#include "base/Packable.h"
#include "globals.h"
#include "security/ServerOptions.h"
+#if USE_OPENSSL
+#include "ssl/support.h"
+#endif
#if HAVE_OPENSSL_ERR_H
#include <openssl/err.h>
Security::ContextPtr t = nullptr;
#if USE_OPENSSL
+ Ssl::Initialize();
+
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
t = SSL_CTX_new(TLS_server_method());
#else
delete buf;
}
-/// \ingroup ServerProtocolSSLInternal
-static void
-ssl_initialize(void)
+void
+Ssl::Initialize(void)
{
static bool initialized = false;
if (initialized)
SSLeay_add_ssl_algorithms();
#if HAVE_OPENSSL_ENGINE_H
- if (Config.SSL.ssl_engine) {
+ if (::Config.SSL.ssl_engine) {
ENGINE *e;
- if (!(e = ENGINE_by_id(Config.SSL.ssl_engine)))
- fatalf("Unable to find SSL engine '%s'\n", Config.SSL.ssl_engine);
+ if (!(e = ENGINE_by_id(::Config.SSL.ssl_engine)))
+ fatalf("Unable to find SSL engine '%s'\n", ::Config.SSL.ssl_engine);
if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
const int ssl_error = ERR_get_error();
}
}
#else
- if (Config.SSL.ssl_engine)
+ if (::Config.SSL.ssl_engine)
fatalf("Your OpenSSL has no SSL engine support\n");
#endif
- const char *defName = Config.SSL.certSignHash ? Config.SSL.certSignHash : SQUID_SSL_SIGN_HASH_IF_NONE;
+ const char *defName = ::Config.SSL.certSignHash ? ::Config.SSL.certSignHash : SQUID_SSL_SIGN_HASH_IF_NONE;
Ssl::DefaultSignHash = EVP_get_digestbyname(defName);
if (!Ssl::DefaultSignHash)
fatalf("Sign hash '%s' is not supported\n", defName);
Security::ContextPtr
sslCreateServerContext(AnyP::PortCfg &port)
{
- ssl_initialize();
-
Security::ContextPtr sslContext(port.secure.createBlankContext());
if (!sslContext)
return nullptr;
Security::ContextPtr
sslCreateClientContext(const char *certfile, const char *keyfile, const char *cipher, long options, long fl)
{
- ssl_initialize();
+ Ssl::Initialize();
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
Security::ContextPtr sslContext(SSL_CTX_new(TLS_client_method()));
projects / thirdparty / squid.git / commitdiff
