default CA list built in
 				to OpenSSL
 
+	   sslcontext=	SSL session ID context identifier.
+
 	   accel	Accelerator mode. Also set implicit by the other
 			accelerator directives
 
diff --git a/src/ssl_support.cc b/src/ssl_support.cc
index 0038c4e97e..7db0379feb 100644
--- a/src/ssl_support.cc
+++ b/src/ssl_support.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: ssl_support.cc,v 1.23 2005/03/18 15:26:30 hno Exp $
+ * $Id: ssl_support.cc,v 1.24 2005/03/18 15:36:08 hno Exp $
  *
  * AUTHOR: Benno Rice
  * DEBUG: section 83    SSL accelerator support
@@ -486,7 +486,7 @@ ssl_initialize(void)
 }
 
 SSL_CTX *
-sslCreateServerContext(const char *certfile, const char *keyfile, int version, const char *cipher, const char *options, const char *flags, const char *clientCA, const char *CAfile, const char *CApath, const char *dhfile)
+sslCreateServerContext(const char *certfile, const char *keyfile, int version, const char *cipher, const char *options, const char *flags, const char *clientCA, const char *CAfile, const char *CApath, const char *dhfile, const char *context)
 {
     int ssl_error;
     SSL_METHOD *method;
@@ -539,6 +539,10 @@ sslCreateServerContext(const char *certfile, const char *keyfile, int version, c
 
     SSL_CTX_set_options(sslContext, ssl_parse_options(options));
 
+    if (context && *context) {
+        SSL_CTX_set_session_id_context(sslContext, context, strlen(context));
+    }
+
     if (Config.SSL.unclean_shutdown) {
         debug(83, 5) ("Enabling quiet SSL shutdowns (RFC violation).\n");
 
diff --git a/src/ssl_support.h b/src/ssl_support.h
index fcc4443b81..b00276e153 100644
--- a/src/ssl_support.h
+++ b/src/ssl_support.h
@@ -1,6 +1,6 @@
 
 /*
- * $Id: ssl_support.h,v 1.8 2003/04/17 15:25:44 hno Exp $
+ * $Id: ssl_support.h,v 1.9 2005/03/18 15:36:08 hno Exp $
  *
  * AUTHOR: Benno Rice
  *
@@ -46,7 +46,7 @@
 #include <openssl/engine.h>
 #endif
 
-SSL_CTX *sslCreateServerContext(const char *certfile, const char *keyfile, int version, const char *cipher, const char *options, const char *flags, const char *clientCA, const char *CAfile, const char *CApath, const char *dhpath);
+SSL_CTX *sslCreateServerContext(const char *certfile, const char *keyfile, int version, const char *cipher, const char *options, const char *flags, const char *clientCA, const char *CAfile, const char *CApath, const char *dhpath, const char *context);
 SSL_CTX *sslCreateClientContext(const char *certfile, const char *keyfile, int version, const char *cipher, const char *options, const char *flags, const char *CAfile, const char *CApath);
 int ssl_read_method(int, char *, int);
 int ssl_write_method(int, const char *, int);
diff --git a/src/structs.h b/src/structs.h
index ae2e534b11..22a5224a1e 100644
--- a/src/structs.h
+++ b/src/structs.h
@@ -1,6 +1,6 @@
 
 /*
- * $Id: structs.h,v 1.512 2005/03/06 21:08:13 serassio Exp $
+ * $Id: structs.h,v 1.513 2005/03/18 15:36:08 hno Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -199,6 +199,7 @@ struct _https_port_list
     char *capath;
     char *dhfile;
     char *sslflags;
+    char *sslcontext;
     SSL_CTX *sslContext;
 };