Cleanup: pass PeerOptions to sslCreateClientContext()

... to reduce context creation code and simplify upcoming libsecurity
migration steps.

diff --git a/src/security/PeerOptions.cc b/src/security/PeerOptions.cc
index 0d3b51e2c9aa752c64cd1149fe5fdb71fb5db4c5..b87cea1671b3f6f6d1724ddd4e9b7534324a1d8f 100644 (file)
--- a/src/security/PeerOptions.cc
+++ b/src/security/PeerOptions.cc
@@ -233,7 +233,7 @@ Security::PeerOptions::createClientContext(bool setOptions)
 
 #if USE_OPENSSL
     // XXX: temporary performance regression. c_str() data copies and prevents this being a const method
-    t = sslCreateClientContext(certFile.c_str(), privateKeyFile.c_str(), sslCipher.c_str(),
+    t = sslCreateClientContext(*this, certFile.c_str(), privateKeyFile.c_str(), sslCipher.c_str(),
                                (setOptions ? parsedOptions : 0), parsedFlags);
 
 #elif USE_GNUTLS && WHEN_READY_FOR_GNUTLS

diff --git a/src/ssl/support.cc b/src/ssl/support.cc
index e1cd25dc61ba0cdfed843c3c0c3e1159564a53b4..cd3ff24c6b3b2c4661c24808c3bf360e58a31591 100644 (file)
--- a/src/ssl/support.cc
+++ b/src/ssl/support.cc
@@ -631,21 +631,11 @@ ssl_next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsi
 #endif
 
 Security::ContextPtr
-sslCreateClientContext(const char *certfile, const char *keyfile, const char *cipher, long options, long fl)
+sslCreateClientContext(Security::PeerOptions &peer, const char *certfile, const char *keyfile, const char *cipher, long options, long fl)
 {
-    Ssl::Initialize();
-
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
-    Security::ContextPtr sslContext(SSL_CTX_new(TLS_client_method()));
-#else
-    Security::ContextPtr sslContext(SSL_CTX_new(SSLv23_client_method()));
-#endif
-
-    if (sslContext == NULL) {
-        const int ssl_error = ERR_get_error();
-        fatalf("Failed to allocate SSL context: %s\n",
-               ERR_error_string(ssl_error, NULL));
-    }
+    Security::ContextPtr sslContext(peer.createBlankContext());
+    if (!sslContext)
+        return nullptr;
 
     SSL_CTX_set_options(sslContext, options);
 

diff --git a/src/ssl/support.h b/src/ssl/support.h
index 530a78ccf6aadae24c3fb6253a405dd13ae54a6d..bb4a37e7c9d3e6168d4acc7867e32cd1f8f7d130 100644 (file)
--- a/src/ssl/support.h
+++ b/src/ssl/support.h
@@ -96,7 +96,7 @@ typedef CbDataList<Ssl::CertError> CertErrors;
 Security::ContextPtr sslCreateServerContext(AnyP::PortCfg &port);
 
 /// \ingroup ServerProtocolSSLAPI
-Security::ContextPtr sslCreateClientContext(const char *certfile, const char *keyfile, const char *cipher, long options, long flags);
+Security::ContextPtr sslCreateClientContext(Security::PeerOptions &, const char *certfile, const char *keyfile, const char *cipher, long options, long flags);
 
 /// \ingroup ServerProtocolSSLAPI
 int ssl_read_method(int, char *, int);

diff --git a/src/tests/stub_libsslsquid.cc b/src/tests/stub_libsslsquid.cc
index bdc408f3f02df53e87bf01519b622c33e0ec27fe..68291c35b5883d8da3f42ed1a6725bd40e9abe15 100644 (file)
--- a/src/tests/stub_libsslsquid.cc
+++ b/src/tests/stub_libsslsquid.cc
@@ -57,7 +57,7 @@ bool CertError::operator == (const CertError &ce) const STUB_RETVAL(false)
 bool CertError::operator != (const CertError &ce) const STUB_RETVAL(false)
 } // namespace Ssl
 Security::ContextPtr sslCreateServerContext(AnyP::PortCfg &port) STUB_RETVAL(NULL)
-Security::ContextPtr sslCreateClientContext(const char *certfile, const char *keyfile, const char *cipher, long options, const char *flags) STUB_RETVAL(NULL)
+Security::ContextPtr sslCreateClientContext(Security::PeerOptions &, const char *, const char *, const char *, long, const char *) STUB_RETVAL(nullptr)
 int ssl_read_method(int, char *, int) STUB_RETVAL(0)
 int ssl_write_method(int, const char *, int) STUB_RETVAL(0)
 void ssl_shutdown_method(SSL *ssl) STUB