From: Amos Jeffries Date: Sat, 28 Nov 2015 03:00:35 +0000 (-0800) Subject: Cleanup: rename Security::ContextPointer to ContextPtr X-Git-Tag: SQUID_4_0_3~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=96993ee01e9e14f9bdfb893bc98d399b28fd9d62;p=thirdparty%2Fsquid.git Cleanup: rename Security::ContextPointer to ContextPtr ... Pointer is used in Squid for smart pointers, which this is not (yet). Also convert remaining SSL_CTX* instances with ContextPtr. --- diff --git a/src/CachePeer.h b/src/CachePeer.h index 12861dfb8c..20b8041022 100644 --- a/src/CachePeer.h +++ b/src/CachePeer.h @@ -182,7 +182,7 @@ public: /// security settings for peer connection Security::PeerOptions secure; - Security::ContextPointer sslContext; + Security::ContextPtr sslContext; #if USE_OPENSSL SSL_SESSION *sslSession; #endif diff --git a/src/SquidConfig.h b/src/SquidConfig.h index cf0840db94..2e9d5abc53 100644 --- a/src/SquidConfig.h +++ b/src/SquidConfig.h @@ -494,7 +494,7 @@ public: external_acl *externalAclHelperList; struct { - Security::ContextPointer sslContext; + Security::ContextPtr sslContext; #if USE_OPENSSL acl_access *cert_error; sslproxy_cert_sign *cert_sign; diff --git a/src/adaptation/icap/ServiceRep.h b/src/adaptation/icap/ServiceRep.h index e1eef552b5..51a22f01e2 100644 --- a/src/adaptation/icap/ServiceRep.h +++ b/src/adaptation/icap/ServiceRep.h @@ -110,7 +110,7 @@ public: // treat these as private, they are for callbacks only // receive either an ICAP OPTIONS response header or an abort message virtual void noteAdaptationAnswer(const Answer &answer); - Security::ContextPointer sslContext; + Security::ContextPtr sslContext; #if USE_OPENSSL SSL_SESSION *sslSession; #endif diff --git a/src/adaptation/icap/Xaction.cc b/src/adaptation/icap/Xaction.cc index c2df952634..6716e6eec6 100644 --- a/src/adaptation/icap/Xaction.cc +++ b/src/adaptation/icap/Xaction.cc @@ -62,7 +62,7 @@ public: /* PeerConnector API */ virtual Security::SessionPointer initializeSsl(); virtual void noteNegotiationDone(ErrorState *error); - virtual Security::ContextPointer getSslContext() {return icapService->sslContext;} + virtual Security::ContextPtr getSslContext() {return icapService->sslContext;} private: Adaptation::Icap::ServiceRep::Pointer icapService; diff --git a/src/anyp/PortCfg.cc b/src/anyp/PortCfg.cc index 5209244b7d..a4430573fd 100644 --- a/src/anyp/PortCfg.cc +++ b/src/anyp/PortCfg.cc @@ -104,7 +104,7 @@ AnyP::PortCfg::clone() const #if 0 // TODO: AYJ: 2015-01-15: for now SSL does not clone the context object. // cloning should only be done before the PortCfg is post-configure initialized and opened - Security::ContextPointer sslContext; + Security::ContextPtr sslContext; #endif #endif /*0*/ diff --git a/src/client_side.cc b/src/client_side.cc index 40e4c1b44a..350e568802 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -3339,7 +3339,7 @@ httpAccept(const CommAcceptCbParams ¶ms) /** Create SSL connection structure and update fd_table */ static Security::SessionPointer -httpsCreate(const Comm::ConnectionPointer &conn, Security::ContextPointer sslContext) +httpsCreate(const Comm::ConnectionPointer &conn, Security::ContextPtr sslContext) { if (auto ssl = Ssl::CreateServer(sslContext, conn->fd, "client https start")) { debugs(33, 5, "will negotate SSL on " << conn); @@ -3487,11 +3487,11 @@ clientNegotiateSSL(int fd, void *data) } /** - * If