Polish the code and other minor fixes

 - Remove unsued members in Ssl::Bio::Features
 - Use the new Raw class instead of the objToString local function in bio.cc
 - Fix C++ comments
 - Other minor fixes

diff --git a/src/Downloader.cc b/src/Downloader.cc
index 34bdfc7522f1d0e95d0aa82b32209131a59b73ab..5584dd84f7e6df4f11b1f0c6896748f8812b2245 100644 (file)
--- a/src/Downloader.cc
+++ b/src/Downloader.cc
@@ -15,6 +15,7 @@ Downloader::Downloader(SBuf &url, const MasterXaction::Pointer &xact, AsyncCall:
     status(Http::scNone),
     level_(level)
 {
+    transferProtocol = AnyP::ProtocolVersion(AnyP::PROTO_HTTP,1,1);
 }
 
 Downloader::~Downloader()

diff --git a/src/client_side_request.cc b/src/client_side_request.cc
index 76ceb2760973f9d411e4a0aeb974243a8c00fea5..7c00f23c2b34fb3ab64781dd35aa71b4dc425331 100644 (file)
--- a/src/client_side_request.cc
+++ b/src/client_side_request.cc
@@ -996,7 +996,8 @@ clientCheckPinning(ClientHttpRequest * http)
     if (!http_conn)
         return;
 
-    // Internal requests such as those from Doenloader does not have local port
+    // Internal requests such as those from Downloader does not have
+    // local port
     if (http_conn->port == NULL)
         return;
 

diff --git a/src/ssl/PeerConnector.cc b/src/ssl/PeerConnector.cc
index c3c7410455b860bb66df7cb97fa9b30cb50ff8a4..3c49c5a5f73819e201ed5a30cb417c00fa173b62 100644 (file)
--- a/src/ssl/PeerConnector.cc
+++ b/src/ssl/PeerConnector.cc
@@ -280,8 +280,8 @@ Ssl::PeekingPeerConnector::checkForPeekAndSpliceMatched(const Ssl::BumpMode acti
         clientConn->close();
     } else if (finalAction != Ssl::bumpSplice) {
         //Allow write, proceed with the connection
-        srvBio->recordInput(false);
         srvBio->holdWrite(false);
+        srvBio->recordInput(false);
         debugs(83,5, "Retry the fwdNegotiateSSL on FD " << serverConn->fd);
         Ssl::PeerConnector::noteWantWrite();
     } else {
@@ -646,7 +646,7 @@ void
 Ssl::PeerConnector::certDownloadingDone(SBuf &obj, int downloadStatus)
 {
     certsDownloads++;
-    debugs(81, 5, "OK! certificate downloaded, status: " << downloadStatus << " data size: " << obj.length());
+    debugs(81, 5, "Certificate downloading status: " << downloadStatus << " certificate size: " << obj.length());
 
     // Get ServerBio from SSL object
     const int fd = serverConnection()->fd;
@@ -654,7 +654,8 @@ Ssl::PeerConnector::certDownloadingDone(SBuf &obj, int downloadStatus)
     BIO *b = SSL_get_rbio(ssl);
     Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(b->ptr);
 
-    // Parse Certificate. Assume that it is in DER format. Probably we should handle PEM or other formats too
+    // Parse Certificate. Assume that it is in DER format. Probably we
+    // should handle PEM or other formats too
     const unsigned char *raw = (const unsigned char*)obj.rawContent();
     if (X509 *cert = d2i_X509(NULL, &raw, obj.length())) {
         char buffer[1024];

diff --git a/src/ssl/PeerConnector.h b/src/ssl/PeerConnector.h
index 4ecbaffe4ea2c5b88357256e002ce7a4194e6948..34d2c12c1e1f6247a566ecf367683cfee564ba84 100644 (file)
--- a/src/ssl/PeerConnector.h
+++ b/src/ssl/PeerConnector.h
@@ -122,9 +122,10 @@ protected:
     /// Squid COMM_SELECT_READ handler.
     void noteWantRead();
 
