From: Amos Jeffries Date: Sun, 30 Mar 2014 12:00:34 +0000 (-0700) Subject: Cleanup: replace USE_SSL wrapper macro with USE_OPENSSL X-Git-Tag: SQUID_3_5_0_1~311 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cb4f4424c1be4036544bd99f3fb8dc237e395dc0;p=thirdparty%2Fsquid.git Cleanup: replace USE_SSL wrapper macro with USE_OPENSSL Squid-3 currently only supports OpenSSL for SSL/TLS components. This makes the support type explicit and prepares for alternative SSL libraries to be added in future with different macro wrappers. --- diff --git a/configure.ac b/configure.ac index 2e3fb52864..1383cfcadc 100644 --- a/configure.ac +++ b/configure.ac @@ -1224,7 +1224,7 @@ case "$with_openssl" in with_openssl=yes esac ]) -AH_TEMPLATE(USE_SSL,[OpenSSL support is available]) +AH_TEMPLATE(USE_OPENSSL,[OpenSSL support is available]) ## OpenSSL is default disable due to licensing issues on some OS if test "x$with_openssl" = "xyes"; then AC_CHECK_HEADERS( \ @@ -1262,7 +1262,7 @@ if test "x$with_openssl" = "xyes"; then if test "x$LIBOPENSSL_LIBS" != "x" ; then CXXFLAGS="$LIBOPENSSL_CFLAGS $CXXFLAGS" SSLLIB="$LIBOPENSSL_LIBS $SSLLIB" - AC_DEFINE(USE_SSL,1,[OpenSSL support is available]) + AC_DEFINE(USE_OPENSSL,1,[OpenSSL support is available]) # check for other specific broken implementations SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS diff --git a/squid3.dox b/squid3.dox index bb2e735027..49dca8225a 100644 --- a/squid3.dox +++ b/squid3.dox @@ -1282,7 +1282,7 @@ PREDEFINED = __cplusplus \ USE_SELECT \ USE_SELECT_WIN32 \ USE_SQUID_ESI \ - USE_SSL \ + USE_OPENSSL \ USE_LINUX_TPROXY2 \ USE_LINUX_TPROXY4 \ USE_UNLINKD \ diff --git a/src/AccessLogEntry.cc b/src/AccessLogEntry.cc index 45cf014e02..003eb29703 100644 --- a/src/AccessLogEntry.cc +++ b/src/AccessLogEntry.cc @@ -4,13 +4,13 @@ #include "HttpRequest.h" #include "SquidConfig.h" -#if USE_SSL +#if USE_OPENSSL #include "ssl/support.h" AccessLogEntry::SslDetails::SslDetails(): user(NULL), bumpMode(::Ssl::bumpEnd) { } -#endif /* USE_SSL */ +#endif /* USE_OPENSSL */ void AccessLogEntry::getLogClientIp(char *buf, size_t bufsz) const diff --git a/src/AccessLogEntry.h b/src/AccessLogEntry.h index 73da24e3ea..53a922ee1d 100644 --- a/src/AccessLogEntry.h +++ b/src/AccessLogEntry.h @@ -45,7 +45,7 @@ #if ICAP_CLIENT #include "adaptation/icap/Elements.h" #endif -#if USE_SSL +#if USE_OPENSSL #include "ssl/gadgets.h" #endif @@ -137,7 +137,7 @@ public: const char *opcode; } htcp; -#if USE_SSL +#if USE_OPENSSL /// logging information specific to the SSL protocol class SslDetails { @@ -165,7 +165,7 @@ public: msec(0), rfc931 (NULL), extuser(NULL), -#if USE_SSL +#if USE_OPENSSL ssluser(NULL), #endif port(NULL) { @@ -180,7 +180,7 @@ public: int msec; const char *rfc931; const char *extuser; -#if USE_SSL +#if USE_OPENSSL const char *ssluser; Ssl::X509_Pointer sslClientCert; ///< cert received from the client diff --git a/src/AclRegs.cc b/src/AclRegs.cc index 548450440f..b0700b939a 100644 --- a/src/AclRegs.cc +++ b/src/AclRegs.cc @@ -57,7 +57,7 @@ #include "acl/SourceAsn.h" #include "acl/SourceDomain.h" #include "acl/SourceIp.h" -#if USE_SSL +#if USE_OPENSSL #include "acl/Certificate.h" #include "acl/CertificateData.h" #include "acl/SslError.h" @@ -66,7 +66,7 @@ #include "acl/Strategised.h" #include "acl/Strategy.h" #include "acl/StringData.h" -#if USE_SSL +#if USE_OPENSSL #include "acl/ServerCertificate.h" #endif #include "acl/Tag.h" @@ -151,7 +151,7 @@ ACLStrategised ACLUrlPath::RegistryEntry_(new ACLRegexData, ACLUrl ACL::Prototype ACLUrlPort::RegistryProtoype(&ACLUrlPort::RegistryEntry_, "port"); ACLStrategised ACLUrlPort::RegistryEntry_(new ACLIntRange, ACLUrlPortStrategy::Instance(), "port"); -#if USE_SSL +#if USE_OPENSSL ACL::Prototype ACLSslError::RegistryProtoype(&ACLSslError::RegistryEntry_, "ssl_error"); ACLStrategised ACLSslError::RegistryEntry_(new ACLSslErrorData, ACLSslErrorStrategy::Instance(), "ssl_error"); ACL::Prototype ACLCertificate::UserRegistryProtoype(&ACLCertificate::UserRegistryEntry_, "user_cert"); diff --git a/src/CachePeer.h b/src/CachePeer.h index 67aebfb26d..13c2b5558d 100644 --- a/src/CachePeer.h +++ b/src/CachePeer.h @@ -37,7 +37,7 @@ //TODO: remove, it is unconditionally defined and always used. #define PEER_MULTICAST_SIBLINGS 1 -#if USE_SSL +#if HAVE_OPENSSL_SSL_H #include #endif @@ -187,7 +187,7 @@ public: int connect_fail_limit; int max_conn; char *domain; /* Forced domain */ -#if USE_SSL +#if USE_OPENSSL int use_ssl; char *sslcert; diff --git a/src/ClientRequestContext.h b/src/ClientRequestContext.h index 3d3c0eb867..a292bc2513 100644 --- a/src/ClientRequestContext.h +++ b/src/ClientRequestContext.h @@ -40,7 +40,7 @@ public: void adaptationAccessCheck(); #endif -#if USE_SSL +#if USE_OPENSSL /** * Initiates and start the acl checklist to check if the a CONNECT * request must be bumped. @@ -77,7 +77,7 @@ public: bool interpreted_req_hdrs; bool tosToClientDone; bool nfmarkToClientDone; -#if USE_SSL +#if USE_OPENSSL bool sslBumpCheckDone; #endif ErrorState *error; ///< saved error page for centralized/delayed processing diff --git a/src/FwdState.cc b/src/FwdState.cc index 3a8d11e82b..38d3270834 100644 --- a/src/FwdState.cc +++ b/src/FwdState.cc @@ -71,7 +71,7 @@ #include "StoreClient.h" #include "urn.h" #include "whois.h" -#if USE_SSL +#if USE_OPENSSL #include "ssl/cert_validate_message.h" #include "ssl/Config.h" #include "ssl/ErrorDetail.h" @@ -85,7 +85,7 @@ static PSC fwdPeerSelectionCompleteWrapper; static CLCB fwdServerClosedWrapper; -#if USE_SSL +#if USE_OPENSSL static PF fwdNegotiateSSLWrapper; #endif static