Cleanup: Replace SSL_CTX* with Security::ContextPointer

... or 'auto' keyword in all locations outside src/ssl/

diff --git a/src/adaptation/icap/Xaction.cc b/src/adaptation/icap/Xaction.cc
index 66e092d90351c43c05a021e04fe714a40b4888ff..e731ad2af69503a9473c2df4e70cb28abf6fb904 100644 (file)
--- a/src/adaptation/icap/Xaction.cc
+++ b/src/adaptation/icap/Xaction.cc
@@ -62,7 +62,7 @@ public:
     /* PeerConnector API */
     virtual Security::SessionPointer initializeSsl();
     virtual void noteNegotiationDone(ErrorState *error);
-    virtual SSL_CTX *getSslContext() {return icapService->sslContext; }
+    virtual Security::ContextPointer getSslContext() {return icapService->sslContext;}
 
 private:
     Adaptation::Icap::ServiceRep::Pointer icapService;

diff --git a/src/anyp/PortCfg.cc b/src/anyp/PortCfg.cc
index f607abc4285db24a8d22e2b020a649c32a0a9514..2a1184a2ff8e4941fd017921ef139ee490397c7e 100644 (file)
--- a/src/anyp/PortCfg.cc
+++ b/src/anyp/PortCfg.cc
@@ -119,7 +119,7 @@ AnyP::PortCfg::clone() const
 #if 0
     // TODO: AYJ: 2015-01-15: for now SSL does not clone the context object.
     // cloning should only be done before the PortCfg is post-configure initialized and opened
-    SSL_CTX *sslContext;
+    Security::ContextPointer sslContext;
 #endif
 
 #endif /*0*/

diff --git a/src/client_side.cc b/src/client_side.cc
index 313e93315e10f45f4367da03a16b0cf0e715e2b2..338be92d59f09e6341e581bcde2e05015019a09e 100644 (file)
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -3520,7 +3520,7 @@ httpAccept(const CommAcceptCbParams &params)
 
 /** Create SSL connection structure and update fd_table */
 static Security::SessionPointer
-httpsCreate(const Comm::ConnectionPointer &conn, SSL_CTX *sslContext)
+httpsCreate(const Comm::ConnectionPointer &conn, Security::ContextPointer sslContext)
 {
     if (auto ssl = Ssl::CreateServer(sslContext, conn->fd, "client https start")) {
         debugs(33, 5, "will negotate SSL on " << conn);
@@ -3668,11 +3668,11 @@ clientNegotiateSSL(int fd, void *data)
 }
 
 /**
- * If SSL_CTX is given, starts reading the SSL handshake.
- * Otherwise, calls switchToHttps to generate a dynamic SSL_CTX.
+ * If Security::ContextPointer is given, starts reading the TLS handshake.
+ * Otherwise, calls switchToHttps to generate a dynamic Security::ContextPointer.
  */
 static void
-httpsEstablish(ConnStateData *connState,  SSL_CTX *sslContext)
+httpsEstablish(ConnStateData *connState, Security::ContextPointer sslContext)
 {
     Security::SessionPointer ssl = nullptr;
     assert(connState);
@@ -3785,7 +3785,7 @@ ConnStateData::postHttpsAccept()
         acl_checklist->nonBlockingCheck(httpsSslBumpAccessCheckDone, this);
         return;
     } else {
-        SSL_CTX *sslContext = port->staticSslContext.get();
+        Security::ContextPointer sslContext = port->staticSslContext.get();
         httpsEstablish(this, sslContext);
     }
 }
@@ -3940,7 +3940,7 @@ ConnStateData::getSslContextStart()
         if (!(sslServerBump && (sslServerBump->act.step1 == Ssl::bumpPeek || sslServerBump->act.step1 == Ssl::bumpStare))) {
             debugs(33, 5, "Finding SSL certificate for " << sslBumpCertKey << " in cache");
             Ssl::LocalContextStorage * ssl_ctx_cache = Ssl::TheGlobalContextStorage.getLocalStorage(port->s);
-            SSL_CTX * dynCtx = NULL;
+            Security::ContextPointer dynCtx = nullptr;
             Ssl::SSL_CTX_Pointer *cachedCtx = ssl_ctx_cache ? ssl_ctx_cache->get(sslBumpCertKey.termedBuf()) : NULL;
             if (cachedCtx && (dynCtx = cachedCtx->get())) {
                 debugs(33, 5, "SSL certificate for " << sslBumpCertKey << " found in cache");
@@ -3983,7 +3983,7 @@ ConnStateData::getSslContextStart()
             if (!Ssl::configureSSL(ssl, certProperties, *port))
                 debugs(33, 5, "Failed to set certificates to ssl object for PeekAndSplice mode");
         } else {
-            SSL_CTX *dynCtx = Ssl::generateSslContext(certProperties, *port);
+            auto dynCtx = Ssl::generateSslContext(certProperties, *port);
             getSslContextDone(dynCtx, true);
         }
         return;
@@ -3992,7 +3992,7 @@ ConnStateData::getSslContextStart()
 }
 
