From: Amos Jeffries Date: Mon, 7 Dec 2015 01:45:46 +0000 (-0800) Subject: Cleanup: pass PeerOptions to sslCreateClientContext() X-Git-Tag: SQUID_4_0_4~48 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=42a5dae8b02fdd0925abfe982d5345110463275d;p=thirdparty%2Fsquid.git Cleanup: pass PeerOptions to sslCreateClientContext() ... to reduce context creation code and simplify upcoming libsecurity migration steps. --- diff --git a/src/security/PeerOptions.cc b/src/security/PeerOptions.cc index 0d3b51e2c9..b87cea1671 100644 --- a/src/security/PeerOptions.cc +++ b/src/security/PeerOptions.cc @@ -233,7 +233,7 @@ Security::PeerOptions::createClientContext(bool setOptions) #if USE_OPENSSL // XXX: temporary performance regression. c_str() data copies and prevents this being a const method - t = sslCreateClientContext(certFile.c_str(), privateKeyFile.c_str(), sslCipher.c_str(), + t = sslCreateClientContext(*this, certFile.c_str(), privateKeyFile.c_str(), sslCipher.c_str(), (setOptions ? parsedOptions : 0), parsedFlags); #elif USE_GNUTLS && WHEN_READY_FOR_GNUTLS diff --git a/src/ssl/support.cc b/src/ssl/support.cc index e1cd25dc61..cd3ff24c6b 100644 --- a/src/ssl/support.cc +++ b/src/ssl/support.cc @@ -631,21 +631,11 @@ ssl_next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsi #endif Security::ContextPtr -sslCreateClientContext(const char *certfile, const char *keyfile, const char *cipher, long options, long fl) +sslCreateClientContext(Security::PeerOptions &peer, const char *certfile, const char *keyfile, const char *cipher, long options, long fl) { - Ssl::Initialize(); - -#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) - Security::ContextPtr sslContext(SSL_CTX_new(TLS_client_method())); -#else - Security::ContextPtr sslContext(SSL_CTX_new(SSLv23_client_method())); -#endif - - if (sslContext == NULL) { - const int ssl_error = ERR_get_error(); - fatalf("Failed to allocate SSL context: %s\n", - ERR_error_string(ssl_error, NULL)); - } + Security::ContextPtr sslContext(peer.createBlankContext()); + if (!sslContext) + return nullptr; SSL_CTX_set_options(sslContext, options); diff --git a/src/ssl/support.h b/src/ssl/support.h index 530a78ccf6..bb4a37e7c9 100644 --- a/src/ssl/support.h +++ b/src/ssl/support.h @@ -96,7 +96,7 @@ typedef CbDataList CertErrors; Security::ContextPtr sslCreateServerContext(AnyP::PortCfg &port); /// \ingroup ServerProtocolSSLAPI -Security::ContextPtr sslCreateClientContext(const char *certfile, const char *keyfile, const char *cipher, long options, long flags); +Security::ContextPtr sslCreateClientContext(Security::PeerOptions &, const char *certfile, const char *keyfile, const char *cipher, long options, long flags); /// \ingroup ServerProtocolSSLAPI int ssl_read_method(int, char *, int); diff --git a/src/tests/stub_libsslsquid.cc b/src/tests/stub_libsslsquid.cc index bdc408f3f0..68291c35b5 100644 --- a/src/tests/stub_libsslsquid.cc +++ b/src/tests/stub_libsslsquid.cc @@ -57,7 +57,7 @@ bool CertError::operator == (const CertError &ce) const STUB_RETVAL(false) bool CertError::operator != (const CertError &ce) const STUB_RETVAL(false) } // namespace Ssl Security::ContextPtr sslCreateServerContext(AnyP::PortCfg &port) STUB_RETVAL(NULL) -Security::ContextPtr sslCreateClientContext(const char *certfile, const char *keyfile, const char *cipher, long options, const char *flags) STUB_RETVAL(NULL) +Security::ContextPtr sslCreateClientContext(Security::PeerOptions &, const char *, const char *, const char *, long, const char *) STUB_RETVAL(nullptr) int ssl_read_method(int, char *, int) STUB_RETVAL(0) int ssl_write_method(int, const char *, int) STUB_RETVAL(0) void ssl_shutdown_method(SSL *ssl) STUB