From: Christos Tsantilas Date: Tue, 26 Aug 2014 08:21:27 +0000 (+0300) Subject: Fixes and polishing in response to Amos' squid-dev review dated 2014/08/19 X-Git-Tag: SQUID_3_5_0_1~89^2~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8693472e0b642887d7b540bad693ce2a4bb30ccf;p=thirdparty%2Fsquid.git Fixes and polishing in response to Amos' squid-dev review dated 2014/08/19 - Polishing changes - Move src/acl/AtBumpStep*.[cc,h] files to src/acl/AtStep*.[cc,h] - Convert Ssl::Bio::sslFeatures::serverName, Ssl::Bio::sslFeatures::HelloMesssage and Ssl::ServerBio::helloMsg members to SBuf --- diff --git a/configure.ac b/configure.ac index e747d3ef60..3c4f933b57 100644 --- a/configure.ac +++ b/configure.ac @@ -1287,6 +1287,7 @@ AH_TEMPLATE(USE_OPENSSL,[OpenSSL support is available]) ## OpenSSL is default disable due to licensing issues on some OS if test "x$with_openssl" = "xyes"; then AC_CHECK_HEADERS( \ + openssl/bio.h \ openssl/err.h \ openssl/md5.h \ openssl/opensslv.h \ @@ -2254,12 +2255,6 @@ AC_CHECK_HEADERS( \ netinet/in_systm.h \ netinet/ip_fil_compat.h \ netinet/tcp.h \ - openssl/bio.h \ - openssl/err.h \ - openssl/md5.h \ - openssl/opensslv.h \ - openssl/ssl.h \ - openssl/x509v3.h \ paths.h \ poll.h \ pwd.h \ diff --git a/src/AclRegs.cc b/src/AclRegs.cc index 54826c0bc2..ad0054ee32 100644 --- a/src/AclRegs.cc +++ b/src/AclRegs.cc @@ -16,8 +16,8 @@ #include "acl/Eui64.h" #endif #if USE_OPENSSL -#include "acl/AtBumpStep.h" -#include "acl/AtBumpStepData.h" +#include "acl/AtStep.h" +#include "acl/AtStepData.h" #endif #include "acl/Asn.h" #include "acl/Browser.h" diff --git a/src/acl/AtBumpStep.cc b/src/acl/AtStep.cc similarity index 85% rename from src/acl/AtBumpStep.cc rename to src/acl/AtStep.cc index c231bae49b..0e5ebff836 100644 --- a/src/acl/AtBumpStep.cc +++ b/src/acl/AtStep.cc @@ -1,7 +1,10 @@ #include "squid.h" + +#if USE_OPENSSL + #include "acl/Checklist.h" -#include "acl/AtBumpStep.h" -#include "acl/AtBumpStepData.h" +#include "acl/AtStep.h" +#include "acl/AtStepData.h" #include "client_side.h" #include "ssl/ServerBump.h" @@ -23,3 +26,5 @@ ACLAtStepStrategy::Instance() } ACLAtStepStrategy ACLAtStepStrategy::Instance_; + +#endif /* USE_OPENSSL */ diff --git a/src/acl/AtBumpStep.h b/src/acl/AtStep.h similarity index 87% rename from src/acl/AtBumpStep.h rename to src/acl/AtStep.h index fff725dc0c..23a33ab89a 100644 --- a/src/acl/AtBumpStep.h +++ b/src/acl/AtStep.h @@ -1,5 +1,8 @@ #ifndef SQUID_ACLATSTEP_H #define SQUID_ACLATSTEP_H + +#if USE_OPENSSL + #include "acl/Strategised.h" #include "acl/Strategy.h" #include "ssl/support.h" @@ -11,9 +14,8 @@ class ACLAtStepStrategy : public ACLStrategy public: virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); static ACLAtStepStrategy *Instance(); - /** - * Not implemented to prevent copies of the instance. - */ + + // Not implemented to prevent copies of the instance. ACLAtStepStrategy(ACLAtStepStrategy const &); private: @@ -31,4 +33,6 @@ private: static ACLStrategised RegistryEntry_; }; +#endif /* USE_OPENSSL */ + #endif /* SQUID_ACLATSTEP_H */ diff --git a/src/acl/AtBumpStepData.cc b/src/acl/AtStepData.cc similarity index 95% rename from src/acl/AtBumpStepData.cc rename to src/acl/AtStepData.cc index cd3bcfefe5..e052eb8ca3 100644 --- a/src/acl/AtBumpStepData.cc +++ b/src/acl/AtStepData.cc @@ -1,6 +1,9 @@ #include "squid.h" + +#if USE_OPENSSL + #include "acl/Checklist.h" -#include "acl/AtBumpStepData.h" +#include "acl/AtStepData.h" #include "cache_cf.h" #include "Debug.h" #include "wordlist.h" @@ -67,3 +70,5 @@ ACLAtStepData::clone() const { return new ACLAtStepData(*this); } + +#endif /* USE_OPENSSL */ diff --git a/src/acl/AtBumpStepData.h b/src/acl/AtStepData.h similarity index 93% rename from src/acl/AtBumpStepData.h rename to src/acl/AtStepData.h index 2effeb2a60..54d9fb7bbe 100644 --- a/src/acl/AtBumpStepData.h +++ b/src/acl/AtStepData.h @@ -1,9 +1,13 @@ #ifndef SQUID_ACLATSTEPDATA_H #define SQUID_ACLATSTEPDATA_H + +#if USE_OPENSSL + #include "acl/Acl.h" #include "acl/Data.h" #include "CbDataList.h" #include "ssl/support.h" + #include class ACLAtStepData : public ACLData @@ -27,4 +31,6 @@ public: MEMPROXY_CLASS_INLINE(ACLAtStepData); +#endif /* USE_OPENSSL */ + #endif /* SQUID_ACLSSL_ERRORDATA_H */ diff --git a/src/acl/Makefile.am b/src/acl/Makefile.am index c6330e2cd2..b4c6333ea4 100644 --- a/src/acl/Makefile.am +++ b/src/acl/Makefile.am @@ -133,10 +133,10 @@ libacls_la_SOURCES = \ EXTRA_libacls_la_SOURCES = SSL_ACLS = \ - AtBumpStep.cc \ - AtBumpStep.h \ - AtBumpStepData.cc \ - AtBumpStepData.h \ + AtStep.cc \ + AtStep.h \ + AtStepData.cc \ + AtStepData.h \ CertificateData.cc \ CertificateData.h \ Certificate.cc \ diff --git a/src/client_side.cc b/src/client_side.cc index 93427df788..b160e3fa03 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -3408,7 +3408,7 @@ static SSL * httpsCreate(const Comm::ConnectionPointer &conn, SSL_CTX *sslContext) { if (SSL *ssl = Ssl::CreateServer(sslContext, conn->fd, "client https start")) { - debugs(33, 5, "httpsCreate: will negotate SSL on " << conn); + debugs(33, 5, "will negotate SSL on " << conn); return ssl; } @@ -3987,7 +3987,7 @@ clientPeekAndSpliceSSL(int fd, void *data) ConnStateData *conn = (ConnStateData *)data; SSL *ssl = fd_table[fd].ssl; - debugs(83, 5, "Start peek and splice on " << fd); + debugs(83, 5, "Start peek and splice on FD " << fd); if (!Squid_SSL_accept(conn, clientPeekAndSpliceSSL)) debugs(83, 2, "SSL_accept failed."); @@ -3998,8 +3998,8 @@ clientPeekAndSpliceSSL(int fd, void *data) if (bio->gotHello()) { if (conn->serverBump()) { Ssl::Bio::sslFeatures const &features = bio->getFeatures(); - if (!features.serverName.empty()) - conn->serverBump()->clientSni = features.serverName.c_str(); + if (!features.serverName.isEmpty()) + conn->serverBump()->clientSni = features.serverName; } debugs(83, 5, "I got hello. Start forwarding the request!!! "); @@ -4032,8 +4032,6 @@ void ConnStateData::startPeekAndSplice() bio->hold(true); } -int default_read_method(int, char *, int); -int default_write_method(int, const char *, int); void httpsSslBumpStep2AccessCheckDone(allow_t answer, void *data) { ConnStateData *connState = (ConnStateData *) data; @@ -4059,7 +4057,7 @@ void httpsSslBumpStep2AccessCheckDone(allow_t answer, void *data) BIO *b = SSL_get_rbio(ssl); Ssl::ClientBio *bio = static_cast(b->ptr); MemBuf const &rbuf = bio->rBufData(); - debugs(83,5, "Bio for " << connState->clientConnection->fd << " read " << rbuf.contentSize() << " helo bytes"); + debugs(83,5, "Bio for " << connState->clientConnection << " read " << rbuf.contentSize() << " helo bytes"); // Do splice: connState->sslBumpMode = Ssl::bumpSplice; diff --git a/src/fd.h b/src/fd.h index 8948341563..28efb2c5a1 100644 --- a/src/fd.h +++ b/src/fd.h @@ -40,5 +40,7 @@ void fd_bytes(int fd, int len, unsigned int type); void fdDumpOpen(void); int fdUsageHigh(void); void fdAdjustReserved(void); +int default_read_method(int, char *, int); +int default_write_method(int, const char *, int); #endif /* SQUID_FD_H_ */ diff --git a/src/format/Token.cc b/src/format/Token.cc index 6da8245582..21e4d63e31 100644 --- a/src/format/Token.cc +++ b/src/format/Token.cc @@ -182,6 +182,8 @@ static TokenTableEntry TokenTableSsl[] = { {">cert_subject", LFT_SSL_USER_CERT_SUBJECT}, {">cert_issuer", LFT_SSL_USER_CERT_ISSUER}, {">sni", LFT_SSL_CLIENT_SNI}, + /*{"(b->ptr); - debugs(83,5, "Will check for peek and splice on fd " << serverConn->fd); + debugs(83,5, "Will check for peek and splice on FD " << serverConn->fd); // bump, peek, stare, server-first,client-first are all mean bump the connection if (peekMode < Ssl::bumpSplice) @@ -329,11 +329,11 @@ Ssl::PeerConnector::checkForPeekAndSplice(bool checkDone, Ssl::BumpMode peekMode srvBio->holdWrite(false); srvBio->recordInput(false); Comm::SetSelect(serverConn->fd, COMM_SELECT_WRITE, &NegotiateSsl, this, 0); - debugs(83,5, "Retry the fwdNegotiateSSL on fd " << serverConn->fd); + debugs(83,5, "Retry the fwdNegotiateSSL on FD " << serverConn->fd); return true; } else { static int status_code = 0; - debugs(83,5, "Revert to tunnel fd " << clientConn->fd << " with fd " << serverConn->fd); + debugs(83,5, "Revert to tunnel FD " << clientConn->fd << " with FD " << serverConn->fd); switchToTunnel(request.getRaw(), &status_code, clientConn, serverConn); return false; } diff --git a/src/ssl/bio.cc b/src/ssl/bio.cc index b3f4123cfa..86d6b882da 100644 --- a/src/ssl/bio.cc +++ b/src/ssl/bio.cc @@ -15,15 +15,13 @@ #include "globals.h" #include "Mem.h" #include "ssl/bio.h" + #if HAVE_OPENSSL_SSL_H #include #endif #undef DO_SSLV23 -// TODO: fde.h should probably export these for wrappers like ours -extern int default_read_method(int, char *, int); -extern int default_write_method(int, const char *, int); #if _SQUID_WINDOWS_ extern int socket_read_method(int, char *, int); extern int socket_write_method(int, const char *, int); @@ -222,7 +220,7 @@ Ssl::ClientBio::read(char *buf, int size, BIO *table) helloSize = (head[3] << 8) + head[4]; debugs(83, 7, "SSL Header Size: " << helloSize); helloSize +=5; -#ifdef DO_SSLV23 +#if defined(DO_SSLV23) } else if ((head[0] & 0x80) && head[2] == 0x01 && head[3] == 0x03) { debugs(83, 7, "SSL version 2 handshake message with v3 support"); helloSize = head[1]; @@ -283,8 +281,8 @@ Ssl::ServerBio::setClientFeatures(const Ssl::Bio::sslFeatures &features) clientFeatures.clientRequestedCiphers = features.clientRequestedCiphers; clientFeatures.unknownCiphers = features.unknownCiphers; memcpy(clientFeatures.client_random, features.client_random, SSL3_RANDOM_SIZE); - clientFeatures.helloMessage.init(features.helloMessage.contentSize(), features.helloMessage.contentSize()); - clientFeatures.helloMessage.append(features.helloMessage.content(), features.helloMessage.contentSize()); + clientFeatures.helloMessage.clear(); + clientFeatures.helloMessage.append(features.helloMessage.rawContent(), features.helloMessage.length()); clientFeatures.doHeartBeats = features.doHeartBeats; clientFeatures.extensions = features.extensions; featuresSet = true; @@ -362,31 +360,31 @@ adjustSSL(SSL *ssl, Ssl::Bio::sslFeatures &features) for (std::list::iterator it = features.extensions.begin(); it != features.extensions.end(); ++it) { static int supportedExtensions[] = { -#ifdef TLSEXT_TYPE_server_name +#if defined(TLSEXT_TYPE_server_name) TLSEXT_TYPE_server_name, #endif -#ifdef TLSEXT_TYPE_opaque_prf_input +#if defined(TLSEXT_TYPE_opaque_prf_input) TLSEXT_TYPE_opaque_prf_input, #endif -#ifdef