CNCB fwdConnectDoneWrapper; @@ -229,7 +229,7 @@ FwdState::completed() assert(err); errorAppendEntry(entry, err); err = NULL; -#if USE_SSL +#if USE_OPENSSL if (request->flags.sslPeek && request->clientConnectionManager.valid()) { CallJobHere1(17, 4, request->clientConnectionManager, ConnStateData, ConnStateData::httpsPeeked, Comm::ConnectionPointer(NULL)); @@ -508,7 +508,7 @@ fwdServerClosedWrapper(const CommCloseCbParams ¶ms) fwd->serverClosed(params.fd); } -#if USE_SSL +#if USE_OPENSSL static void fwdNegotiateSSLWrapper(int fd, void *data) { @@ -646,7 +646,7 @@ FwdState::handleUnregisteredServerEnd() retryOrBail(); } -#if USE_SSL +#if USE_OPENSSL void FwdState::negotiateSSL(int fd) { @@ -1032,7 +1032,7 @@ FwdState::connectDone(const Comm::ConnectionPointer &conn, comm_err_t status, in if (serverConnection()->getPeer()) peerConnectSucceded(serverConnection()->getPeer()); -#if USE_SSL +#if USE_OPENSSL if (!request->flags.pinned) { if ((serverConnection()->getPeer() && serverConnection()->getPeer()->use_ssl) || (!serverConnection()->getPeer() && request->protocol == AnyP::PROTO_HTTPS) || @@ -1258,7 +1258,7 @@ FwdState::dispatch() } #endif -#if USE_SSL +#if USE_OPENSSL if (request->flags.sslPeek) { CallJobHere1(17, 4, request->clientConnectionManager, ConnStateData, ConnStateData::httpsPeeked, serverConnection()); @@ -1279,7 +1279,7 @@ FwdState::dispatch() request->peer_domain = NULL; switch (request->protocol) { -#if USE_SSL +#if USE_OPENSSL case AnyP::PROTO_HTTPS: httpStart(this); diff --git a/src/FwdState.h b/src/FwdState.h index 88b5775088..d19aea6d8a 100644 --- a/src/FwdState.h +++ b/src/FwdState.h @@ -8,7 +8,7 @@ #include "fde.h" #include "http/StatusCode.h" #include "ip/Address.h" -#if USE_SSL +#if USE_OPENSSL #include "ssl/support.h" #endif @@ -19,7 +19,7 @@ typedef RefCount AccessLogEntryPointer; class ErrorState; class HttpRequest; -#if USE_SSL +#if USE_OPENSSL namespace Ssl { class ErrorDetail; @@ -83,7 +83,7 @@ public: /** return a ConnectionPointer to the current server connection (may or may not be open) */ Comm::ConnectionPointer const & serverConnection() const { return serverConn; }; -#if USE_SSL +#if USE_OPENSSL /// Callback function called when squid receive message from cert validator helper static void sslCrtvdHandleReplyWrapper(void *data, Ssl::CertValidationResponse const &); /// Process response from cert validator helper diff --git a/src/HttpHeader.h b/src/HttpHeader.h index 7f08ee8a01..8000dd50c6 100644 --- a/src/HttpHeader.h +++ b/src/HttpHeader.h @@ -176,7 +176,7 @@ typedef enum { #endif hoRequest, hoReply, -#if USE_SSL +#if USE_OPENSSL hoErrorDetail, #endif hoEnd diff --git a/src/HttpHeaderTools.cc b/src/HttpHeaderTools.cc index 0f6a264607..16fe5e34e9 100644 --- a/src/HttpHeaderTools.cc +++ b/src/HttpHeaderTools.cc @@ -50,7 +50,7 @@ #include "Store.h" #include "StrList.h" -#if USE_SSL +#if USE_OPENSSL #include "ssl/support.h" #endif diff --git a/src/SquidConfig.h b/src/SquidConfig.h index aa92d38254..9c336f198b 100644 --- a/src/SquidConfig.h +++ b/src/SquidConfig.h @@ -40,8 +40,11 @@ #include "Notes.h" #include "YesNoNone.h" -#if USE_SSL +#if USE_OPENSSL +#if HAVE_OPENSSL_SSL_H #include +#endif + class sslproxy_cert_sign; class sslproxy_cert_adapt; #endif @@ -135,7 +138,7 @@ public: struct { AnyP::PortCfg *http; -#if USE_SSL +#if USE_OPENSSL AnyP::PortCfg *https; #endif } Sockaddr; @@ -199,7 +202,7 @@ public: #endif char *diskd; -#if USE_SSL +#if USE_OPENSSL char *ssl_password; #endif @@ -385,7 +388,7 @@ public: acl_access *htcp_clr; #endif -#if USE_SSL +#if USE_OPENSSL acl_access *ssl_bump; #endif #if FOLLOW_X_FORWARDED_FOR @@ -487,7 +490,7 @@ public: int rebuild_chunk_percentage; } digest; #endif -#if USE_SSL +#if USE_OPENSSL struct { int unclean_shutdown; @@ -509,7 +512,7 @@ public: time_t minimum_expiry_time; /* seconds */ external_acl *externalAclHelperList; -#if USE_SSL +#if USE_OPENSSL struct { char *cert; diff --git a/src/acl/Certificate.cc b/src/acl/Certificate.cc index 74a27b0616..424eed5995 100644 --- a/src/acl/Certificate.cc +++ b/src/acl/Certificate.cc @@ -37,7 +37,7 @@ /* MS Visual Studio Projects are monolithic, so we need the following * #if to exclude the SSL code from compile process when not needed. */ -#if USE_SSL +#if USE_OPENSSL #include "acl/Certificate.h" #include "acl/CertificateData.h" @@ -67,4 +67,4 @@ ACLCertificateStrategy::Instance() ACLCertificateStrategy ACLCertificateStrategy::Instance_; -#endif /* USE_SSL */ +#endif /* USE_OPENSSL */ diff --git a/src/acl/FilledChecklist.cc b/src/acl/FilledChecklist.cc index c02f799a4a..4298244c1f 100644 --- a/src/acl/FilledChecklist.cc +++ b/src/acl/FilledChecklist.cc @@ -24,7 +24,7 @@ ACLFilledChecklist::ACLFilledChecklist() : #if SQUID_SNMP snmp_community(NULL), #endif -#if USE_SSL +#if USE_OPENSSL sslErrors(NULL), #endif extacl_entry (NULL), @@ -54,7 +54,7 @@ ACLFilledChecklist::~ACLFilledChecklist() cbdataReferenceDone(conn_); -#if USE_SSL +#if USE_OPENSSL cbdataReferenceDone(sslErrors); #endif @@ -140,7 +140,7 @@ ACLFilledChecklist::ACLFilledChecklist(const acl_access *A, HttpRequest *http_re #if SQUID_SNMP snmp_community(NULL), #endif -#if USE_SSL +#if USE_OPENSSL sslErrors(NULL), #endif extacl_entry (NULL), diff --git a/src/acl/FilledChecklist.h b/src/acl/FilledChecklist.h index 23b69b4f9a..41ce6bda44 100644 --- a/src/acl/FilledChecklist.h +++ b/src/acl/FilledChecklist.h @@ -8,7 +8,7 @@ #if USE_AUTH #include "auth/UserRequest.h" #endif -#if USE_SSL +#if USE_OPENSSL #include "ssl/support.h" #endif @@ -69,7 +69,7 @@ public: char *snmp_community; #endif -#if USE_SSL +#if