Security::ContextPointer is given, starts reading the TLS handshake. - * Otherwise, calls switchToHttps to generate a dynamic Security::ContextPointer. + * If Security::ContextPtr is given, starts reading the TLS handshake. + * Otherwise, calls switchToHttps to generate a dynamic Security::ContextPtr. */ static void -httpsEstablish(ConnStateData *connState, Security::ContextPointer sslContext) +httpsEstablish(ConnStateData *connState, Security::ContextPtr sslContext) { Security::SessionPointer ssl = nullptr; assert(connState); @@ -3589,7 +3589,7 @@ ConnStateData::postHttpsAccept() acl_checklist->nonBlockingCheck(httpsSslBumpAccessCheckDone, this); return; } else { - Security::ContextPointer sslContext = port->staticSslContext.get(); + Security::ContextPtr sslContext = port->staticSslContext.get(); httpsEstablish(this, sslContext); } } @@ -3745,7 +3745,7 @@ ConnStateData::getSslContextStart() if (!(sslServerBump && (sslServerBump->act.step1 == Ssl::bumpPeek || sslServerBump->act.step1 == Ssl::bumpStare))) { debugs(33, 5, "Finding SSL certificate for " << sslBumpCertKey << " in cache"); Ssl::LocalContextStorage * ssl_ctx_cache = Ssl::TheGlobalContextStorage.getLocalStorage(port->s); - Security::ContextPointer dynCtx = nullptr; + Security::ContextPtr dynCtx = nullptr; Ssl::SSL_CTX_Pointer *cachedCtx = ssl_ctx_cache ? ssl_ctx_cache->get(sslBumpCertKey.termedBuf()) : NULL; if (cachedCtx && (dynCtx = cachedCtx->get())) { debugs(33, 5, "SSL certificate for " << sslBumpCertKey << " found in cache"); @@ -3797,7 +3797,7 @@ ConnStateData::getSslContextStart() } void -ConnStateData::getSslContextDone(Security::ContextPointer sslContext, bool isNew) +ConnStateData::getSslContextDone(Security::ContextPtr sslContext, bool isNew) { // Try to add generated ssl context to storage. if (port->generateHostCertificates && isNew) { diff --git a/src/client_side.h b/src/client_side.h index 2e8d363570..bce603db72 100644 --- a/src/client_side.h +++ b/src/client_side.h @@ -349,14 +349,14 @@ public: /// \retval false otherwise bool spliceOnError(const err_type err); - /// Start to create dynamic SSL_CTX for host or uses static port SSL context. + /// Start to create dynamic Security::ContextPtr for host or uses static port SSL context. void getSslContextStart(); /** * Done create dynamic ssl certificate. * * \param[in] isNew if generated certificate is new, so we need to add this certificate to storage. */ - void getSslContextDone(Security::ContextPointer sslContext, bool isNew = false); + void getSslContextDone(Security::ContextPtr sslContext, bool isNew = false); /// Callback function. It is called when squid receive message from ssl_crtd. static void sslCrtdHandleReplyWrapper(void *data, const Helper::Reply &reply); /// Proccess response from ssl_crtd. diff --git a/src/fde.h b/src/fde.h index 2ba72ff8c7..4c354e9dfe 100644 --- a/src/fde.h +++ b/src/fde.h @@ -120,7 +120,7 @@ public: READ_HANDLER *read_method; WRITE_HANDLER *write_method; Security::SessionPointer ssl; - Security::ContextPointer dynamicSslContext; ///< cached and then freed when fd is closed + Security::ContextPtr dynamicSslContext; ///< cached and then freed when fd is closed #if _SQUID_WINDOWS_ struct { long handle; diff --git a/src/security/Context.h b/src/security/Context.h index a3f28351f5..0aaa366b9c 100644 --- a/src/security/Context.h +++ b/src/security/Context.h @@ -24,14 +24,14 @@ namespace