TLSEXT_TYPE_heartbeat +#if defined(TLSEXT_TYPE_heartbeat) TLSEXT_TYPE_heartbeat, #endif -#ifdef TLSEXT_TYPE_renegotiate +#if defined(TLSEXT_TYPE_renegotiate) TLSEXT_TYPE_renegotiate, #endif -#ifdef TLSEXT_TYPE_ec_point_formats +#if defined(TLSEXT_TYPE_ec_point_formats) TLSEXT_TYPE_ec_point_formats, #endif -#ifdef TLSEXT_TYPE_elliptic_curves +#if defined(TLSEXT_TYPE_elliptic_curves) TLSEXT_TYPE_elliptic_curves, #endif -#ifdef TLSEXT_TYPE_session_ticket +#if defined(TLSEXT_TYPE_session_ticket) TLSEXT_TYPE_session_ticket, #endif -#ifdef TLSEXT_TYPE_status_request +#if defined(TLSEXT_TYPE_status_request) TLSEXT_TYPE_status_request, #endif -#ifdef TLSEXT_TYPE_use_srtp +#if defined(TLSEXT_TYPE_use_srtp) TLSEXT_TYPE_use_srtp, #endif #if 0 //Allow 13172 Firefox supported extension for testing purposes @@ -408,7 +406,7 @@ adjustSSL(SSL *ssl, Ssl::Bio::sslFeatures &features) } SSL3_BUFFER *wb=&(ssl->s3->wbuf); - if (wb->len < (size_t)features.helloMessage.contentSize()) + if (wb->len < (size_t)features.helloMessage.length()) return false; debugs(83, 5, "OpenSSL SSL struct will be adjusted to mimic client hello data!"); @@ -416,11 +414,11 @@ adjustSSL(SSL *ssl, Ssl::Bio::sslFeatures &features) //Adjust ssl structure data. // We need to fix the random in SSL struct: memcpy(ssl->s3->client_random, features.client_random, SSL3_RANDOM_SIZE); - memcpy(wb->buf, features.helloMessage.content(), features.helloMessage.contentSize()); - wb->left = features.helloMessage.contentSize(); + memcpy(wb->buf, features.helloMessage.rawContent(), features.helloMessage.length()); + wb->left = features.helloMessage.length(); - size_t mainHelloSize = features.helloMessage.contentSize() - 5; - const char *mainHello = features.helloMessage.content() + 5; + size_t mainHelloSize = features.helloMessage.length() - 5; + const char *mainHello = features.helloMessage.rawContent() + 5; assert((size_t)ssl->init_buf->max > mainHelloSize); memcpy(ssl->init_buf->data, mainHello, mainHelloSize); debugs(83, 5, "Hello Data init and adjustd sizes :" << ssl->init_num << " = "<< mainHelloSize); @@ -444,16 +442,13 @@ Ssl::ServerBio::write(const char *buf, int size, BIO *table) } if (!helloBuild && (bumpMode_ == Ssl::bumpPeek || bumpMode_ == Ssl::bumpStare)) { - if (helloMsg.isNull()) - helloMsg.init(1024, 16384); - if ( buf[1] >= 3 //it is an SSL Version3 message && buf[0] == 0x16 // and it is a Handshake/Hello message ) { //Hello message is the first message we write to server - assert(!helloMsg.hasContent()); + assert(helloMsg.isEmpty()); SSL *ssl = fd_table[fd_].ssl; if (featuresSet && ssl) { @@ -461,24 +456,24 @@ Ssl::ServerBio::write(const char *buf, int size, BIO *table) if (adjustSSL(ssl, clientFeatures)) allowBump = true; allowSplice = true; - helloMsg.append(clientFeatures.helloMessage.content(), clientFeatures.helloMessage.contentSize()); + helloMsg.append(clientFeatures.helloMessage); debugs(83, 7, "SSL HELLO message for FD " << fd_ << ": Random number is adjusted for peek mode"); } else { /*Ssl::bumpStare*/ allowBump = true; if (adjustSSL(ssl, clientFeatures)) { allowSplice = true; - helloMsg.append(clientFeatures.helloMessage.content(), clientFeatures.helloMessage.contentSize()); + helloMsg.append(clientFeatures.helloMessage); debugs(83, 7, "SSL HELLO message for FD " << fd_ << ": Random number is adjusted for stare mode"); } } } } // If we do not build any hello message, copy the current - if (!helloMsg.hasContent()) + if (helloMsg.isEmpty()) helloMsg.append(buf, size); helloBuild = true; - helloMsgSize = helloMsg.contentSize(); + helloMsgSize = helloMsg.length(); //allowBump = true; if (allowSplice) { @@ -488,11 +483,11 @@ Ssl::ServerBio::write(const char *buf, int size, BIO *table) } } - if (helloMsg.hasContent()) { + if (!helloMsg.isEmpty()) { debugs(83, 7, "buffered write for FD " << fd_); - int ret = Ssl::Bio::write(helloMsg.content(), helloMsg.contentSize(), table); + int ret = Ssl::Bio::write(helloMsg.rawContent(), helloMsg.length(), table); helloMsg.consume(ret); - if (helloMsg.hasContent()) { + if (!helloMsg.isEmpty()) { // We need to retry sendind data. // Say to openSSL to retry sending hello message BIO_set_retry_write(table); @@ -511,8 +506,8 @@ Ssl::ServerBio::write(const char *buf, int size, BIO *table) void Ssl::ServerBio::flush(BIO *table) { - if (helloMsg.hasContent()) { - int ret = Ssl::Bio::write(helloMsg.content(), helloMsg.contentSize(), table); + if (!helloMsg.isEmpty()) { + int ret = Ssl::Bio::write(helloMsg.rawContent(), helloMsg.length(), table); helloMsg.consume(ret); } } @@ -752,7 +747,7 @@ Ssl::Bio::sslFeatures::get(const unsigned char *hello) // The SSL handshake message should starts with a 0x16 byte if (hello[0] == 0x16) { return parseV3Hello(hello); -#ifdef DO_SSLV23 +#if defined(DO_SSLV23) } else if ((hello[0] & 0x80) && hello[2] == 0x01 && hello[3] == 0x03) { return parseV23Hello(hello); #endif @@ -773,7 +768,7 @@ Ssl::Bio::sslFeatures::parseV3Hello(const unsigned char *hello) // The following hello message size exist in 4th and 5th bytes int helloSize = (hello[3] << 8) | hello[4]; helloSize += 5; //Include the 5 header bytes. - helloMessage.init(helloSize, helloSize); + helloMessage.clear(); helloMessage.append((const char *)hello, helloSize); //For SSLv3 or TLSv1.* protocols we can get some more informations @@ -851,7 +846,7 @@ Ssl::Bio::sslFeatures::parseV3Hello(const unsigned char *hello) bool Ssl::Bio::sslFeatures::parseV23Hello(const unsigned char *hello) { -#ifdef DO_SSLV23 +#if defined(DO_SSLV23) debugs(83, 7, "Get fake features from v23 hello message."); sslVersion = (hello[3] << 8) | hello[4]; debugs(83, 7, "Get fake features. Version :" << std::hex << std::setw(8) << std::setfill('0')<< sslVersion); @@ -859,7 +854,7 @@ Ssl::Bio::sslFeatures::parseV23Hello(const unsigned char *hello) // The following hello message size exist in 2nd byte int helloSize = hello[1]; helloSize += 2; //Include the 2 header bytes. - helloMessage.init(helloSize, helloSize); + helloMessage.clear(); helloMessage.append((char *)hello, helloSize); //Ciphers list. It is stored after the Session ID. @@ -909,13 +904,14 @@ Ssl::Bio::sslFeatures::applyToSSL(SSL *ssl) const // For example will prevent comunnicating with a tls1.0 server if the // client sent and tlsv1.2 Hello message. //SSL_set_ssl_method(ssl, Ssl::method(features.toSquidSSLVersion())); -#ifdef TLSEXT_NAMETYPE_host_name - if (!serverName.empty()) +#if defined(TLSEXT_NAMETYPE_host_name) + if (!serverName.isEmpty()) { SSL_set_tlsext_host_name(ssl, serverName.c_str()); + } #endif if (!clientRequestedCiphers.empty()) SSL_set_cipher_list(ssl, clientRequestedCiphers.c_str()); -#ifdef SSL_OP_NO_COMPRESSION /* XXX: OpenSSL 0.9.8k lacks SSL_OP_NO_COMPRESSION */ +#if defined(SSL_OP_NO_COMPRESSION) /* XXX: OpenSSL 0.9.8k lacks SSL_OP_NO_COMPRESSION */ if (compressMethod == 0) SSL_set_options(ssl, SSL_OP_NO_COMPRESSION); #endif @@ -927,7 +923,7 @@ Ssl::Bio::sslFeatures::print(std::ostream &os) const { static std::string buf; return