USE_OPENSSL /// SSL [certificate validation] errors, in undefined order Ssl::CertErrors *sslErrors; /// The peer certificate diff --git a/src/acl/ServerCertificate.cc b/src/acl/ServerCertificate.cc index 5d5e73ec29..d3af828181 100644 --- a/src/acl/ServerCertificate.cc +++ b/src/acl/ServerCertificate.cc @@ -3,7 +3,7 @@ #include "squid.h" -#if USE_SSL +#if USE_OPENSSL #include "acl/CertificateData.h" #include "acl/Checklist.h" @@ -35,4 +35,4 @@ ACLServerCertificateStrategy::Instance() ACLServerCertificateStrategy ACLServerCertificateStrategy::Instance_; -#endif /* USE_SSL */ +#endif /* USE_OPENSSL */ diff --git a/src/adaptation/icap/History.h b/src/adaptation/icap/History.h index 3c3c35c8b2..fcb4efa18c 100644 --- a/src/adaptation/icap/History.h +++ b/src/adaptation/icap/History.h @@ -28,7 +28,7 @@ public: int processingTime() const; String rfc931; ///< the username from ident -#if USE_SSL +#if USE_OPENSSL String ssluser; ///< the username from SSL #endif LogTags logType; ///< the squid request status (TCP_MISS etc) diff --git a/src/adaptation/icap/ModXact.cc b/src/adaptation/icap/ModXact.cc index dbe94b3725..6b677a7f9f 100644 --- a/src/adaptation/icap/ModXact.cc +++ b/src/adaptation/icap/ModXact.cc @@ -1285,7 +1285,7 @@ void Adaptation::Icap::ModXact::finalizeLogInfo() if (h->rfc931.size()) al.cache.rfc931 = h->rfc931.termedBuf(); -#if USE_SSL +#if USE_OPENSSL if (h->ssluser.size()) al.cache.ssluser = h->ssluser.termedBuf(); #endif diff --git a/src/anyp/PortCfg.cc b/src/anyp/PortCfg.cc index f72117d27c..ca810cc7ec 100644 --- a/src/anyp/PortCfg.cc +++ b/src/anyp/PortCfg.cc @@ -2,7 +2,7 @@ #include "anyp/PortCfg.h" #include "comm.h" #include "fatal.h" -#if USE_SSL +#if USE_OPENSSL #include "ssl/support.h" #endif @@ -29,7 +29,7 @@ AnyP::PortCfg::PortCfg() : vport(0), disable_pmtu_discovery(0), listenConn() -#if USE_SSL +#if USE_OPENSSL ,cert(NULL), key(NULL), version(0), @@ -71,7 +71,7 @@ AnyP::PortCfg::~PortCfg() safe_free(name); safe_free(defaultsite); -#if USE_SSL +#if USE_OPENSSL safe_free(cert); safe_free(key); safe_free(options); @@ -106,7 +106,7 @@ AnyP::PortCfg::clone() const #if 0 // TODO: AYJ: 2009-07-18: for now SSL does not clone. Configure separate ports with IPs and SSL settings -#if USE_SSL +#if USE_OPENSSL char *cert; char *key; int version; @@ -127,7 +127,7 @@ AnyP::PortCfg::clone() const return b; } -#if USE_SSL +#if USE_OPENSSL void AnyP::PortCfg::configureSslServerContext() { diff --git a/src/anyp/PortCfg.h b/src/anyp/PortCfg.h index c47ba32d94..594196026e 100644 --- a/src/anyp/PortCfg.h +++ b/src/anyp/PortCfg.h @@ -6,7 +6,7 @@ #include "anyp/TrafficMode.h" #include "comm/Connection.h" -#if USE_SSL +#if USE_OPENSSL #include "ssl/gadgets.h" #endif @@ -19,7 +19,7 @@ public: PortCfg(); ~PortCfg(); AnyP::PortCfg *clone() const; -#if USE_SSL +#if USE_OPENSSL /// creates, configures, and validates SSL context and related port options void configureSslServerContext(); #endif @@ -64,7 +64,7 @@ public: */ Comm::ConnectionPointer listenConn; -#if USE_SSL +#if USE_OPENSSL char *cert; char *key; int version; diff --git a/src/cache_cf.cc b/src/cache_cf.cc index caf65c1ad4..db08f99061 100644 --- a/src/cache_cf.cc +++ b/src/cache_cf.cc @@ -91,7 +91,7 @@ #if USE_ECAP #include "adaptation/ecap/Config.h" #endif -#if USE_SSL +#if USE_OPENSSL #include "ssl/Config.h" #include "ssl/support.h" #endif @@ -121,7 +121,7 @@ #include #endif -#if USE_SSL +#if USE_OPENSSL #include "ssl/gadgets.h" #endif @@ -190,7 +190,7 @@ static void defaults_postscriptum(void); static int parse_line(char *); static void parse_obsolete(const char *); static void parseBytesLine(size_t * bptr, const char *units); -#if USE_SSL +#if USE_OPENSSL static void parseBytesOptionValue(size_t * bptr, const char *units, char const * value); #endif static void parseBytesLineSigned(ssize_t * bptr, const char *units); @@ -231,7 +231,7 @@ static void parsePortCfg(AnyP::PortCfg **, const char *protocol); static void dump_PortCfg(StoreEntry *, const char *, const AnyP::PortCfg *); static void free_PortCfg(AnyP::PortCfg **); -#if USE_SSL +#if USE_OPENSSL static void parse_sslproxy_cert_sign(sslproxy_cert_sign **cert_sign); static void dump_sslproxy_cert_sign(StoreEntry *entry, const char *name, sslproxy_cert_sign *cert_sign); static void free_sslproxy_cert_sign(sslproxy_cert_sign **cert_sign); @@ -241,7 +241,7 @@ static void free_sslproxy_cert_adapt(sslproxy_cert_adapt **cert_adapt); static void parse_sslproxy_ssl_bump(acl_access **ssl_bump); static void dump_sslproxy_ssl_bump(StoreEntry *entry, const char *name, acl_access *ssl_bump); static void free_sslproxy_ssl_bump(acl_access **ssl_bump); -#endif /* USE_SSL */ +#endif /* USE_OPENSSL */ static void parse_b_size_t(size_t * var); static void parse_b_int64_t(int64_t * var); @@ -913,7 +913,7 @@ configDoConfigure(void) Config2.effectiveGroupID = grp->gr_gid; } -#if USE_SSL +#if USE_OPENSSL debugs(3, DBG_IMPORTANT, "Initializing https proxy context"); @@ -2285,7 +2285,7 @@ parse_peer(CachePeer ** head) if (token[13]) p->domain = xstrdup(token + 13); -#if USE_SSL +#if USE_OPENSSL } else if (strcmp(token, "ssl") == 0) { p->use_ssl = 1; @@ -3717,7 +3717,7 @@ parse_port_option(AnyP::PortCfg * s, char *token) ++t; s->tcp_keepalive.timeout = xatoui(t); } -#if USE_SSL +#if USE_OPENSSL } else if (strcmp(token, "sslBump") == 0) { debugs(3, DBG_CRITICAL, "WARNING: '" << token << "' is deprecated " << "in http_port. Use 'ssl-bump' instead."); @@ -3819,7 +3819,7 @@ parsePortCfg(AnyP::PortCfg ** head, const char *optionName) parse_port_option(s, token); } -#if USE_SSL +#if USE_OPENSSL