Security { #if USE_OPENSSL -typedef SSL_CTX* ContextPointer; +typedef SSL_CTX* ContextPtr; #elif USE_GNUTLS -typedef gnutls_certificate_credentials_t ContextPointer; +typedef gnutls_certificate_credentials_t ContextPtr; #else -// use void* so we can check against NULL -typedef void* ContextPointer; +// use void* so we can check against nullptr +typedef void* ContextPtr; #endif } // namespace Security diff --git a/src/security/PeerOptions.cc b/src/security/PeerOptions.cc index 310f2e2821..44593adbeb 100644 --- a/src/security/PeerOptions.cc +++ b/src/security/PeerOptions.cc @@ -193,10 +193,10 @@ Security::PeerOptions::updateTlsVersionLimits() } // XXX: make a GnuTLS variant -Security::ContextPointer +Security::ContextPtr Security::PeerOptions::createClientContext(bool setOptions) { - Security::ContextPointer t = nullptr; + Security::ContextPtr t = nullptr; updateTlsVersionLimits(); @@ -488,7 +488,7 @@ Security::PeerOptions::loadCrlFile() } void -Security::PeerOptions::updateContextCa(Security::ContextPointer &ctx) +Security::PeerOptions::updateContextCa(Security::ContextPtr &ctx) { debugs(83, 8, "Setting CA certificate locations."); @@ -522,7 +522,7 @@ Security::PeerOptions::updateContextCa(Security::ContextPointer &ctx) } void -Security::PeerOptions::updateContextCrl(Security::ContextPointer &ctx) +Security::PeerOptions::updateContextCrl(Security::ContextPtr &ctx) { #if USE_OPENSSL bool verifyCrl = false; diff --git a/src/security/PeerOptions.h b/src/security/PeerOptions.h index aff0810e49..3fcedf7180 100644 --- a/src/security/PeerOptions.h +++ b/src/security/PeerOptions.h @@ -33,16 +33,16 @@ public: virtual void clear() {*this = PeerOptions();} /// generate a security client-context from these configured options - Security::ContextPointer createClientContext(bool setOptions); + Security::ContextPtr createClientContext(bool setOptions); /// sync the context options with tls-min-version=N configuration void updateTlsVersionLimits(); /// setup the CA details for the given context - void updateContextCa(Security::ContextPointer &); + void updateContextCa(Security::ContextPtr &); /// setup the CRL details for the given context - void updateContextCrl(Security::ContextPointer &); + void updateContextCrl(Security::ContextPtr &); /// output squid.conf syntax with 'pfx' prefix on parameters for the stored settings virtual void dumpCfg(Packable *, const char *pfx) const; diff --git a/src/security/ServerOptions.cc b/src/security/ServerOptions.cc index 37e774cc3b..d6fbe948f7 100644 --- a/src/security/ServerOptions.cc +++ b/src/security/ServerOptions.cc @@ -122,7 +122,7 @@ Security::ServerOptions::loadDhParams() } void -Security::ServerOptions::updateContextEecdh(Security::ContextPointer &ctx) +Security::ServerOptions::updateContextEecdh(Security::ContextPtr &ctx) { // set Elliptic Curve details into the server context if (!eecdhCurve.isEmpty()) { diff --git a/src/security/ServerOptions.h b/src/security/ServerOptions.h index e60566d63d..f4831bb51e 100644 --- a/src/security/ServerOptions.h +++ b/src/security/ServerOptions.h @@ -28,7 +28,7 @@ public: virtual void dumpCfg(Packable *, const char *pfx) const; /// update the context with DH, EDH, EECDH settings - void updateContextEecdh(Security::ContextPointer &); + void updateContextEecdh(Security::ContextPtr &); private: void loadDhParams(); diff --git a/src/ssl/PeerConnector.cc