git.ipfire.org Git - thirdparty/squid.git/commit

author	Amos Jeffries <amosjeffries@squid-cache.org>
	Sat, 29 Dec 2018 23:58:49 +0000 (12:58 +1300)
committer	Amos Jeffries <yadij@users.noreply.github.com>
	Fri, 24 May 2019 11:27:14 +0000 (23:27 +1200)
commit	60fcfadfa5bb84d08fe70775173993ce9b7d2c00
tree	25e207595be01643c9f5848e4dd4791c5725db31	tree
parent	5dc9fd648e532b622a3d80cbcd6d11f25720753a	commit \| diff

Move session tls-options= assignment out of CreateSession() function

The original implementation utilized OpenSSL inheritence of
library-specific options from SSL_CTX* to SSL* structures.
This does not work with GnuTLS which requires setting the
options on each session object.

The workaround of looking up the session options inside CreateSession()
was only looking for client connection details. Which is broken when
creating server sessions.

* Extend Security::CreateSession() to take a PeerOptions reference
  containing the specific config details to associate with the new
  session (if any).

* Move selection of CachePeer vs tls_outgoing_* options
  out to Security::CreateClientSession().

* Pass the Any::PortCfg::secure details into the
  Security::CreateServerSession().

src/client_side.cc		diff \| blob \| blame \| history
src/security/PeerOptions.cc		diff \| blob \| blame \| history
src/security/PeerOptions.h		diff \| blob \| blame \| history
src/security/Session.cc		diff \| blob \| blame \| history
src/security/Session.h		diff \| blob \| blame \| history
src/tests/stub_libsecurity.cc		diff \| blob \| blame \| history