From: Amos Jeffries Date: Fri, 14 Nov 2014 16:42:45 +0000 (-0800) Subject: Move SSL squid.conf option parse into Security::PeerOptions X-Git-Tag: merge-candidate-3-v1~242^2~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0b0e08647f2bddc1382d324a0f6f1833b69ccdae;p=thirdparty%2Fsquid.git Move SSL squid.conf option parse into Security::PeerOptions --- diff --git a/src/cache_cf.cc b/src/cache_cf.cc index 74c60b5b4e..a5ec5ab344 100644 --- a/src/cache_cf.cc +++ b/src/cache_cf.cc @@ -2244,32 +2244,7 @@ parse_peer(CachePeer ** head) debugs(0, DBG_CRITICAL, "WARNING: cache_peer option '" << token << "' requires --with-openssl"); #else p->secure.ssl = true; - - if (strncmp(token, "sslcert=", 8) == 0) { - p->secure.certFile = SBuf(token + 8); - } else if (strncmp(token, "sslkey=", 7) == 0) { - p->secure.privateKeyFile = SBuf(token + 7); - if (p->secure.certFile.isEmpty()) { - debugs(0, DBG_PARSE_NOTE(1), "WARNING: cache_peer 'sslcert=' option needs to be set before 'sslkey=' is used."); - p->secure.certFile = p->secure.privateKeyFile; - } - } else if (strncmp(token, "sslversion=", 11) == 0) { - p->secure.sslVersion = xatoi(token + 11); - } else if (strncmp(token, "ssloptions=", 11) == 0) { - p->secure.sslOptions = SBuf(token + 11); - } else if (strncmp(token, "sslcipher=", 10) == 0) { - p->secure.sslCipher = SBuf(token + 10); - } else if (strncmp(token, "sslcafile=", 10) == 0) { - p->secure.caFile = SBuf(token + 10); - } else if (strncmp(token, "sslcapath=", 10) == 0) { - p->secure.caDir = SBuf(token + 10); - } else if (strncmp(token, "sslcrlfile=", 11) == 0) { - p->secure.crlFile = SBuf(token + 11); - } else if (strncmp(token, "sslflags=", 9) == 0) { - p->secure.sslFlags = SBuf(token + 9); - } else if (strncmp(token, "ssldomain=", 10) == 0) { - p->secure.sslDomain = SBuf(token + 10); - } + p->secure.parse(token+3); #endif } else if (strcmp(token, "front-end-https") == 0) { diff --git a/src/security/PeerOptions.cc b/src/security/PeerOptions.cc index 8f989a236b..32f549d5a5 100644 --- a/src/security/PeerOptions.cc +++ b/src/security/PeerOptions.cc @@ -7,12 +7,45 @@ */ #include "squid.h" +#include "Debug.h" +#include "globals.h" +#include "Parsing.h" #include "security/PeerOptions.h" #if USE_OPENSSL #include "ssl/support.h" #endif +void +Security::PeerOptions::parse(const char *token) +{ + if (strncmp(token, "cert=", 5) == 0) { + certFile = SBuf(token + 5); + } else if (strncmp(token, "key=", 4) == 0) { + privateKeyFile = SBuf(token + 4); + if (certFile.isEmpty()) { + debugs(0, DBG_PARSE_NOTE(1), "WARNING: cert= option needs to be set before key= is used."); + certFile = privateKeyFile; + } + } else if (strncmp(token, "version=", 8) == 0) { + sslVersion = xatoi(token + 8); + } else if (strncmp(token, "options=", 8) == 0) { + sslOptions = SBuf(token + 8); + } else if (strncmp(token, "cipher=", 7) == 0) { + sslCipher = SBuf(token + 7); + } else if (strncmp(token, "cafile=", 7) == 0) { + caFile = SBuf(token + 7); + } else if (strncmp(token, "capath=", 7) == 0) { + caDir = SBuf(token + 7); + } else if (strncmp(token, "crlfile=", 8) == 0) { + crlFile = SBuf(token + 8); + } else if (strncmp(token, "flags=", 6) == 0) { + sslFlags = SBuf(token + 6); + } else if (strncmp(token, "domain=", 7) == 0) { + sslDomain = SBuf(token + 7); + } +} + // XXX: make a GnuTLS variant Security::ContextPointer Security::PeerOptions::createContext() diff --git a/src/security/PeerOptions.h b/src/security/PeerOptions.h index fba2758a04..1730214a9e 100644 --- a/src/security/PeerOptions.h +++ b/src/security/PeerOptions.h @@ -20,6 +20,9 @@ class PeerOptions public: PeerOptions() : ssl(false), sslVersion(0) {} + /// parse a TLS squid.conf option + void parse(const char *); + /// generate a security context from the configured options Security::ContextPointer createContext(); diff --git a/src/tests/stub_libsecurity.cc b/src/tests/stub_libsecurity.cc index a6b586ff68..b202d84208 100644 --- a/src/tests/stub_libsecurity.cc +++ b/src/tests/stub_libsecurity.cc @@ -12,4 +12,5 @@ #include "tests/STUB.h" #include "security/PeerOptions.h" +void Security::PeerOptions::parse(char const*) STUB Security::ContextPointer Security::PeerOptions::createContext() STUB_RETVAL(NULL)