-    /// Run the certificates list sent by SSL server and see if there are
-    /// missing certificates. For the certificates there is a issuer URL
-    /// add it to the urlsOfMissingCerts list
+    /// Run the certificates list sent by the SSL server and check if there
+    /// are missing certificates. Adds to the urlOfMissingCerts list the 
+    /// URLS of missing certificates if this information provided by the
+    /// issued certificates with Authority Info Access extension.
     bool checkForMissingCertificates();
 
     /// Start downloading procedure for the given URL

diff --git a/src/ssl/bio.cc b/src/ssl/bio.cc
index f46340262045410851921c6b6b784080081dcf66..f3b2aa24b79d2f3fe5af440660265ca524020a6b 100644 (file)
--- a/src/ssl/bio.cc
+++ b/src/ssl/bio.cc
@@ -427,19 +427,6 @@ Ssl::ClientBio::write(const char *buf, int size, BIO *table)
     return Ssl::Bio::write(buf, size, table);
 }
 
-// XXX: Replace with Raw(...).hex(); see example further below
-const char *objToString(unsigned char const *bytes, int len)
-{
-    static std::string buf;
-    buf.clear();
-    for (int i = 0; i < len; i++ ) {
-        char tmp[3];
-        snprintf(tmp, sizeof(tmp), "%.2x", bytes[i]);
-        buf.append(tmp);
-    }
-    return buf.c_str();
-}
-
 int
 Ssl::ClientBio::read(char *buf, int size, BIO *table)
 {
@@ -464,9 +451,7 @@ Ssl::ClientBio::read(char *buf, int size, BIO *table)
     }
 
     if (helloState == atHelloStarted) {
-        const unsigned char *head = (const unsigned char *)rbuf.content();
-        const char *s = objToString(head, rbuf.contentSize());
-        debugs(83, 7, "SSL Header: " << s);
+        debugs(83, 7, "SSL Header: " << Raw(nullptr, rbuf.content(), rbuf.contentSize()).hex());
 
         if (helloSize > rbuf.contentSize()) {
             BIO_set_retry_read(table);
@@ -959,51 +944,6 @@ Ssl::Bio::sslFeatures::get(const SSL *ssl)
         memcpy(client_random, ssl->s3->client_random, SSL3_RANDOM_SIZE);
     }
 
-#if 0 /* XXX: OpenSSL 0.9.8k lacks at least some of these tlsext_* fields */
-    //The following extracted for logging purpuses:
-    // TLSEXT_TYPE_ec_point_formats
-    unsigned char *p;
-    int len;
-    if (ssl->server) {
-        p = ssl->session->tlsext_ecpointformatlist;
-        len = ssl->session->tlsext_ecpointformatlist_length;
-    } else {
-        p = ssl->tlsext_ecpointformatlist;
-        len = ssl->tlsext_ecpointformatlist_length;
-    }
-    if (p) {
-        ecPointFormatList = objToString(p, len);
-        debugs(83, 7, "tlsExtension ecPointFormatList of length " << len << " :" << ecPointFormatList);
-    }
-
-    // TLSEXT_TYPE_elliptic_curves
-    if (ssl->server) {
-        p = ssl->session->tlsext_ellipticcurvelist;
-        len = ssl->session->tlsext_ellipticcurvelist_length;
-    } else {
-        p = ssl->tlsext_ellipticcurvelist;
-        len = ssl->tlsext_ellipticcurvelist_length;
-    }
-    if (p) {
-        ellipticCurves = objToString(p, len);
-        debugs(83, 7, "tlsExtension ellipticCurveList of length " <<  len <<" :" << ellipticCurves);
-    }
-    // TLSEXT_TYPE_opaque_prf_input
-    p = NULL;
-    if (ssl->server) {
-        if (ssl->s3 &&  ssl->s3->client_opaque_prf_input) {
-            p = (unsigned char *)ssl->s3->client_opaque_prf_input;
-            len = ssl->s3->client_opaque_prf_input_len;
-        }
-    } else {
-        p = (unsigned char *)ssl->tlsext_opaque_prf_input;
-        len = ssl->tlsext_opaque_prf_input_len;
-    }
-    if (p) {
-        debugs(83, 7, "tlsExtension client-opaque-prf-input of length " << len);
-        opaquePrf = objToString(p, len);
-    }
-#endif
     initialized_ = true;
     return true;
 }
@@ -1011,15 +951,15 @@ Ssl::Bio::sslFeatures::get(const SSL *ssl)
 int
 Ssl::Bio::sslFeatures::parseMsgHead(const MemBuf &buf)
 {
-    const unsigned char *head = (const unsigned char *)buf.content();
-    const char *s = objToString(head, buf.contentSize());
-    debugs(83, 7, "SSL Header: " << s);
+    debugs(83, 7, "SSL Header: " << Raw(nullptr, buf.content(), buf.contentSize()).hex());
+
     if (buf.contentSize() < 5)
         return 0;
 
