From: Amos Jeffries <squid3@treenet.co.nz>
Date: Mon, 29 Jun 2015 12:46:17 +0000 (-0700)
Subject: Cleanup: remove unnecessary AnyP::PortCfg::contextMethod
X-Git-Tag: merge-candidate-3-v1~67
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0806013a3527d933b95a24ad9b3d45c5648b5302;p=thirdparty%2Fsquid.git

Cleanup: remove unnecessary AnyP::PortCfg::contextMethod

Now that SSL/TLS server method is a fixed API function we do not have to
store it locally. Move the lookup to the SSL support code where it is
actually used.
---

diff --git a/src/anyp/PortCfg.cc b/src/anyp/PortCfg.cc
index 26a10e3f2f..31ab284e5d 100644
--- a/src/anyp/PortCfg.cc
+++ b/src/anyp/PortCfg.cc
@@ -69,7 +69,6 @@ AnyP::PortCfg::PortCfg() :
     clientCA(),
     dhParams(),
     eecdhCurve(NULL),
-    contextMethod(),
     sslContextFlags(0),
     sslOptions(0)
 #endif
@@ -227,12 +226,6 @@ AnyP::PortCfg::configureSslServerContext()
         version = 0; // prevent options being repeatedly appended
     }
 
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
-    contextMethod = TLS_server_method();
-#else
-    contextMethod = SSLv23_server_method();
-#endif
-
     const char *dhParamsFile = dhfile; // backward compatibility for dhparams= configuration
     safe_free(eecdhCurve); // clear any previous EECDH configuration
     if (tls_dh && *tls_dh) {
diff --git a/src/anyp/PortCfg.h b/src/anyp/PortCfg.h
index 66670ebb43..fd3226e83b 100644
--- a/src/anyp/PortCfg.h
+++ b/src/anyp/PortCfg.h
@@ -95,7 +95,6 @@ public:
     Ssl::X509_NAME_STACK_Pointer clientCA; ///< CA certificates to use when verifying client certificates
     Ssl::DH_Pointer dhParams; ///< DH parameters for temporary/ephemeral DH key exchanges
     char *eecdhCurve; ///< Elliptic curve for ephemeral EC-based DH key exchanges
-    Ssl::ContextMethod contextMethod; ///< The context method (SSL_METHOD) to use when creating certificates
     long sslContextFlags; ///< flags modifying the use of SSL
     long sslOptions; ///< SSL engine options
 #endif
diff --git a/src/ssl/support.cc b/src/ssl/support.cc
index e2ea36d74c..967ff3a5d6 100644
--- a/src/ssl/support.cc
+++ b/src/ssl/support.cc
@@ -990,7 +990,11 @@ sslCreateServerContext(AnyP::PortCfg &port)
     if (!certfile)
         certfile = keyfile;
 
-    SSL_CTX *sslContext = SSL_CTX_new(port.contextMethod);
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    SSL_CTX *sslContext = SSL_CTX_new(TLS_server_method());
+#else
+    SSL_CTX *sslContext = SSL_CTX_new(SSLv23_server_method());
+#endif
 
     if (sslContext == NULL) {
         ssl_error = ERR_get_error();
@@ -1437,7 +1441,11 @@ sslGetUserCertificateChainPEM(SSL *ssl)
 SSL_CTX *
 Ssl::createSSLContext(Ssl::X509_Pointer & x509, Ssl::EVP_PKEY_Pointer & pkey, AnyP::PortCfg &port)
 {
-    Ssl::SSL_CTX_Pointer sslContext(SSL_CTX_new(port.contextMethod));
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    Ssl::SSL_CTX_Pointer sslContext(SSL_CTX_new(TLS_server_method()));
+#else
+    Ssl::SSL_CTX_Pointer sslContext(SSL_CTX_new(SSLv23_server_method()));
+#endif
 
     if (!SSL_CTX_use_certificate(sslContext.get(), x509.get()))
         return NULL;