From: Amos Jeffries <squid3@treenet.co.nz>
Date: Mon, 23 Mar 2015 10:20:17 +0000 (-0700)
Subject: Rename PeerOptions::createContext to createClientContext
X-Git-Tag: merge-candidate-3-v1~38^2~21^2~15
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a465e1444f2641088b055c83bc2a7e567f8ab92c;p=thirdparty%2Fsquid.git

Rename PeerOptions::createContext to createClientContext

Paves the way for PeerOptions to represent either server or client
options, and context state.
---

diff --git a/src/CachePeer.h b/src/CachePeer.h
index 4ede9f6cb5..12861dfb8c 100644
--- a/src/CachePeer.h
+++ b/src/CachePeer.h
@@ -182,9 +182,8 @@ public:
 
     /// security settings for peer connection
     Security::PeerOptions secure;
-
+    Security::ContextPointer sslContext;
 #if USE_OPENSSL
-    SSL_CTX *sslContext;
     SSL_SESSION *sslSession;
 #endif
 
diff --git a/src/Makefile.am b/src/Makefile.am
index b8d1ea2acb..4f2ee10fd1 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1172,6 +1172,7 @@ tests_testHttpReply_SOURCES=\
 	tests/stub_libauth.cc \
 	tests/stub_libcomm.cc \
 	tests/stub_libmgr.cc \
+	tests/stub_libsecurity.cc \
 	tests/stub_libsslsquid.cc \
 	StatCounters.h \
 	StatCounters.cc \
@@ -1255,6 +1256,7 @@ tests_testACLMaxUserIP_SOURCES= \
 	mem_node.cc \
 	Packer.cc \
 	Parsing.cc \
+	tests/stub_libsecurity.cc \
 	SquidMath.cc \
 	StatCounters.cc \
 	StatCounters.h \
@@ -1683,6 +1685,7 @@ tests_testDiskIO_SOURCES = \
 	RemovalPolicy.cc \
 	RequestFlags.h \
 	RequestFlags.cc \
+	tests/stub_libsecurity.cc \
 	StatCounters.h \
 	StatCounters.cc \
 	StatHist.h \
@@ -2165,7 +2168,6 @@ tests_testEventLoop_SOURCES = \
 	int.cc \
 	internal.h \
 	internal.cc \
-	tests/stub_libsecurity.cc \
 	SquidList.h \
 	SquidList.cc \
 	MasterXaction.cc \
@@ -2247,6 +2249,7 @@ tests_testEventLoop_SOURCES = \
 	tests/stub_libauth_acls.cc \
 	tests/stub_libauth.cc \
 	tests/stub_libeui.cc \
+	tests/stub_libsecurity.cc \
 	tests/stub_store_stats.cc \
 	time.cc \
 	tools.h \
@@ -2407,7 +2410,6 @@ tests_test_http_range_SOURCES = \
 	internal.cc \
 	$(IPC_SOURCE) \
 	ipcache.cc \
-	tests/stub_libsecurity.cc \
 	SquidList.h \
 	SquidList.cc \
 	MasterXaction.cc \
@@ -2487,6 +2489,7 @@ tests_test_http_range_SOURCES = \
 	tests/stub_external_acl.cc \
 	tests/stub_ipc_Forwarder.cc \
 	tests/stub_libeui.cc \
+	tests/stub_libsecurity.cc \
 	tests/stub_main_cc.cc \
 	tests/stub_MemStore.cc \
 	tests/stub_store_stats.cc \
@@ -2575,6 +2578,7 @@ tests_testHttp1Parser_SOURCES = \
 	tests/stub_debug.cc \
 	tests/stub_event.cc \
 	tests/stub_HelperChildConfig.cc \
+	tests/stub_libsecurity.cc \
 	tests/stub_stmem.cc \
 	tests/stub_store.cc \
 	tests/stub_store_stats.cc \
@@ -2944,6 +2948,7 @@ tests_testStore_SOURCES= \
 	tests/stub_libauth.cc \
 	tests/stub_libeui.cc \
 	tests/stub_libformat.cc \
+	tests/stub_libsecurity.cc \
 	tests/stub_libsslsquid.cc \
 	HttpBody.h \
 	HttpBody.cc \
@@ -3093,6 +3098,7 @@ tests_testUfs_SOURCES = \
 	internal.h \
 	tests/stub_internal.cc \
 	tests/stub_libformat.cc \
+	tests/stub_libsecurity.cc \
 	tests/stub_stat.cc \
 	store_rebuild.h \
 	tests/stub_store_rebuild.cc \
@@ -3371,6 +3377,7 @@ tests_testRock_SOURCES = \
 	tests/stub_libformat.cc \
 	tests/stub_libicmp.cc \
 	tests/stub_libmgr.cc \
+	tests/stub_libsecurity.cc \
 	tests/stub_MemStore.cc \
 	mime.h \
 	tests/stub_mime.cc \
@@ -3524,7 +3531,6 @@ tests_testURL_SOURCES = \
 	int.cc \
 	internal.h \
 	internal.cc \
-	tests/stub_libsecurity.cc \
 	SquidList.h \
 	SquidList.cc \
 	MasterXaction.cc \
@@ -3605,6 +3611,7 @@ tests_testURL_SOURCES = \
 	tests/stub_DiskIOModule.cc \
 	tests/stub_libauth_acls.cc \
 	tests/stub_libauth.cc \
+	tests/stub_libsecurity.cc \
 	tests/stub_main_cc.cc \
 	tests/stub_ipc_Forwarder.cc \
 	tests/stub_store_stats.cc \
diff --git a/src/SquidConfig.h b/src/SquidConfig.h
index 30cffc1eb7..3402233961 100644
--- a/src/SquidConfig.h
+++ b/src/SquidConfig.h
@@ -18,13 +18,10 @@
 #include "icmp/IcmpConfig.h"
 #include "ip/Address.h"
 #include "Notes.h"
+#include "security/forward.h"
 #include "YesNoNone.h"
 