os << "v" << sslVersion << - " SNI:" << (serverName.empty() ? "-" : serverName) << + " SNI:" << (serverName.isEmpty() ? SBuf("-") : serverName) << " comp:" << compressMethod << " Ciphers:" << clientRequestedCiphers << " Random:" << objToString(client_random, SSL3_RANDOM_SIZE) << diff --git a/src/ssl/bio.h b/src/ssl/bio.h index ce384f0fb0..47aad3110d 100644 --- a/src/ssl/bio.h +++ b/src/ssl/bio.h @@ -1,15 +1,15 @@ #ifndef SQUID_SSL_BIO_H #define SQUID_SSL_BIO_H -#include "MemBuf.h" +#include "fd.h" +#include "SBuf.h" + #include #include #if HAVE_OPENSSL_BIO_H #include #endif -#if HAVE_STRING #include -#endif namespace Ssl { @@ -41,7 +41,7 @@ public: public: int sslVersion; ///< The requested/used SSL version int compressMethod; ///< The requested/used compressed method - std::string serverName; ///< The SNI hostname, if any + mutable SBuf serverName; ///< The SNI hostname, if any std::string clientRequestedCiphers; ///< The client requested ciphers bool unknownCiphers; ///< True if one or more ciphers are unknown std::string ecPointFormatList;///< tlsExtension ecPointFormatList @@ -51,7 +51,7 @@ public: /// The client random number unsigned char client_random[SSL3_RANDOM_SIZE]; std::list extensions; - MemBuf helloMessage; + SBuf helloMessage; }; explicit Bio(const int anFd); virtual ~Bio(); @@ -173,8 +173,8 @@ private: /// A random number to use as "client random" in client hello message sslFeatures clientFeatures; bool featuresSet; ///< True if the clientFeatures member is set and can be used - MemBuf helloMsg; ///< Used to buffer output data. - int helloMsgSize; + SBuf helloMsg; ///< Used to buffer output data. + mb_size_t helloMsgSize; bool helloBuild; ///< True if the client hello message sent to the server bool allowSplice; ///< True if the SSL stream can be spliced bool allowBump; ///< True if the SSL stream can be bumped diff --git a/src/ssl/support.cc b/src/ssl/support.cc index ba10e8c2c5..2e26a2c921 100644 --- a/src/ssl/support.cc +++ b/src/ssl/support.cc @@ -1034,7 +1034,7 @@ Ssl::method(int version) switch (version) { case 2: -#ifndef OPENSSL_NO_SSL2 +#if !defined(OPENSSL_NO_SSL2) debugs(83, 5, "Using SSLv2."); return SSLv2_client_method(); #else diff --git a/src/tunnel.cc b/src/tunnel.cc index b725f44fef..e89f35f66f 100644 --- a/src/tunnel.cc +++ b/src/tunnel.cc @@ -1106,8 +1106,6 @@ TunnelStateData::Connection::setDelayId(DelayId const &newDelay) #endif #if USE_OPENSSL -int default_read_method(int, char *, int); -int default_write_method(int, const char *, int); void switchToTunnel(HttpRequest *request, int *status_ptr, Comm::ConnectionPointer &clientConn, Comm::ConnectionPointer &srvConn) { @@ -1123,7 +1121,7 @@ switchToTunnel(HttpRequest *request, int *status_ptr, Comm::ConnectionPointer &c tunnelState = new TunnelStateData; tunnelState->url = xstrdup(url); tunnelState->request = request; - tunnelState->server.size_ptr = NULL;//???? + tunnelState->server.size_ptr = NULL; //Set later if ClientSocketContext is available tunnelState->status_ptr = status_ptr; tunnelState->client.conn = clientConn; @@ -1132,6 +1130,7 @@ switchToTunnel(HttpRequest *request, int *status_ptr, Comm::ConnectionPointer &c ClientSocketContext::Pointer context = conn->getCurrentContext(); if (context != NULL && context->http != NULL) { tunnelState->logTag_ptr = &context->http->logType; + tunnelState->server.size_ptr = &context->http->out.size; #if USE_DELAY_POOLS /* no point using the delayIsNoDelay stuff since tunnel is nice and simple */