b/src/ssl/PeerConnector.cc index c265473f43..ce5b7a899c 100644 --- a/src/ssl/PeerConnector.cc +++ b/src/ssl/PeerConnector.cc @@ -101,7 +101,7 @@ Ssl::PeerConnector::prepareSocket() SSL * Ssl::PeerConnector::initializeSsl() { - SSL_CTX *sslContext = getSslContext(); + Security::ContextPtr sslContext(getSslContext()); assert(sslContext); const int fd = serverConnection()->fd; @@ -589,15 +589,15 @@ Ssl::PeerConnector::status() const return buf.content(); } -SSL_CTX * +Security::ContextPtr Ssl::BlindPeerConnector::getSslContext() { if (const CachePeer *peer = serverConnection()->getPeer()) { assert(peer->secure.encryptTransport); - SSL_CTX *sslContext = peer->sslContext; + Security::ContextPtr sslContext(peer->sslContext); return sslContext; } - return NULL; + return nullptr; } SSL * @@ -647,7 +647,7 @@ Ssl::BlindPeerConnector::noteNegotiationDone(ErrorState *error) } } -SSL_CTX * +Security::ContextPtr Ssl::PeekingPeerConnector::getSslContext() { // XXX: locate a per-server context in Security:: instead diff --git a/src/ssl/PeerConnector.h b/src/ssl/PeerConnector.h index e70fc175b1..769df69d5f 100644 --- a/src/ssl/PeerConnector.h +++ b/src/ssl/PeerConnector.h @@ -134,9 +134,9 @@ protected: /// \param error if not NULL the SSL negotiation was aborted with an error virtual void noteNegotiationDone(ErrorState *error) {} - /// Must implemented by the kid classes to return the SSL_CTX object to use + /// Must implemented by the kid classes to return the Security::ContextPtr object to use /// for building the SSL objects. - virtual SSL_CTX *getSslContext() = 0; + virtual Security::ContextPtr getSslContext() = 0; /// mimics FwdState to minimize changes to FwdState::initiate/negotiateSsl Comm::ConnectionPointer const &serverConnection() const { return serverConn; } @@ -196,8 +196,8 @@ public: /// and sets the hostname to use for certificates validation virtual SSL *initializeSsl(); - /// Return the configured SSL_CTX object - virtual SSL_CTX *getSslContext(); + /// Return the configured Security::ContextPtr object + virtual Security::ContextPtr getSslContext(); /// On error calls peerConnectFailed function, on success store the used SSL session /// for later use @@ -224,7 +224,7 @@ public: /* PeerConnector API */ virtual SSL *initializeSsl(); - virtual SSL_CTX *getSslContext(); + virtual Security::ContextPtr getSslContext(); virtual void noteWantWrite(); virtual void noteSslNegotiationError(const int result, const int ssl_error, const int ssl_lib_error); virtual void noteNegotiationDone(ErrorState *error); diff --git a/src/ssl/support.cc b/src/ssl/support.cc index e82d02c86f..926ffd8a67 100644 --- a/src/ssl/support.cc +++ b/src/ssl/support.cc @@ -33,7 +33,7 @@ #include -static void setSessionCallbacks(SSL_CTX *ctx); +static void setSessionCallbacks(Security::ContextPtr ctx); Ipc::MemMap *SslSessionCache = NULL; const char *SslSessionCacheName = "ssl_session_cache"; @@ -227,7 +227,7 @@ ssl_verify_cb(int ok, X509_STORE_CTX * ctx) char buffer[256] = ""; SSL *ssl = (SSL *)X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); - SSL_CTX *sslctx = SSL_get_SSL_CTX(ssl); + Security::ContextPtr sslctx = SSL_get_SSL_CTX(ssl); SBuf *server = (SBuf *)SSL_get_ex_data(ssl, ssl_ex_index_server); void *dont_verify_domain = SSL_CTX_get_ex_data(sslctx, ssl_ctx_ex_index_dont_verify_domain); ACLChecklist *check = (ACLChecklist*)SSL_get_ex_data(ssl, ssl_ex_index_cert_error_check); @@ -484,7 +484,7 @@ ssl_info_cb(const SSL *ssl, int where, int ret) #endif static bool -configureSslContext(SSL_CTX *sslContext, AnyP::PortCfg &port) +configureSslContext(Security::ContextPtr sslContext, AnyP::PortCfg &port) { int ssl_error; SSL_CTX_set_options(sslContext, port.secure.parsedOptions); @@ -555,15 +555,15 @@ configureSslContext(SSL_CTX *sslContext, AnyP::PortCfg &port) return true; } -SSL_CTX * +Security::ContextPtr sslCreateServerContext(AnyP::PortCfg &port) { ssl_initialize(); #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) - SSL_CTX *sslContext = SSL_CTX_new(TLS_server_method()); + Security::ContextPtr sslContext(SSL_CTX_new(TLS_server_method())); #else - SSL_CTX *sslContext = SSL_CTX_new(SSLv23_server_method()); + Security::ContextPtr sslContext(SSL_CTX_new(SSLv23_server_method())); #endif if (sslContext == NULL) { @@ -639,15 +639,15 @@ ssl_next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsi } #endif -SSL_CTX * +Security::ContextPtr sslCreateClientContext(const char *certfile, const char *keyfile, const char *cipher, long options, long fl) { ssl_initialize(); #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) - SSL_CTX *sslContext = SSL_CTX_new(TLS_client_method()); + Security::ContextPtr sslContext(SSL_CTX_new(TLS_client_method())); #else - SSL_CTX *sslContext = SSL_CTX_new(SSLv23_client_method()); + Security::ContextPtr sslContext(SSL_CTX_new(SSLv23_client_method())); #endif if (sslContext == NULL) { @@ -959,9 +959,8 @@ sslGetUserCertificateChainPEM(SSL *ssl) return str; } -/// \ingroup ServerProtocolSSLInternal /// Create SSL context and apply ssl certificate and private key to it. -SSL_CTX * +Security::ContextPtr Ssl::createSSLContext(Security::CertPointer & x509, Ssl::EVP_PKEY_Pointer & pkey, AnyP::PortCfg &port) { #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) @@ -982,33 +981,24 @@ Ssl::createSSLContext(Security::CertPointer & x509, Ssl::EVP_PKEY_Pointer & pkey return sslContext.release(); } -SSL_CTX * +Security::ContextPtr Ssl::generateSslContextUsingPkeyAndCertFromMemory(const char * data, AnyP::PortCfg &port) { Security::CertPointer cert; Ssl::EVP_PKEY_Pointer pkey; - if (!readCertAndPrivateKeyFromMemory(cert, pkey, data)) - return NULL; - - if (!cert || !pkey) - return NULL; + if (!readCertAndPrivateKeyFromMemory(cert, pkey, data) || !cert || !pkey) + return nullptr; return createSSLContext(cert, pkey, port); } -SSL_CTX * +Security::ContextPtr Ssl::generateSslContext(CertificateProperties const &properties, AnyP::PortCfg &port) { Security::CertPointer cert; Ssl::EVP_PKEY_Pointer pkey; - if (!generateSslCertificate(cert, pkey, properties)) - return NULL; - - if (!cert) - return NULL; - - if (!pkey) - return NULL; + if (!generateSslCertificate(cert, pkey, properties) || !cert || !pkey) + return nullptr; return createSSLContext(cert, pkey, port); } @@ -1056,10 +1046,10 @@ Ssl::configureSSLUsingPkeyAndCertFromMemory(SSL *ssl, const char *data, AnyP::Po return true; } -bool Ssl::verifySslCertificate(SSL_CTX * sslContext, CertificateProperties const &properties) +bool Ssl::verifySslCertificate(Security::ContextPtr sslContext, CertificateProperties const &properties) { // SSL_get_certificate is buggy in openssl versions 1.0.1d and 1.0.1e - // Try to retrieve certificate directly from SSL_CTX object + // Try to retrieve certificate directly from Security::ContextPtr