     if (helloMsgSize > 0)
         return helloMsgSize;
 
+    const unsigned char *head = (const unsigned char *)buf.content();
     // Check for SSLPlaintext/TLSPlaintext record
     // RFC6101 section 5.2.1
     // RFC5246 section 6.2.1
@@ -1196,7 +1136,7 @@ Ssl::Bio::sslFeatures::parseV3Hello(const unsigned char *messageContainer, size_
     sslVersion = (clientHello[4] << 8) | clientHello[5];
     //Get Client Random number. It starts on the position 6 of clientHello message
     memcpy(client_random, clientHello + 6, SSL3_RANDOM_SIZE);
-    debugs(83, 7, "Client random: " <<  objToString(client_random, SSL3_RANDOM_SIZE));
+    debugs(83, 7, "Client random: " <<  Raw(nullptr, (char *)client_random, SSL3_RANDOM_SIZE).hex());
 
     // At the position 38 (6+SSL3_RANDOM_SIZE)
     const size_t sessIDLen = static_cast<size_t>(clientHello[38]);
@@ -1411,10 +1351,7 @@ Ssl::Bio::sslFeatures::print(std::ostream &os) const
            " SNI:" << (serverName.isEmpty() ? SBuf("-") : serverName) <<
            " comp:" << compressMethod <<
            " Ciphers:" << clientRequestedCiphers <<
-           " Random:" << objToString(client_random, SSL3_RANDOM_SIZE) <<
-           " ecPointFormats:" << ecPointFormatList <<
-           " ec:" << ellipticCurves <<
-           " opaquePrf:" << opaquePrf;
+           " Random:" << Raw(nullptr, (char *)client_random, SSL3_RANDOM_SIZE).hex();
 }
 
 /// parses a single TLS Record Layer frame

diff --git a/src/ssl/bio.h b/src/ssl/bio.h
index af4dafaf005031dae9b1b642844228e31e184ab2..70e57b97dc1db79ea9198d6c7e5f36820d675710 100644 (file)
--- a/src/ssl/bio.h
+++ b/src/ssl/bio.h
@@ -273,9 +273,6 @@ public:
         mutable SBuf serverName; ///< The SNI hostname, if any
         std::string clientRequestedCiphers; ///< The client requested ciphers
         bool unknownCiphers; ///< True if one or more ciphers are unknown
-        std::string ecPointFormatList;///< tlsExtension ecPointFormatList
-        std::string ellipticCurves; ///< tlsExtension ellipticCurveList
-        std::string opaquePrf; ///< tlsExtension opaquePrf
         bool doHeartBeats;
         bool tlsTicketsExtension; ///< whether TLS tickets extension is enabled
         bool hasTlsTicket; ///< whether a TLS ticket is included