 #if USE_OPENSSL
-#if HAVE_OPENSSL_SSL_H
-#include <openssl/ssl.h>
-#endif
-
 class sslproxy_cert_sign;
 class sslproxy_cert_adapt;
 #endif
@@ -497,14 +494,14 @@ public:
     time_t minimum_expiry_time; /* seconds */
     external_acl *externalAclHelperList;
 
-#if USE_OPENSSL
     struct {
+        Security::ContextPointer sslContext;
+#if USE_OPENSSL
         acl_access *cert_error;
-        SSL_CTX *sslContext;
         sslproxy_cert_sign *cert_sign;
         sslproxy_cert_adapt *cert_adapt;
-    } ssl_client;
 #endif
+    } ssl_client;
 
     char *accept_filter;
     int umask;
diff --git a/src/cache_cf.cc b/src/cache_cf.cc
index b66c4ba457..f2e7ccbd3e 100644
--- a/src/cache_cf.cc
+++ b/src/cache_cf.cc
@@ -871,11 +871,10 @@ configDoConfigure(void)
         Config2.effectiveGroupID = grp->gr_gid;
     }
 
-#if USE_OPENSSL
-
-    debugs(3, DBG_IMPORTANT, "Initializing https proxy context");
-
-    Config.ssl_client.sslContext = Security::ProxyOutgoingConfig.createContext(false);
+    if (Security::ProxyOutgoingConfig.encryptTransport) {
+        debugs(3, DBG_IMPORTANT, "Initializing https:// proxy context");
+        Config.ssl_client.sslContext = Security::ProxyOutgoingConfig.createClientContext(false);
+    }
 
     for (CachePeer *p = Config.peers; p != NULL; p = p->next) {
 
@@ -885,10 +884,11 @@ configDoConfigure(void)
 
         if (p->secure.encryptTransport) {
             debugs(3, DBG_IMPORTANT, "Initializing cache_peer " << p->name << " SSL context");
-            p->sslContext = p->secure.createContext(true);
+            p->sslContext = p->secure.createClientContext(true);
         }
     }
 
+#if USE_OPENSSL
     for (AnyP::PortCfgPointer s = HttpPortList; s != NULL; s = s->next) {
         if (!s->flags.tunnelSslBumping)
             continue;
diff --git a/src/security/PeerOptions.cc b/src/security/PeerOptions.cc
index 6f276713fd..e537c7a2d7 100644
--- a/src/security/PeerOptions.cc
+++ b/src/security/PeerOptions.cc
@@ -59,7 +59,7 @@ Security::PeerOptions::parse(const char *token)
 
 // XXX: make a GnuTLS variant
 Security::ContextPointer
-Security::PeerOptions::createContext(bool setOptions)
+Security::PeerOptions::createClientContext(bool setOptions)
 {
     Security::ContextPointer t = NULL;
 
diff --git a/src/security/PeerOptions.h b/src/security/PeerOptions.h
index 08ac9b706d..678e6073cf 100644
--- a/src/security/PeerOptions.h
+++ b/src/security/PeerOptions.h
@@ -28,8 +28,8 @@ public:
     /// reset the configuration details to default
     void clear() {*this = PeerOptions();}
 
-    /// generate a security context from these configured options
-    Security::ContextPointer createContext(bool setOptions);
+    /// generate a security client-context from these configured options
+    Security::ContextPointer createClientContext(bool setOptions);
 
     SBuf certFile;       ///< path of file containing PEM format X509 certificate
     SBuf privateKeyFile; ///< path of file containing private key in PEM format
diff --git a/src/tests/stub_libsecurity.cc b/src/tests/stub_libsecurity.cc
index 041bfbabe8..c581c1dce5 100644
--- a/src/tests/stub_libsecurity.cc
+++ b/src/tests/stub_libsecurity.cc
@@ -19,7 +19,7 @@ std::ostream &Security::operator <<(std::ostream &os, const Security::EncryptorA
 #include "security/PeerOptions.h"
 Security::PeerOptions Security::ProxyOutgoingConfig;
 void Security::PeerOptions::parse(char const*) STUB
-Security::ContextPointer Security::PeerOptions::createContext(bool) STUB_RETVAL(NULL)
+Security::ContextPointer Security::PeerOptions::createClientContext(bool) STUB_RETVAL(NULL)
 void parse_securePeerOptions(Security::PeerOptions *) STUB
 long Security::ParseOptions(const char *) STUB_RETVAL(0)