serverCertificateHandled = true;
- csd->resetSslCommonName(Ssl::CommonHostName(serverCert.get()));
- debugs(83, 5, "HTTPS server CN: " << csd->sslCommonName() <<
- " bumped: " << *serverConnection());
-
// remember the server certificate for later use
if (Ssl::ServerBump *serverBump = csd->serverBump()) {
serverBump->serverCert.reset(serverCert.release());
}
}
+void
+Ssl::PeerConnector::serverCertificateVerified()
+{
+ if (ConnStateData *csd = request->clientConnectionManager.valid()) {
+ Ssl::X509_Pointer serverCert;
+ if(Ssl::ServerBump *serverBump = csd->serverBump())
+ serverCert.resetAndLock(serverBump->serverCert.get());
+ else {
+ const int fd = serverConnection()->fd;
+ SSL *ssl = fd_table[fd].ssl;
+ serverCert.reset(SSL_get_peer_certificate(ssl));
+ }
+ if (serverCert.get()) {
+ csd->resetSslCommonName(Ssl::CommonHostName(serverCert.get()));
+ debugs(83, 5, "HTTPS server CN: " << csd->sslCommonName() <<
+ " bumped: " << *serverConnection());
+ }
+ }
+}
+
bool
Ssl::PeerConnector::sslFinalized()
{
return true;
}
}
+
+ serverCertificateVerified();
return true;
}
validatorFailed = true;
if (!errDetails && !validatorFailed) {
+ serverCertificateVerified();
if (splice)
switchToTunnel(request.getRaw(), clientConn, serverConn);
else
/// if the server certificate was received from the server.
void handleServerCertificate();
+ /// Runs after the server certificate verified to update client
+ /// connection manager members
+ void serverCertificateVerified();
+
/// Callback function called when squid receive message from cert validator helper
static void sslCrtvdHandleReplyWrapper(void *data, Ssl::CertValidationResponse const &);
projects / thirdparty / squid.git / commitdiff