object #if SQUID_USE_SSLGETCERTIFICATE_HACK X509 ***pCert = (X509 ***)sslContext->cert; X509 * cert = pCert && *pCert ? **pCert : NULL; @@ -1101,7 +1091,7 @@ Ssl::setClientSNI(SSL *ssl, const char *fqdn) #endif } -void Ssl::addChainToSslContext(SSL_CTX *sslContext, STACK_OF(X509) *chain) +void Ssl::addChainToSslContext(Security::ContextPtr sslContext, STACK_OF(X509) *chain) { if (!chain) return; @@ -1199,7 +1189,7 @@ bool Ssl::generateUntrustedCert(Security::CertPointer &untrustedCert, EVP_PKEY_P } SSL * -SslCreate(SSL_CTX *sslContext, const int fd, Ssl::Bio::Type type, const char *squidCtx) +SslCreate(Security::ContextPtr sslContext, const int fd, Ssl::Bio::Type type, const char *squidCtx) { if (fd < 0) { debugs(83, DBG_IMPORTANT, "Gone connection"); @@ -1234,13 +1224,13 @@ SslCreate(SSL_CTX *sslContext, const int fd, Ssl::Bio::Type type, const char *sq } SSL * -Ssl::CreateClient(SSL_CTX *sslContext, const int fd, const char *squidCtx) +Ssl::CreateClient(Security::ContextPtr sslContext, const int fd, const char *squidCtx) { return SslCreate(sslContext, fd, Ssl::Bio::BIO_TO_SERVER, squidCtx); } SSL * -Ssl::CreateServer(SSL_CTX *sslContext, const int fd, const char *squidCtx) +Ssl::CreateServer(Security::ContextPtr sslContext, const int fd, const char *squidCtx) { return SslCreate(sslContext, fd, Ssl::Bio::BIO_TO_CLIENT, squidCtx); } @@ -1364,7 +1354,7 @@ get_session_cb(SSL *, unsigned char *sessionID, int len, int *copy) } static void -setSessionCallbacks(SSL_CTX *ctx) +setSessionCallbacks(Security::ContextPtr ctx) { if (SslSessionCache) { SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL); diff --git a/src/ssl/support.h b/src/ssl/support.h index 949fea79a2..1e67895796 100644 --- a/src/ssl/support.h +++ b/src/ssl/support.h @@ -61,11 +61,11 @@ typedef CbDataList Errors; /// Creates SSL Client connection structure and initializes SSL I/O (Comm and BIO). /// On errors, emits DBG_IMPORTANT with details and returns NULL. -SSL *CreateClient(SSL_CTX *sslContext, const int fd, const char *squidCtx); +SSL *CreateClient(Security::ContextPtr sslContext, const int fd, const char *squidCtx); /// Creates SSL Server connection structure and initializes SSL I/O (Comm and BIO). /// On errors, emits DBG_IMPORTANT with details and returns NULL. -SSL *CreateServer(SSL_CTX *sslContext, const int fd, const char *squidCtx); +SSL *CreateServer(Security::ContextPtr sslContext, const int fd, const char *squidCtx); /// An SSL certificate-related error. /// Pairs an error code with the certificate experiencing the error. @@ -87,10 +87,10 @@ typedef CbDataList CertErrors; } //namespace Ssl /// \ingroup ServerProtocolSSLAPI -SSL_CTX *sslCreateServerContext(AnyP::PortCfg &port); +Security::ContextPtr sslCreateServerContext(AnyP::PortCfg &port); /// \ingroup ServerProtocolSSLAPI -SSL_CTX *sslCreateClientContext(const char *certfile, const char *keyfile, const char *cipher, long options, long flags); +Security::ContextPtr sslCreateClientContext(const char *certfile, const char *keyfile, const char *cipher, long options, long flags); /// \ingroup ServerProtocolSSLAPI int ssl_read_method(int, char *, int); @@ -165,7 +165,7 @@ bool generateUntrustedCert(Security::CertPointer & untrustedCert, EVP_PKEY_Point \ingroup ServerProtocolSSLAPI * Decide on the kind of certificate and generate a CA- or self-signed one */ -SSL_CTX * generateSslContext(CertificateProperties