 void
-ConnStateData::getSslContextDone(SSL_CTX * sslContext, bool isNew)
+ConnStateData::getSslContextDone(Security::ContextPointer sslContext, bool isNew)
 {
     // Try to add generated ssl context to storage.
     if (port->generateHostCertificates && isNew) {
@@ -4152,7 +4152,7 @@ clientPeekAndSpliceSSL(int fd, void *data)
 void ConnStateData::startPeekAndSplice()
 {
     // will call httpsPeeked() with certificate and connection, eventually
-    SSL_CTX *unConfiguredCTX = Ssl::createSSLContext(port->signingCert, port->signPkey, *port);
+    auto unConfiguredCTX = Ssl::createSSLContext(port->signingCert, port->signPkey, *port);
     fd_table[clientConnection->fd].dynamicSslContext = unConfiguredCTX;
 
     if (!httpsCreate(clientConnection, unConfiguredCTX))

diff --git a/src/client_side.h b/src/client_side.h
index cd86fa4c69233cce14298ad66f12707db63e70f3..5fedb7496318b2c77ee3f9da51d2517d2ac3e039 100644 (file)
--- a/src/client_side.h
+++ b/src/client_side.h
@@ -364,7 +364,7 @@ public:
      *
      * \param[in] isNew if generated certificate is new, so we need to add this certificate to storage.
      */
-    void getSslContextDone(SSL_CTX * sslContext, bool isNew = false);
+    void getSslContextDone(Security::ContextPointer sslContext, bool isNew = false);
     /// Callback function. It is called when squid receive message from ssl_crtd.
     static void sslCrtdHandleReplyWrapper(void *data, const Helper::Reply &reply);
     /// Proccess response from ssl_crtd.

diff --git a/src/fde.h b/src/fde.h
index 01afa88280a90edf8c988dbe4b347ec703839170..e53d0e79c29217d6b2eb0b0fb0633850a5f91550 100644 (file)
--- a/src/fde.h
+++ b/src/fde.h
@@ -107,9 +107,7 @@ public:
     READ_HANDLER *read_method;
     WRITE_HANDLER *write_method;
     Security::SessionPointer ssl;
-#if USE_OPENSSL
-    SSL_CTX *dynamicSslContext; ///< cached and then freed when fd is closed
-#endif
+    Security::ContextPointer dynamicSslContext; ///< cached and then freed when fd is closed
 #if _SQUID_WINDOWS_
     struct {
         long handle;
@@ -159,9 +157,7 @@ private:
         read_method = NULL;
         write_method = NULL;
         ssl = NULL;
-#if USE_OPENSSL
         dynamicSslContext = NULL;
-#endif
 #if _SQUID_WINDOWS_
         win32.handle = (long)NULL;
 #endif

diff --git a/src/tests/stub_client_side.cc b/src/tests/stub_client_side.cc
index 1006e8d81fc0778fcd87ee67d8b115a4c6fa8d30..259d45ae26fb27f9d291c2d9d45531ef8d294e88 100644 (file)
--- a/src/tests/stub_client_side.cc
+++ b/src/tests/stub_client_side.cc
@@ -72,7 +72,7 @@ void ConnStateData::quitAfterError(HttpRequest *request) STUB
 #if USE_OPENSSL
 void ConnStateData::httpsPeeked(Comm::ConnectionPointer serverConnection) STUB
 void ConnStateData::getSslContextStart() STUB
-void ConnStateData::getSslContextDone(SSL_CTX * sslContext, bool isNew) STUB
+void ConnStateData::getSslContextDone(Security::ContextPointer, bool) STUB
 void ConnStateData::sslCrtdHandleReplyWrapper(void *data, const Helper::Reply &reply) STUB
 void ConnStateData::sslCrtdHandleReply(const Helper::Reply &reply) STUB
 void ConnStateData::switchToHttps(HttpRequest *request, Ssl::BumpMode bumpServerMode) STUB