#include "urn.h"
#include "whois.h"
#if USE_SSL
-#if 1 // USE_SSL_CERT_VALIDATOR
#include "ssl/cert_validate_message.h"
#include "ssl/Config.h"
#include "ssl/helper.h"
-#endif
#include "ssl/support.h"
#include "ssl/ErrorDetail.h"
#include "ssl/ServerBump.h"
serverConnection()->getPeer()->sslSession = SSL_get1_session(ssl);
}
-#if 1 // USE_SSL_CERT_VALIDATOR
if (Ssl::TheConfig.ssl_crt_validator) {
Ssl::CertValidationRequest validationRequest;
// WARNING: The STACK_OF(*) OpenSSL objects does not support locking.
return;
}
}
-#endif // USE_SSL_CERT_VALIDATOR
dispatch();
}
-#if 1 // USE_SSL_CERT_VALIDATOR
void
FwdState::sslCrtvdHandleReplyWrapper(void *data, const HelperReply &reply)
{
return errs;
}
-#endif // USE_SSL_CERT_VALIDATOR
-
void
FwdState::initiateSSL()
{
Ssl::setClientSNI(ssl, hostname);
}
-#if 1 // USE_SSL_CERT_VALIDATOR
// If CertValidation Helper used do not lookup checklist for errors,
// but keep a list of errors to send it to CertValidator
if (!Ssl::TheConfig.ssl_crt_validator) {
-#endif
// Create the ACL check list now, while we have access to more info.
// The list is used in ssl_verify_cb() and is freed in ssl_free().
if (acl_access *acl = Config.ssl_client.cert_error) {
ACLFilledChecklist *check = new ACLFilledChecklist(acl, request, dash_str);
SSL_set_ex_data(ssl, ssl_ex_index_cert_error_check, check);
}
-#if 1 // USE_SSL_CERT_VALIDATOR
}
-#endif
// store peeked cert to check SQUID_X509_V_ERR_CERT_CHANGE
X509 *peeked_cert;
Ssl::Helper::GetInstance()->Shutdown();
#endif
#if USE_SSL
-#if 1 // USE_SSL_CERT_VALIDATOR
if (Ssl::CertValidationHelper::GetInstance())
Ssl::CertValidationHelper::GetInstance()->Shutdown();
-#endif
Ssl::TheGlobalContextStorage.reconfigureStart();
#endif
redirectShutdown();
#if USE_SSL_CRTD
Ssl::Helper::GetInstance()->Init();
#endif
-#if USE_SSL // && USE_SSL_CERT_VALIDATOR
+#if USE_SSL
if (Ssl::CertValidationHelper::GetInstance())
Ssl::CertValidationHelper::GetInstance()->Init();
#endif
Ssl::Helper::GetInstance()->Init();
#endif
-#if USE_SSL // && USE_SSL_CERT_VALIDATOR
+#if USE_SSL
if (Ssl::CertValidationHelper::GetInstance())
Ssl::CertValidationHelper::GetInstance()->Init();
#endif
#if USE_SSL_CRTD
Ssl::Helper::GetInstance()->Shutdown();
#endif
-#if USE_SSL //&& USE_SSL_CERT_VALIDATOR
+#if USE_SSL
if (Ssl::CertValidationHelper::GetInstance())
Ssl::CertValidationHelper::GetInstance()->Shutdown();
#endif
}
#endif //USE_SSL_CRTD
-#if 1 // USE_SSL_CERT_VALIDATOR
-/*ssl_crtd_validator*/
-
Ssl::CertValidationHelper * Ssl::CertValidationHelper::GetInstance()
{
static Ssl::CertValidationHelper sslHelper;
msg += '\n';
helperSubmit(ssl_crt_validator, msg.c_str(), callback, data);
}
-#endif // USE_SSL_CERT_VALIDATOR
filledCheck->sslErrors = NULL;
filledCheck->serverCert.reset(NULL);
}
-#if 1 // USE_SSL_CERT_VALIDATOR
// If the certificate validator is used then we need to allow all errors and
// pass them to certficate validator for more processing
else if (Ssl::TheConfig.ssl_crt_validator)
ok = 1;
-#endif
}
if (!dont_verify_domain && server) {}
projects / thirdparty / squid.git / commitdiff
