From: Christos Tsantilas Date: Tue, 15 Dec 2015 14:09:21 +0000 (+0200) Subject: Polish the code and other minor fixes X-Git-Tag: SQUID_4_0_13~5^2~17 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7b4984f7a45d27abf37b50143b49e25209e37699;p=thirdparty%2Fsquid.git Polish the code and other minor fixes - Remove unsued members in Ssl::Bio::Features - Use the new Raw class instead of the objToString local function in bio.cc - Fix C++ comments - Other minor fixes --- diff --git a/src/Downloader.cc b/src/Downloader.cc index 34bdfc7522..5584dd84f7 100644 --- a/src/Downloader.cc +++ b/src/Downloader.cc @@ -15,6 +15,7 @@ Downloader::Downloader(SBuf &url, const MasterXaction::Pointer &xact, AsyncCall: status(Http::scNone), level_(level) { + transferProtocol = AnyP::ProtocolVersion(AnyP::PROTO_HTTP,1,1); } Downloader::~Downloader() diff --git a/src/client_side_request.cc b/src/client_side_request.cc index 76ceb27609..7c00f23c2b 100644 --- a/src/client_side_request.cc +++ b/src/client_side_request.cc @@ -996,7 +996,8 @@ clientCheckPinning(ClientHttpRequest * http) if (!http_conn) return; - // Internal requests such as those from Doenloader does not have local port + // Internal requests such as those from Downloader does not have + // local port if (http_conn->port == NULL) return; diff --git a/src/ssl/PeerConnector.cc b/src/ssl/PeerConnector.cc index c3c7410455..3c49c5a5f7 100644 --- a/src/ssl/PeerConnector.cc +++ b/src/ssl/PeerConnector.cc @@ -280,8 +280,8 @@ Ssl::PeekingPeerConnector::checkForPeekAndSpliceMatched(const Ssl::BumpMode acti clientConn->close(); } else if (finalAction != Ssl::bumpSplice) { //Allow write, proceed with the connection - srvBio->recordInput(false); srvBio->holdWrite(false); + srvBio->recordInput(false); debugs(83,5, "Retry the fwdNegotiateSSL on FD " << serverConn->fd); Ssl::PeerConnector::noteWantWrite(); } else { @@ -646,7 +646,7 @@ void Ssl::PeerConnector::certDownloadingDone(SBuf &obj, int downloadStatus) { certsDownloads++; - debugs(81, 5, "OK! certificate downloaded, status: " << downloadStatus << " data size: " << obj.length()); + debugs(81, 5, "Certificate downloading status: " << downloadStatus << " certificate size: " << obj.length()); // Get ServerBio from SSL object const int fd = serverConnection()->fd; @@ -654,7 +654,8 @@ Ssl::PeerConnector::certDownloadingDone(SBuf &obj, int downloadStatus) BIO *b = SSL_get_rbio(ssl); Ssl::ServerBio *srvBio = static_cast(b->ptr); - // Parse Certificate. Assume that it is in DER format. Probably we should handle PEM or other formats too + // Parse Certificate. Assume that it is in DER format. Probably we + // should handle PEM or other formats too const unsigned char *raw = (const unsigned char*)obj.rawContent(); if (X509 *cert = d2i_X509(NULL, &raw, obj.length())) { char buffer[1024]; diff --git a/src/ssl/PeerConnector.h b/src/ssl/PeerConnector.h index 4ecbaffe4e..34d2c12c1e 100644 --- a/src/ssl/PeerConnector.h +++ b/src/ssl/PeerConnector.h @@ -122,9 +122,10 @@ protected: /// Squid COMM_SELECT_READ handler. void noteWantRead(); - /// Run the certificates list sent by SSL server and see if there are - /// missing certificates. For the certificates there is a issuer URL - /// add it to the urlsOfMissingCerts list + /// Run the certificates list sent by the SSL server and check if there + /// are missing certificates. Adds to the urlOfMissingCerts list the + /// URLS of missing certificates if this information provided by the + /// issued certificates with Authority Info Access extension. bool checkForMissingCertificates(); /// Start downloading procedure for the given URL diff --git a/src/ssl/bio.cc b/src/ssl/bio.cc index f463402620..f3b2aa24b7 100644 --- a/src/ssl/bio.cc +++ b/src/ssl/bio.cc @@ -427,19 +427,6 @@ Ssl::ClientBio::write(const char *buf, int size, BIO *table) return Ssl::Bio::write(buf, size, table); } -// XXX: Replace with Raw(...).hex(); see example further below -const char *objToString(unsigned char const *bytes, int len) -{ - static std::string buf; - buf.clear(); - for (int i = 0; i < len; i++ ) { - char tmp[3]; - snprintf(tmp, sizeof(tmp), "%.2x", bytes[i]); - buf.append(tmp); - } - return buf.c_str(); -} - int Ssl::ClientBio::read(char *buf, int size, BIO *table) { @@ -464,9 +451,7 @@ Ssl::ClientBio::read(char *buf, int size, BIO *table) } if (helloState == atHelloStarted) { - const unsigned char *head = (const unsigned char *)rbuf.content(); - const char *s = objToString(head, rbuf.contentSize()); - debugs(83, 7, "SSL Header: " << s); + debugs(83, 7, "SSL Header: " << Raw(nullptr, rbuf.content(), rbuf.contentSize()).hex()); if (helloSize > rbuf.contentSize()) { BIO_set_retry_read(table); @@ -959,51 +944,6 @@ Ssl::Bio::sslFeatures::get(const SSL *ssl) memcpy(client_random, ssl->s3->client_random, SSL3_RANDOM_SIZE); } -#if 0 /* XXX: OpenSSL 0.9.8k lacks at least some of these tlsext_* fields */ - //The following extracted for logging purpuses: - // TLSEXT_TYPE_ec_point_formats - unsigned char *p; - int len; - if (ssl->server) { - p = ssl->session->tlsext_ecpointformatlist; - len = ssl->session->tlsext_ecpointformatlist_length; - } else { - p = ssl->tlsext_ecpointformatlist; - len = ssl->tlsext_ecpointformatlist_length; - } - if (p) { - ecPointFormatList = objToString(p, len); - debugs(83, 7, "tlsExtension ecPointFormatList of length " << len << " :" << ecPointFormatList); - } - - // TLSEXT_TYPE_elliptic_curves - if (ssl->server) { - p = ssl->session->tlsext_ellipticcurvelist; - len = ssl->session->tlsext_ellipticcurvelist_length; - } else { - p = ssl->tlsext_ellipticcurvelist; - len = ssl->tlsext_ellipticcurvelist_length; - } - if (p) { - ellipticCurves = objToString(p, len); - debugs(83, 7, "tlsExtension ellipticCurveList of length " << len <<" :" << ellipticCurves); - } - // TLSEXT_TYPE_opaque_prf_input - p = NULL; - if (ssl->server) { - if (ssl->s3 && ssl->s3->client_opaque_prf_input) { - p = (unsigned char *)ssl->s3->client_opaque_prf_input; - len = ssl->s3->client_opaque_prf_input_len; - } - } else { - p = (unsigned char *)ssl->tlsext_opaque_prf_input; - len = ssl->tlsext_opaque_prf_input_len; - } - if (p) { - debugs(83, 7, "tlsExtension client-opaque-prf-input of length " << len); - opaquePrf = objToString(p, len); - } -#endif initialized_ = true; return true; } @@ -1011,15 +951,15 @@ Ssl::Bio::sslFeatures::get(const SSL *ssl) int Ssl::Bio::sslFeatures::parseMsgHead(const MemBuf &buf) { - const unsigned char *head = (const unsigned char *)buf.content(); - const char *s = objToString(head, buf.contentSize()); - debugs(83, 7, "SSL Header: " << s); + debugs(83, 7, "SSL Header: " << Raw(nullptr, buf.content(), buf.contentSize()).hex()); + if (buf.contentSize() < 5) return 0; if (helloMsgSize > 0) return helloMsgSize; + const unsigned char *head = (const unsigned char *)buf.content(); // Check for SSLPlaintext/TLSPlaintext record // RFC6101 section 5.2.1 // RFC5246 section 6.2.1 @@ -1196,7 +1136,7 @@ Ssl::Bio::sslFeatures::parseV3Hello(const unsigned char *messageContainer, size_ sslVersion = (clientHello[4] << 8) | clientHello[5]; //Get Client Random number. It starts on the position 6 of clientHello message memcpy(client_random, clientHello + 6, SSL3_RANDOM_SIZE); - debugs(83, 7, "Client random: " << objToString(client_random, SSL3_RANDOM_SIZE)); + debugs(83, 7, "Client random: " << Raw(nullptr, (char *)client_random, SSL3_RANDOM_SIZE).hex()); // At the position 38 (6+SSL3_RANDOM_SIZE) const size_t sessIDLen = static_cast(clientHello[38]); @@ -1411,10 +1351,7 @@ Ssl::Bio::sslFeatures::print(std::ostream &os) const " SNI:" << (serverName.isEmpty() ? SBuf("-") : serverName) << " comp:" << compressMethod << " Ciphers:" << clientRequestedCiphers << - " Random:" << objToString(client_random, SSL3_RANDOM_SIZE) << - " ecPointFormats:" << ecPointFormatList << - " ec:" << ellipticCurves << - " opaquePrf:" << opaquePrf; + " Random:" << Raw(nullptr, (char *)client_random, SSL3_RANDOM_SIZE).hex(); } /// parses a single TLS Record Layer frame diff --git a/src/ssl/bio.h b/src/ssl/bio.h index af4dafaf00..70e57b97dc 100644 --- a/src/ssl/bio.h +++ b/src/ssl/bio.h @@ -273,9 +273,6 @@ public: mutable SBuf serverName; ///< The SNI hostname, if any std::string clientRequestedCiphers; ///< The client requested ciphers bool unknownCiphers; ///< True if one or more ciphers are unknown - std::string ecPointFormatList;///< tlsExtension ecPointFormatList - std::string ellipticCurves; ///< tlsExtension ellipticCurveList - std::string opaquePrf; ///< tlsExtension opaquePrf bool doHeartBeats; bool tlsTicketsExtension; ///< whether TLS tickets extension is enabled bool hasTlsTicket; ///< whether a TLS ticket is included