const &properties, AnyP::PortCfg &port); +Security::ContextPtr generateSslContext(CertificateProperties const &properties, AnyP::PortCfg &port); /** \ingroup ServerProtocolSSLAPI @@ -174,20 +174,20 @@ SSL_CTX * generateSslContext(CertificateProperties const &properties, AnyP::Port \param properties Check if the context certificate matches the given properties \return true if the contexts certificate is valid, false otherwise */ -bool verifySslCertificate(SSL_CTX * sslContext, CertificateProperties const &properties); +bool verifySslCertificate(Security::ContextPtr sslContext, CertificateProperties const &properties); /** \ingroup ServerProtocolSSLAPI * Read private key and certificate from memory and generate SSL context * using their. */ -SSL_CTX * generateSslContextUsingPkeyAndCertFromMemory(const char * data, AnyP::PortCfg &port); +Security::ContextPtr generateSslContextUsingPkeyAndCertFromMemory(const char * data, AnyP::PortCfg &port); /** \ingroup ServerProtocolSSLAPI * Create an SSL context using the provided certificate and key */ -SSL_CTX * createSSLContext(Security::CertPointer & x509, Ssl::EVP_PKEY_Pointer & pkey, AnyP::PortCfg &port); +Security::ContextPtr createSSLContext(Security::CertPointer & x509, Ssl::EVP_PKEY_Pointer & pkey, AnyP::PortCfg &port); /** \ingroup ServerProtocolSSLAPI @@ -207,7 +207,7 @@ bool configureSSLUsingPkeyAndCertFromMemory(SSL *ssl, const char *data, AnyP::Po \ingroup ServerProtocolSSLAPI * Adds the certificates in certList to the certificate chain of the SSL context */ -void addChainToSslContext(SSL_CTX *sslContext, STACK_OF(X509) *certList); +void addChainToSslContext(Security::ContextPtr sslContext, STACK_OF(X509) *certList); /** \ingroup ServerProtocolSSLAPI diff --git a/src/tests/stub_client_side.cc b/src/tests/stub_client_side.cc index df99ec0c0f..0a7e9e2040 100644 --- a/src/tests/stub_client_side.cc +++ b/src/tests/stub_client_side.cc @@ -62,7 +62,7 @@ void ConnStateData::quitAfterError(HttpRequest *request) STUB #if USE_OPENSSL void ConnStateData::httpsPeeked(Comm::ConnectionPointer serverConnection) STUB void ConnStateData::getSslContextStart() STUB -void ConnStateData::getSslContextDone(Security::ContextPointer, bool) STUB +void ConnStateData::getSslContextDone(Security::ContextPtr, bool) STUB void ConnStateData::sslCrtdHandleReplyWrapper(void *data, const Helper::Reply &reply) STUB void ConnStateData::sslCrtdHandleReply(const Helper::Reply &reply) STUB void ConnStateData::switchToHttps(HttpRequest *request, Ssl::BumpMode bumpServerMode) STUB diff --git a/src/tests/stub_libsecurity.cc b/src/tests/stub_libsecurity.cc index 72286b770f..173f90ef91 100644 --- a/src/tests/stub_libsecurity.cc +++ b/src/tests/stub_libsecurity.cc @@ -19,10 +19,10 @@ std::ostream &Security::operator <<(std::ostream &os, const Security::EncryptorA #include "security/PeerOptions.h" Security::PeerOptions Security::ProxyOutgoingConfig; void Security::PeerOptions::parse(char const*) STUB -Security::ContextPointer Security::PeerOptions::createClientContext(bool) STUB_RETVAL(NULL) +Security::ContextPtr Security::PeerOptions::createClientContext(bool) STUB_RETVAL(NULL) void Security::PeerOptions::updateTlsVersionLimits() STUB -void Security::PeerOptions::updateContextCa(Security::ContextPointer &) STUB -void Security::PeerOptions::updateContextCrl(Security::ContextPointer &) STUB +void