if (s->transport.protocol == AnyP::PROTO_HTTPS) { /* ssl-bump on https_port configuration requires either tproxy or intercept, and vice versa */ const bool hijacked = s->flags.isIntercepted(); @@ -3926,7 +3926,7 @@ dump_generic_port(StoreEntry * e, const char *n, const AnyP::PortCfg * s) } } -#if USE_SSL +#if USE_OPENSSL if (s->flags.tunnelSslBumping) storeAppendPrintf(e, " ssl-bump"); @@ -3996,7 +3996,7 @@ void configFreeMemory(void) { free_all(); -#if USE_SSL +#if USE_OPENSSL SSL_CTX_free(Config.ssl_client.sslContext); #endif } @@ -4479,7 +4479,7 @@ static void free_icap_service_failure_limit(Adaptation::Icap::Config *cfg) } #endif -#if USE_SSL +#if USE_OPENSSL static void parse_sslproxy_cert_adapt(sslproxy_cert_adapt **cert_adapt) { char *al; diff --git a/src/cf.data.pre b/src/cf.data.pre index dd10acc2d3..b3ef746467 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -842,7 +842,7 @@ DOC_END NAME: acl TYPE: acl LOC: Config.aclList -IF USE_SSL +IF USE_OPENSSL DEFAULT: ssl::certHasExpired ssl_error X509_V_ERR_CERT_HAS_EXPIRED DEFAULT: ssl::certNotYetValid ssl_error X509_V_ERR_CERT_NOT_YET_VALID DEFAULT: ssl::certDomainMismatch ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH @@ -1107,7 +1107,7 @@ DOC_START # adaptation_meta because it starts matching immediately after # the service has been selected for adaptation. -IF USE_SSL +IF USE_OPENSSL acl aclname ssl_error errorname # match against SSL certificate validation error [fast] # @@ -1838,7 +1838,7 @@ NOCOMMENT_END DOC_END NAME: https_port -IFDEF: USE_SSL +IFDEF: USE_OPENSSL TYPE: PortCfg DEFAULT: none LOC: Config.Sockaddr.https @@ -2282,7 +2282,7 @@ COMMENT_START COMMENT_END NAME: ssl_unclean_shutdown -IFDEF: USE_SSL +IFDEF: USE_OPENSSL TYPE: onoff DEFAULT: off LOC: Config.SSL.unclean_shutdown @@ -2292,7 +2292,7 @@ DOC_START DOC_END NAME: ssl_engine -IFDEF: USE_SSL +IFDEF: USE_OPENSSL TYPE: string LOC: Config.SSL.ssl_engine DEFAULT: none @@ -2302,7 +2302,7 @@ DOC_START DOC_END NAME: sslproxy_client_certificate -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none LOC: Config.ssl_client.cert TYPE: string @@ -2311,7 +2311,7 @@ DOC_START DOC_END NAME: sslproxy_client_key -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none LOC: Config.ssl_client.key TYPE: string @@ -2320,7 +2320,7 @@ DOC_START DOC_END NAME: sslproxy_version -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: 1 DEFAULT_DOC: automatic SSL/TLS version negotiation LOC: Config.ssl_client.version @@ -2339,7 +2339,7 @@ DOC_START DOC_END NAME: sslproxy_options -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none LOC: Config.ssl_client.options TYPE: string @@ -2369,7 +2369,7 @@ DOC_START DOC_END NAME: sslproxy_cipher -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none LOC: Config.ssl_client.cipher TYPE: string @@ -2380,7 +2380,7 @@ DOC_START DOC_END NAME: sslproxy_cafile -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none LOC: Config.ssl_client.cafile TYPE: string @@ -2390,7 +2390,7 @@ DOC_START DOC_END NAME: sslproxy_capath -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none LOC: Config.ssl_client.capath TYPE: string @@ -2400,7 +2400,7 @@ DOC_START DOC_END NAME: sslproxy_session_ttl -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: 300 LOC: Config.SSL.session_ttl TYPE: int @@ -2409,7 +2409,7 @@ DOC_START DOC_END NAME: sslproxy_session_cache_size -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: 2 MB LOC: Config.SSL.sessionCacheSize TYPE: b_size_t @@ -2418,7 +2418,7 @@ DOC_START DOC_END NAME: ssl_bump -IFDEF: USE_SSL +IFDEF: USE_OPENSSL TYPE: sslproxy_ssl_bump LOC: Config.accessList.ssl_bump DEFAULT_DOC: Does not bump unless rules are present in squid.conf @@ -2477,7 +2477,7 @@ DOC_START DOC_END NAME: sslproxy_flags -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none LOC: Config.ssl_client.flags TYPE: string @@ -2490,7 +2490,7 @@ DOC_START DOC_END NAME: sslproxy_cert_error -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none DEFAULT_DOC: Server certificate errors terminate the transaction. LOC: Config.ssl_client.cert_error @@ -2525,7 +2525,7 @@ DOC_START DOC_END NAME: sslproxy_cert_sign -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none POSTSCRIPTUM: signUntrusted ssl::certUntrusted POSTSCRIPTUM: signSelf ssl::certSelfSigned @@ -2571,7 +2571,7 @@ DOC_START DOC_END NAME: sslproxy_cert_adapt -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none TYPE: sslproxy_cert_adapt LOC: Config.ssl_client.cert_adapt @@ -2614,7 +2614,7 @@ DOC_START DOC_END NAME: sslpassword_program -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none LOC: Config.Program.ssl_password TYPE: string @@ -2679,7 +2679,7 @@ DOC_END NAME: sslcrtvalidator_program TYPE: eol -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none LOC: Ssl::TheConfig.ssl_crt_validator DOC_START @@ -2695,7 +2695,7 @@ DOC_END NAME: sslcrtvalidator_children TYPE: HelperChildConfig -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: 32 startup=5 idle=1 concurrency=1 LOC: Ssl::TheConfig.ssl_crt_validator_Children DOC_START diff --git a/src/cf_gen_defines b/src/cf_gen_defines index 2844928f44..7896b76a0b 100644 --- a/src/cf_gen_defines +++ b/src/cf_gen_defines @@ -25,7 +25,7 @@ BEGIN { define["USE_SQUID_ESI"]="--enable-esi" define["USE_SQUID_EUI"]="--enable-eui" define["USE_SSL_CRTD"]="--enable-ssl-crtd" - define["USE_SSL"]="--enable-ssl" + define["USE_OPENSSL"]="--with-openssl" define["USE_UNLINKD"]="--enable-unlinkd" define["USE_WCCP"]="--enable-wccp" define["USE_WCCPv2"]="--enable-wccpv2" diff --git a/src/client_side.cc