From: Amos Jeffries Date: Sun, 18 Jan 2015 07:22:01 +0000 (-0800) Subject: Fix silent SSL/TLS failure on split-stack operating systems X-Git-Tag: SQUID_3_4_12~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2695a2e8c45dd62d4ce6dda2f9effd3fe086951a;p=thirdparty%2Fsquid.git Fix silent SSL/TLS failure on split-stack operating systems Up to now we have not cloned any of the SSL/TLS related config state if the port needed cloning into separate IPv6 and IPv4 sockets. It is safe enough to clone the text strings received directly from squid.conf and rely on later port setup to generate separate sslContext objects. --- diff --git a/src/anyp/PortCfg.cc b/src/anyp/PortCfg.cc index 41a6b9ee1c..111444c5dd 100644 --- a/src/anyp/PortCfg.cc +++ b/src/anyp/PortCfg.cc @@ -66,22 +66,34 @@ AnyP::PortCfg::clone() const b->disable_pmtu_discovery = disable_pmtu_discovery; b->tcp_keepalive = tcp_keepalive; -#if 0 - // TODO: AYJ: 2009-07-18: for now SSL does not clone. Configure separate ports with IPs and SSL settings - #if USE_SSL - char *cert; - char *key; - int version; - char *cipher; - char *options; - char *clientca; - char *cafile; - char *capath; - char *crlfile; - char *dhfile; - char *sslflags; - char *sslContextSessionId; + if (cert) + b->cert = xstrdup(cert); + if (key) + b->key = xstrdup(key); + b->version = version; + if (cipher) + b->cipher = xstrdup(cipher); + if (options) + b->options = xstrdup(options); + if (clientca) + b->clientca = xstrdup(clientca); + if (cafile) + b->cafile = xstrdup(cafile); + if (capath) + b->capath = xstrdup(capath); + if (crlfile) + b->crlfile = xstrdup(crlfile); + if (dhfile) + b->dhfile = xstrdup(dhfile); + if (sslflags) + b->sslflags = xstrdup(sslflags); + if (sslContextSessionId) + b->sslContextSessionId = xstrdup(sslContextSessionId); + +#if 0 + // TODO: AYJ: 2015-01-15: for now SSL does not clone the context object. + // cloning should only be done before the PortCfg is post-configure initialized and opened SSL_CTX *sslContext; #endif