Security::PeerOptions::updateContextCa(Security::ContextPtr &) STUB +void Security::PeerOptions::updateContextCrl(Security::ContextPtr &) STUB void Security::PeerOptions::dumpCfg(Packable*, char const*) const STUB long Security::PeerOptions::parseOptions() STUB_RETVAL(0) long Security::PeerOptions::parseFlags() STUB_RETVAL(0) @@ -32,5 +32,5 @@ void parse_securePeerOptions(Security::PeerOptions *) STUB //Security::ServerOptions::ServerOptions(const Security::ServerOptions &) STUB void Security::ServerOptions::parse(const char *) STUB void Security::ServerOptions::dumpCfg(Packable *, const char *) const STUB -void Security::ServerOptions::updateContextEecdh(Security::ContextPointer &) STUB +void Security::ServerOptions::updateContextEecdh(Security::ContextPtr &) STUB diff --git a/src/tests/stub_libsslsquid.cc b/src/tests/stub_libsslsquid.cc index b4ee0098ff..bdc408f3f0 100644 --- a/src/tests/stub_libsslsquid.cc +++ b/src/tests/stub_libsslsquid.cc @@ -56,8 +56,8 @@ CertError & CertError::operator = (const CertError &old) STUB_RETVAL(*this) bool CertError::operator == (const CertError &ce) const STUB_RETVAL(false) bool CertError::operator != (const CertError &ce) const STUB_RETVAL(false) } // namespace Ssl -SSL_CTX *sslCreateServerContext(AnyP::PortCfg &port) STUB_RETVAL(NULL) -SSL_CTX *sslCreateClientContext(const char *certfile, const char *keyfile, const char *cipher, long options, const char *flags) STUB_RETVAL(NULL) +Security::ContextPtr sslCreateServerContext(AnyP::PortCfg &port) STUB_RETVAL(NULL) +Security::ContextPtr sslCreateClientContext(const char *certfile, const char *keyfile, const char *cipher, long options, const char *flags) STUB_RETVAL(NULL) int ssl_read_method(int, char *, int) STUB_RETVAL(0) int ssl_write_method(int, const char *, int) STUB_RETVAL(0) void ssl_shutdown_method(SSL *ssl) STUB @@ -73,10 +73,10 @@ namespace Ssl //GETX509ATTRIBUTE GetX509Fingerprint; const char *BumpModeStr[] = {""}; bool generateUntrustedCert(Security::CertPointer & untrustedCert, EVP_PKEY_Pointer & untrustedPkey, Security::CertPointer const & cert, EVP_PKEY_Pointer const & pkey) STUB_RETVAL(false) -SSL_CTX * generateSslContext(CertificateProperties const &properties, AnyP::PortCfg &port) STUB_RETVAL(NULL) -bool verifySslCertificate(SSL_CTX * sslContext, CertificateProperties const &properties) STUB_RETVAL(false) -SSL_CTX * generateSslContextUsingPkeyAndCertFromMemory(const char * data, AnyP::PortCfg &port) STUB_RETVAL(NULL) -void addChainToSslContext(SSL_CTX *sslContext, STACK_OF(X509) *certList) STUB +Security::ContextPtr generateSslContext(CertificateProperties const &properties, AnyP::PortCfg &port) STUB_RETVAL(NULL) +bool verifySslCertificate(Security::ContextPtr sslContext, CertificateProperties const &properties) STUB_RETVAL(false) +Security::ContextPtr generateSslContextUsingPkeyAndCertFromMemory(const char * data, AnyP::PortCfg &port) STUB_RETVAL(NULL) +void addChainToSslContext(Security::ContextPtr sslContext, STACK_OF(X509) *certList) STUB void readCertChainAndPrivateKeyFromFiles(Security::CertPointer & cert, EVP_PKEY_Pointer & pkey, X509_STACK_Pointer & chain, char const * certFilename, char const * keyFilename) STUB int matchX509CommonNames(X509 *peer_cert, void *check_data, int (*check_func)(void *check_data, ASN1_STRING *cn_data)) STUB_RETVAL(0) bool checkX509ServerValidity(X509 *cert, const char *server) STUB_RETVAL(false)