From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 10 Jul 2015 13:03:18 +0000 (-0700)
Subject: Crypto-NG: Use Security::PeerOptions for listening port TLS settings
X-Git-Tag: merge-candidate-3-v1~38^2~21
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=eaba9273ca0d18a75d12c1055b7ed12b8eb2e3df;p=thirdparty%2Fsquid.git

Crypto-NG: Use Security::PeerOptions for listening port TLS settings

The bulk of this patch is symbol shuffling to de-duplicate the TLS
settings storage and parsing code.

* Shuffle relevant AnyP::PortCfg settings into a Security::PeerOptions
  member object.
 - removes a lot of duplicate config parsing code.

* Remove the now obsolete and unused Ssl::OpenSSLtoSquidSSLVersion()


The actual logic changes are relatively small:

* Shuffle flags= and options= parsing code from Ssl:: to
  Security::PeerOptions and update to use Tokenizer,
 - fixes performance regression using c_str() on the stored SBuf,
 - fixes performance issue with xstrdup() for option tokens,
 - removes several calls to c-string manipulation.

* Add cachemgr 'config' report dumper of Security::PeerOptions for use
  by all directives using it to dump tls-* parameter names. The old
  parameter names are still accepted, and deprecation will follow in a
  separate patch.
 - fixes bug where cache_peer was not dumping out its SSL/TLS config
  settings at all.

* Change the tls_outgoing_options default value from "disable" to setting
  TLS/1.0 minimum version.
  - fixes squid.conf parsing error on default value "disable".

* Fix tls-min-version=1.N handling not to alter stored options= config
  string. Now updates the binary representation in parsedOptions directly.

* Expose the TLS context creation and configuration to non-OpenSSL builds.
 - fixes bug where context creation by OpenSSL failed silently.
---

eaba9273ca0d18a75d12c1055b7ed12b8eb2e3df