b/src/client_side.cc index 4d44cf0b88..3975b748ca 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -135,7 +135,7 @@ #if USE_DELAY_POOLS #include "ClientInfo.h" #endif -#if USE_SSL +#if USE_OPENSSL #include "ssl/context_storage.h" #include "ssl/gadgets.h" #include "ssl/helper.h" @@ -191,7 +191,7 @@ CBDATA_CLASS_INIT(ClientSocketContext); static IOCB clientWriteComplete; static IOCB clientWriteBodyComplete; static IOACB httpAccept; -#if USE_SSL +#if USE_OPENSSL static IOACB httpsAccept; #endif static CTCB clientLifetimeTimeout; @@ -635,7 +635,7 @@ ClientHttpRequest::logRequest() if (getConn() != NULL && getConn()->clientConnection != NULL && getConn()->clientConnection->rfc931[0]) al->cache.rfc931 = getConn()->clientConnection->rfc931; -#if USE_SSL && 0 +#if USE_OPENSSL && 0 /* This is broken. Fails if the connection has been closed. Needs * to snarf the ssl details some place earlier.. @@ -882,7 +882,7 @@ ConnStateData::~ConnStateData() if (bodyPipe != NULL) stopProducingFor(bodyPipe, false); -#if USE_SSL +#if USE_OPENSSL delete sslServerBump; #endif } @@ -2512,7 +2512,7 @@ ConnStateData::quitAfterError(HttpRequest *request) debugs(33,4, HERE << "Will close after error: " << clientConnection); } -#if USE_SSL +#if USE_OPENSSL bool ConnStateData::serveDelayedError(ClientSocketContext *context) { ClientHttpRequest *http = context->http; @@ -2596,7 +2596,7 @@ bool ConnStateData::serveDelayedError(ClientSocketContext *context) return false; } -#endif // USE_SSL +#endif // USE_OPENSSL static void clientProcessRequest(ConnStateData *conn, HttpParser *hp, ClientSocketContext *context, const HttpRequestMethod& method, Http::ProtocolVersion http_ver) @@ -2814,7 +2814,7 @@ clientProcessRequest(ConnStateData *conn, HttpParser *hp, ClientSocketContext *c conn->flags.readMore = false; } -#if USE_SSL +#if USE_OPENSSL if (conn->switchedToHttps() && conn->serveDelayedError(context)) goto finish; #endif @@ -3262,7 +3262,7 @@ clientLifetimeTimeout(const CommTimeoutCbParams &io) ConnStateData::ConnStateData(const MasterXaction::Pointer &xact) : AsyncJob("ConnStateData"), -#if USE_SSL +#if USE_OPENSSL sslBumpMode(Ssl::bumpEnd), switchedToHttps_(false), sslServerBump(NULL), @@ -3406,7 +3406,7 @@ httpAccept(const CommAcceptCbParams ¶ms) #endif } -#if USE_SSL +#if USE_OPENSSL /** Create SSL connection structure and update fd_table */ static SSL * @@ -3996,7 +3996,7 @@ ConnStateData::httpsPeeked(Comm::ConnectionPointer serverConnection) getSslContextStart(); } -#endif /* USE_SSL */ +#endif /* USE_OPENSSL */ /// check FD after clientHttp[s]ConnectionOpened, adjust HttpSockets as needed static bool @@ -4039,7 +4039,7 @@ clientHttpConnectionsOpen(void) continue; } -#if USE_SSL +#if USE_OPENSSL if (s->flags.tunnelSslBumping && !Config.accessList.ssl_bump) { debugs(33, DBG_IMPORTANT, "WARNING: No ssl_bump configured. Disabling ssl-bump on " << AnyP::UriScheme(s->transport.protocol) << "_port " << s->s); s->flags.tunnelSslBumping = false; @@ -4077,7 +4077,7 @@ clientHttpConnectionsOpen(void) } } -#if USE_SSL +#if USE_OPENSSL static void clientHttpsConnectionsOpen(void) { @@ -4161,7 +4161,7 @@ void clientOpenListenSockets(void) { clientHttpConnectionsOpen(); -#if USE_SSL +#if USE_OPENSSL clientHttpsConnectionsOpen(); #endif @@ -4180,7 +4180,7 @@ clientHttpConnectionsClose(void) } } -#if USE_SSL +#if USE_OPENSSL for (AnyP::PortCfg *s = Config.Sockaddr.https; s; s = s->next) { if (s->listenConn != NULL) { debugs(1, DBG_IMPORTANT, "Closing HTTPS port " << s->listenConn->local); diff --git a/src/client_side.h b/src/client_side.h index 5429525f07..7ec69f182b 100644 --- a/src/client_side.h +++ b/src/client_side.h @@ -40,7 +40,7 @@ #if USE_AUTH #include "auth/UserRequest.h" #endif -#if USE_SSL +#if USE_OPENSSL #include "ssl/support.h" #endif @@ -162,7 +162,7 @@ private: }; class ConnectionDetail; -#if USE_SSL +#if USE_OPENSSL namespace Ssl { class ServerBump; @@ -334,7 +334,7 @@ public: /// The caller assumes responsibility for connection closure detection. void stopPinnedConnectionMonitoring(); -#if USE_SSL +#if USE_OPENSSL /// called by FwdState when it is done bumping the server void httpsPeeked(Comm::ConnectionPointer serverConnection); @@ -399,7 +399,7 @@ private: // XXX: CBDATA plays with public/private and leaves the following 'private' fields all public... :( -#if USE_SSL +#if USE_OPENSSL bool switchedToHttps_; /// The SSL server host name appears in CONNECT request or the server ip address for the intercepted requests String sslConnectHostOrIp; ///< The SSL server host name as passed in the CONNECT request diff --git a/src/client_side_request.cc b/src/client_side_request.cc index b2f2beb8f2..48400d7bb6 100644 --- a/src/client_side_request.cc +++ b/src/client_side_request.cc @@ -88,7 +88,7 @@ #include "adaptation/icap/History.h" #endif #endif -#if USE_SSL +#if USE_OPENSSL #include "ssl/ServerBump.h" #include "ssl/support.h" #endif @@ -110,7 +110,7 @@ CBDATA_CLASS_INIT(ClientRequestContext); /* Local functions */ /* other */ static void clientAccessCheckDoneWrapper(allow_t, void *); -#if USE_SSL +#if USE_OPENSSL static void sslBumpAccessCheckDoneWrapper(allow_t, void *); #endif static int clientHierarchical(ClientHttpRequest * http); @@ -146,7 +146,7 @@ ClientRequestContext::ClientRequestContext(ClientHttpRequest *anHttp) : http(cbd store_id_fail_count = 0; no_cache_done = false; interpreted_req_hdrs = false; -#if USE_SSL +#if USE_OPENSSL sslBumpCheckDone = false; #endif debugs(85,3, HERE << this << " ClientRequestContext constructed"); @@ -167,7 +167,7 @@ ClientHttpRequest::ClientHttpRequest(ConnStateData * aConn) : al->cache.port = cbdataReference(aConn->port); al->cache.caddr = aConn->log_addr; -#if USE_SSL +#if USE_OPENSSL if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) { if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl) al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl)); @@ -177,7 +177,7 @@ ClientHttpRequest::ClientHttpRequest(ConnStateData * aConn) : #if USE_ADAPTATION request_satisfaction_mode = false; #endif -#if USE_SSL +#if USE_OPENSSL sslBumpNeed_ = Ssl::bumpEnd; #endif } @@ -855,7 +855,7 @@ ClientHttpRequest::noteAdaptationAclCheckDone(Adaptation::ServiceGroupPointer g) if (ih != NULL) { if (getConn() != NULL && getConn()->clientConnection != NULL) { ih->rfc931 = getConn()->clientConnection->rfc931; -#if USE_SSL +#if USE_OPENSSL if (getConn()->clientConnection->isOpen()) { ih->ssluser = sslGetUserEmail(fd_table[getConn()->clientConnection->fd].ssl); } @@ -1438,7 +1438,7 @@ ClientRequestContext::checkNoCacheDone(const allow_t &answer) http->doCallouts(); } -#if USE_SSL +#if USE_OPENSSL bool ClientRequestContext::sslBumpAccessCheck() { @@ -1519,7 +1519,7 @@ ClientHttpRequest::processRequest() debugs(85, 4, "clientProcessRequest: " << RequestMethodStr(request->method) << " '" << uri << "'"); if (request->method == Http::METHOD_CONNECT && !redirect.status) { -#if USE_SSL +#if USE_OPENSSL if (sslBumpNeeded()) { sslBumpStart(); return; @@ -1549,7 +1549,7 @@ ClientHttpRequest::httpStart() PROF_stop(httpStart); } -#if USE_SSL +#if USE_OPENSSL void ClientHttpRequest::sslBumpNeed(Ssl::BumpMode mode) @@ -1789,7 +1789,7 @@ ClientHttpRequest::doCallouts() } } -#if USE_SSL +#if USE_OPENSSL // We need to check for SslBump even if the calloutContext->error is set // because bumping may require delaying the error until after CONNECT. if (!calloutContext->sslBumpCheckDone) { @@ -1803,7 +1803,7 @@ ClientHttpRequest::doCallouts() if (calloutContext->error) { const char *storeUri = request->storeId(); StoreEntry *e= storeCreateEntry(storeUri, storeUri, request->flags, request->method); -#if USE_SSL +#if USE_OPENSSL if (sslBumpNeeded()) { // set final error but delay sending until we bump Ssl::ServerBump *srvBump = new Ssl::ServerBump(request, e); diff --git a/src/client_side_request.h b/src/client_side_request.h index e34a2c76ca..3d6e2b1cd2 100644 --- a/src/client_side_request.h +++ b/src/client_side_request.h @@ -142,7 +142,7 @@ private: StoreEntry *loggingEntry_; ConnStateData * conn_; -#if USE_SSL +#if USE_OPENSSL /// whether (and how) the request needs to be bumped Ssl::BumpMode sslBumpNeed_; diff --git a/src/comm.cc b/src/comm.cc index 34bbd91d53..ae1498bccd 100644 --- a/src/comm.cc +++ b/src/comm.cc @@ -60,7 +60,7 @@ #include "StoreIOBuffer.h" #include "tools.h" -#if USE_SSL +#if USE_OPENSSL #include "ssl/support.h" #endif @@ -1009,7 +1009,7 @@ commLingerTimeout(const FdeCbParams ¶ms) void comm_lingering_close(int fd) { -#if USE_SSL +#if USE_OPENSSL if (fd_table[fd].ssl) ssl_shutdown_method(fd_table[fd].ssl); #endif @@ -1068,7 +1068,7 @@ old_comm_reset_close(int fd) comm_close(fd); } -#if USE_SSL +#if USE_OPENSSL void commStartSslClose(const FdeCbParams ¶ms) { @@ -1080,7 +1080,7 @@ commStartSslClose(const FdeCbParams ¶ms) void comm_close_complete(const FdeCbParams ¶ms) { -#if USE_SSL +#if USE_OPENSSL fde *F = &fd_table[params.fd]; if (F->ssl) { @@ -1143,7 +1143,7 @@ _comm_close(int fd, char const *file, int line) F->flags.close_request = true; -#if USE_SSL +#if USE_OPENSSL if (F->ssl) { AsyncCall::Pointer startCall=commCbCall(5,4, "commStartSslClose", FdeCbPtrFun(commStartSslClose, NULL)); diff --git a/src/errorpage.cc b/src/errorpage.cc index c93ffd9d0d..1630f9e8fa 100644 --- a/src/errorpage.cc +++ b/src/errorpage.cc @@ -54,7 +54,7 @@ #include "auth/UserRequest.h" #endif #include "SquidTime.h" -#if USE_SSL +#if USE_OPENSSL #include "ssl/ErrorDetailManager.h" #endif @@ -228,7 +228,7 @@ errorInitialize(void) error_stylesheet.Printf("%s",tmpl.text()); } -#if USE_SSL +#if USE_OPENSSL Ssl::errorDetailInitialize(); #endif } @@ -252,7 +252,7 @@ errorClean(void) error_page_count = 0; -#if USE_SSL +#if USE_OPENSSL Ssl::errorDetailClean(); #endif } @@ -588,7 +588,7 @@ ErrorState::ErrorState(err_type t, Http::StatusCode status, HttpRequest * req) : callback_data(NULL), request_hdrs(NULL), err_msg(NULL), -#if USE_SSL +#if USE_OPENSSL detail(NULL), #endif detailCode(ERR_DETAIL_NONE) @@ -708,7 +708,7 @@ ErrorState::~ErrorState() if (err_language != Config.errorDefaultLanguage) #endif safe_free(err_language); -#if USE_SSL +#if USE_OPENSSL delete detail; #endif } @@ -833,7 +833,7 @@ ErrorState::Convert(char token, bool building_deny_info_url, bool allowRecursion case 'D': if (!allowRecursion) p = "%D"; // if recursion is not allowed, do not convert -#if USE_SSL +#if USE_OPENSSL // currently only SSL error details implemented else if (detail) { detail->useRequest(request); @@ -1071,7 +1071,7 @@ ErrorState::Convert(char token, bool building_deny_info_url, bool allowRecursion break; case 'x': -#if USE_SSL +#if USE_OPENSSL if (detail) mb.Printf("%s", detail->errorName()); else @@ -1222,7 +1222,7 @@ ErrorState::BuildHttpReply() // error tracking. if (request) { int edc = ERR_DETAIL_NONE; // error detail code -#if USE_SSL +#if USE_OPENSSL if (detail) edc = detail->errorNo(); else diff --git a/src/errorpage.h b/src/errorpage.h index 1c04b99c54..695a65c466 100644 --- a/src/errorpage.h +++ b/src/errorpage.h @@ -43,7 +43,7 @@ #include "SquidString.h" /* auth/UserRequest.h is empty unless USE_AUTH is defined */ #include "auth/UserRequest.h" -#if USE_SSL +#if USE_OPENSSL #include "ssl/ErrorDetail.h" #endif @@ -180,7 +180,7 @@ public: char *request_hdrs; char *err_msg; /* Preformatted error message from the cache */ -#if USE_SSL +#if USE_OPENSSL Ssl::ErrorDetail *detail; #endif /// type-specific detail about the transaction error; diff --git a/src/external_acl.cc b/src/external_acl.cc index 95e8a73f9f..02ccc26320 100644 --- a/src/external_acl.cc +++ b/src/external_acl.cc @@ -63,7 +63,7 @@ #include "tools.h" #include "URL.h" #include "wordlist.h" -#if USE_SSL +#if USE_OPENSSL #include "ssl/support.h" #endif #if USE_AUTH @@ -183,7 +183,7 @@ struct _external_acl_format { EXT_ACL_HEADER_REPLY_ID, EXT_ACL_HEADER_REPLY_ID_MEMBER, -#if USE_SSL +#if USE_OPENSSL EXT_ACL_USER_CERT, EXT_ACL_USER_CA_CERT, EXT_ACL_USER_CERT_RAW, @@ -468,7 +468,7 @@ parse_externalAclHelper(external_acl ** list) format->type = _external_acl_format::EXT_ACL_PATH; else if (strcmp(token, "%METHOD") == 0 || strcmp(token, "%>rm") == 0) format->type = _external_acl_format::EXT_ACL_METHOD; -#if USE_SSL +#if USE_OPENSSL else if (strcmp(token, "%USER_CERT") == 0) format->type = _external_acl_format::EXT_ACL_USER_CERT_RAW; else if (strcmp(token, "%USER_CERTCHAIN") == 0) @@ -623,7 +623,7 @@ dump_externalAclHelper(StoreEntry * sentry, const char *name, const external_acl DUMP_EXT_ACL_TYPE(PORT); DUMP_EXT_ACL_TYPE(PATH); DUMP_EXT_ACL_TYPE(METHOD); -#if USE_SSL +#if USE_OPENSSL DUMP_EXT_ACL_TYPE_FMT(USER_CERT_RAW, " %%USER_CERT_RAW"); DUMP_EXT_ACL_TYPE_FMT(USER_CERTCHAIN_RAW, " %%USER_CERTCHAIN_RAW"); DUMP_EXT_ACL_TYPE_FMT(USER_CERT, " %%USER_CERT_%s", format->header); @@ -1111,7 +1111,7 @@ makeExternalAclKey(ACLFilledChecklist * ch, external_acl_data * acl_data) str = sb.termedBuf(); } break; -#if USE_SSL +#if USE_OPENSSL case _external_acl_format::EXT_ACL_USER_CERT_RAW: diff --git a/src/fde.h b/src/fde.h index b604c22d12..08ad8604f8 100644 --- a/src/fde.h +++ b/src/fde.h @@ -34,7 +34,7 @@ #include "defines.h" #include "ip/Address.h" -#if USE_SSL +#if HAVE_OPENSSL_SSL_H #include #endif @@ -132,7 +132,7 @@ public: CommWriteStateData *wstate; /* State data for comm_write */ READ_HANDLER *read_method; WRITE_HANDLER *write_method; -#if USE_SSL +#if USE_OPENSSL SSL *ssl; SSL_CTX *dynamicSslContext; ///< cached and then freed when fd is closed #endif @@ -185,7 +185,7 @@ private: wstate = NULL; read_method = NULL; write_method = NULL; -#if USE_SSL +#if USE_OPENSSL ssl = NULL; dynamicSslContext = NULL; #endif diff --git a/src/format/ByteCode.h b/src/format/ByteCode.h index 93082f0968..66f6645a65 100644 --- a/src/format/ByteCode.h +++ b/src/format/ByteCode.h @@ -196,7 +196,7 @@ typedef enum { #endif LFT_CREDENTIALS, -#if USE_SSL +#if USE_OPENSSL LFT_SSL_BUMP_MODE, LFT_SSL_USER_CERT_SUBJECT, LFT_SSL_USER_CERT_ISSUER, diff --git a/src/format/Format.cc b/src/format/Format.cc index b90f597e33..bc85d32179 100644 --- a/src/format/Format.cc +++ b/src/format/Format.cc @@ -15,7 +15,7 @@ #include "SquidTime.h" #include "Store.h" #include "URL.h" -#if USE_SSL +#if USE_OPENSSL #include "ssl/ErrorDetail.h" #endif @@ -801,7 +801,7 @@ Format::Format::assemble(MemBuf &mb, const AccessLogEntry::Pointer &al, int logS #endif if (!out) out = strOrNull(al->cache.extuser); -#if USE_SSL +#if USE_OPENSSL if (!out) out = strOrNull(al->cache.ssluser); #endif @@ -877,7 +877,7 @@ Format::Format::assemble(MemBuf &mb, const AccessLogEntry::Pointer &al, int logS break; case LFT_SQUID_ERROR_DETAIL: -#if USE_SSL +#if USE_OPENSSL if (al->request && al->request->errType == ERR_SECURE_CONNECT_FAIL) { if (! (out = Ssl::GetErrorName(al->request->errDetail))) { snprintf(tmp, sizeof(tmp), "SSL_ERR=%d", al->request->errDetail); @@ -1063,7 +1063,7 @@ Format::Format::assemble(MemBuf &mb, const AccessLogEntry::Pointer &al, int logS dooff = 1; break; -#if USE_SSL +#if USE_OPENSSL case LFT_SSL_BUMP_MODE: { const Ssl::BumpMode mode = static_cast(al->ssl.bumpMode); // for Ssl::bumpEnd, Ssl::bumpMode() returns NULL and we log '-' diff --git a/src/format/Token.cc b/src/format/Token.cc index 72c90dbeae..8799769a45 100644 --- a/src/format/Token.cc +++ b/src/format/Token.cc @@ -169,7 +169,7 @@ static TokenTableEntry TokenTableIcap[] = { }; #endif -#if USE_SSL +#if USE_OPENSSL // SSL (ssl::) tokens static TokenTableEntry TokenTableSsl[] = { {"bump_mode", LFT_SSL_BUMP_MODE}, @@ -193,7 +193,7 @@ Format::Token::Init() #if ICAP_CLIENT TheConfig.registerTokens(String("icap"),::Format::TokenTableIcap); #endif -#if USE_SSL +#if USE_OPENSSL TheConfig.registerTokens(String("ssl"),::Format::TokenTableSsl); #endif } diff --git a/src/log/FormatSquidIcap.cc b/src/log/FormatSquidIcap.cc index c9797b7732..ad6746c352 100644 --- a/src/log/FormatSquidIcap.cc +++ b/src/log/FormatSquidIcap.cc @@ -67,7 +67,7 @@ Log::Format::SquidIcap(const AccessLogEntry::Pointer &al, Logfile * logfile) if (!user) user = ::Format::QuoteUrlEncodeUsername(al->cache.extuser); -#if USE_SSL +#if USE_OPENSSL if (!user) user = ::Format::QuoteUrlEncodeUsername(al->cache.ssluser); #endif diff --git a/src/log/FormatSquidNative.cc b/src/log/FormatSquidNative.cc index 6cc0dbaf52..6d154811a5 100644 --- a/src/log/FormatSquidNative.cc +++ b/src/log/FormatSquidNative.cc @@ -56,7 +56,7 @@ Log::Format::SquidNative(const AccessLogEntry::Pointer &al, Logfile * logfile) if (!user) user = ::Format::QuoteUrlEncodeUsername(al->cache.extuser); -#if USE_SSL +#if USE_OPENSSL if (!user) user = ::Format::QuoteUrlEncodeUsername(al->cache.ssluser); #endif diff --git a/src/main.cc b/src/main.cc index 851bb43537..59d24b8a62 100644 --- a/src/main.cc +++ b/src/main.cc @@ -122,7 +122,7 @@ #if USE_SSL_CRTD #include "ssl/certificate_db.h" #endif -#if USE_SSL +#if USE_OPENSSL #include "ssl/context_storage.h" #include "ssl/helper.h" #endif @@ -750,7 +750,7 @@ mainReconfigureStart(void) #if USE_SSL_CRTD Ssl::Helper::GetInstance()->Shutdown(); #endif -#if USE_SSL +#if USE_OPENSSL if (Ssl::CertValidationHelper::GetInstance()) Ssl::CertValidationHelper::GetInstance()->Shutdown(); Ssl::TheGlobalContextStorage.reconfigureStart(); @@ -837,7 +837,7 @@ mainReconfigureFinish(void *) #if USE_SSL_CRTD Ssl::Helper::GetInstance()->Init(); #endif -#if USE_SSL +#if USE_OPENSSL if (Ssl::CertValidationHelper::GetInstance()) Ssl::CertValidationHelper::GetInstance()->Init(); #endif @@ -1042,7 +1042,7 @@ mainInitialize(void) Ssl::Helper::GetInstance()->Init(); #endif -#if USE_SSL +#if USE_OPENSSL if (!configured_once) Ssl::initialize_session_cache(); @@ -1831,7 +1831,7 @@ SquidShutdown() #if USE_SSL_CRTD Ssl::Helper::GetInstance()->Shutdown(); #endif -#if USE_SSL +#if USE_OPENSSL if (Ssl::CertValidationHelper::GetInstance()) Ssl::CertValidationHelper::GetInstance()->Shutdown(); #endif diff --git a/src/redirect.cc b/src/redirect.cc index 671503ee70..1b2f698ce3 100644 --- a/src/redirect.cc +++ b/src/redirect.cc @@ -49,7 +49,7 @@ #if USE_AUTH #include "auth/UserRequest.h" #endif -#if USE_SSL +#if USE_OPENSSL #include "ssl/support.h" #endif diff --git a/src/ssl/ProxyCerts.h b/src/ssl/ProxyCerts.h index a12c8ccb2d..88790fc737 100644 --- a/src/ssl/ProxyCerts.h +++ b/src/ssl/ProxyCerts.h @@ -29,7 +29,7 @@ * */ -#if USE_SSL +#if USE_OPENSSL #include "acl/forward.h" class sslproxy_cert_sign diff --git a/src/ssl/context_storage.cc b/src/ssl/context_storage.cc index 020daf7d44..f0cb0005a8 100644 --- a/src/ssl/context_storage.cc +++ b/src/ssl/context_storage.cc @@ -5,7 +5,7 @@ #include "StoreEntryStream.h" #include -#if USE_SSL +#if HAVE_OPENSSL_SSL_H #include #endif diff --git a/src/ssl/context_storage.h b/src/ssl/context_storage.h index 0ab77378c7..dd0f668a81 100644 --- a/src/ssl/context_storage.h +++ b/src/ssl/context_storage.h @@ -1,7 +1,7 @@ #ifndef SQUID_SSL_CONTEXT_STORAGE_H #define SQUID_SSL_CONTEXT_STORAGE_H -#if USE_SSL +#if USE_OPENSSL #include "base/LruMap.h" #include "CacheManager.h" @@ -13,7 +13,9 @@ #include #include +#if HAVE_OPENSSL_SSL_H #include +#endif /// TODO: Replace on real size. #define SSL_CTX_SIZE 1024 @@ -65,6 +67,6 @@ private: /// Global cache for store all SSL server certificates. extern GlobalContextStorage TheGlobalContextStorage; } //namespace Ssl -#endif // USE_SSL +#endif // USE_OPENSSL #endif // SQUID_SSL_CONTEXT_STORAGE_H diff --git a/src/ssl/gadgets.cc b/src/ssl/gadgets.cc index c6f8d253a5..bd88e7062e 100644 --- a/src/ssl/gadgets.cc +++ b/src/ssl/gadgets.cc @@ -1,5 +1,6 @@ #include "squid.h" #include "ssl/gadgets.h" + #if HAVE_OPENSSL_X509V3_H #include #endif diff --git a/src/ssl/support.cc b/src/ssl/support.cc index 2923ea13df..f944bf0c4e 100644 --- a/src/ssl/support.cc +++ b/src/ssl/support.cc @@ -36,7 +36,7 @@ /* MS Visual Studio Projects are monolithic, so we need the following * #if to exclude the SSL code from compile process when not needed. */ -#if USE_SSL +#if USE_OPENSSL #include "acl/FilledChecklist.h" #include "anyp/PortCfg.h" @@ -1874,4 +1874,4 @@ SharedSessionCacheRr::~SharedSessionCacheRr() delete owner; } -#endif /* USE_SSL */ +#endif /* USE_OPENSSL */ diff --git a/src/stat.cc b/src/stat.cc index e3504bf935..0e66be8fd4 100644 --- a/src/stat.cc +++ b/src/stat.cc @@ -70,7 +70,7 @@ #if USE_DELAY_POOLS #include "DelayId.h" #endif -#if USE_SSL +#if USE_OPENSSL #include "ssl/support.h" #endif @@ -1913,7 +1913,7 @@ statClientRequests(StoreEntry * s) if (!p && conn != NULL && conn->clientConnection->rfc931[0]) p = conn->clientConnection->rfc931; -#if USE_SSL +#if USE_OPENSSL if (!p && conn != NULL && Comm::IsConnOpen(conn->clientConnection)) p = sslGetUserEmail(fd_table[conn->clientConnection->fd].ssl); diff --git a/src/tests/stub_client_side.cc b/src/tests/stub_client_side.cc index d1f9ab1a3a..d1a4fc94e9 100644 --- a/src/tests/stub_client_side.cc +++ b/src/tests/stub_client_side.cc @@ -62,7 +62,7 @@ void ConnStateData::connStateClosed(const CommCloseCbParams &io) STUB void ConnStateData::requestTimeout(const CommTimeoutCbParams ¶ms) STUB void ConnStateData::swanSong() STUB void ConnStateData::quitAfterError(HttpRequest *request) STUB -#if USE_SSL +#if USE_OPENSSL void ConnStateData::httpsPeeked(Comm::ConnectionPointer serverConnection) STUB void ConnStateData::getSslContextStart() STUB void ConnStateData::getSslContextDone(SSL_CTX * sslContext, bool isNew) STUB diff --git a/src/tests/stub_libsslsquid.cc b/src/tests/stub_libsslsquid.cc index d1eb5f83f1..6a3adc387f 100644 --- a/src/tests/stub_libsslsquid.cc +++ b/src/tests/stub_libsslsquid.cc @@ -1,6 +1,6 @@ #include "squid.h" -#if USE_SSL +#if USE_OPENSSL #include "fatal.h" diff --git a/src/tools.cc b/src/tools.cc index f4344dd3ed..19a61365cd 100644 --- a/src/tools.cc +++ b/src/tools.cc @@ -482,7 +482,7 @@ getMyHostname(void) if (Config.Sockaddr.http && sa.isAnyAddr()) sa = Config.Sockaddr.http->s; -#if USE_SSL +#if USE_OPENSSL if (Config.Sockaddr.https && sa.isAnyAddr()) sa = Config.Sockaddr.https->s; @@ -1142,7 +1142,7 @@ getMyPort(void) return p->s.port(); } -#if USE_SSL +#if USE_OPENSSL if ((p = Config.Sockaddr.https)) { // skip any special interception ports while (p && p->flags.isIntercepted()) diff --git a/src/url.cc b/src/url.cc index 0268467f8e..d375606f07 100644 --- a/src/url.cc +++ b/src/url.cc @@ -858,7 +858,7 @@ urlCheckRequest(const HttpRequest * r) break; case AnyP::PROTO_HTTPS: -#if USE_SSL +#if USE_OPENSSL rc = 1;