From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Sun, 14 Aug 2011 03:28:48 +0000 (-0600)
Subject: Bug 3211: ssl_crtd start even if no ssl-bump port is configured
X-Git-Tag: take08~43^2~31
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=586089cdbe3695af5758561fe0cc81757fa082bc;p=thirdparty%2Fsquid.git

Bug 3211: ssl_crtd start even if no ssl-bump port is configured
---

diff --git a/src/client_side.cc b/src/client_side.cc
index 4f62f0a875..6610857086 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -3629,9 +3629,6 @@ clientHttpConnectionsOpen(void)
             Ssl::TheGlobalContextStorage.addLocalStorage(s->s, s->dynamicCertMemCacheSize == std::numeric_limits<size_t>::max() ? 4194304 : s->dynamicCertMemCacheSize);
         }
 #endif
-#if USE_SSL_CRTD
-        Ssl::Helper::GetInstance();
-#endif //USE_SSL_CRTD
 
         // Fill out a Comm::Connection which IPC will open as a listener for us
         //  then pass back when active so we can start a TcpAcceptor subscription.
diff --git a/src/main.cc b/src/main.cc
index 53d09a5bf5..64531ce800 100644
--- a/src/main.cc
+++ b/src/main.cc
@@ -1042,6 +1042,10 @@ mainInitialize(void)
 
 #endif
 
+#if USE_SSL_CRTD
+    Ssl::Helper::GetInstance()->Init();
+#endif
+
     redirectInit();
 #if USE_AUTH
     authenticateInit(&Auth::TheConfig);
diff --git a/src/ssl/helper.cc b/src/ssl/helper.cc
index 546ed3d329..974f62cadc 100644
--- a/src/ssl/helper.cc
+++ b/src/ssl/helper.cc
@@ -3,6 +3,7 @@
  */
 
 #include "config.h"
+#include "ProtoPort.h"
 #include "ssl/Config.h"
 #include "ssl/helper.h"
 #include "SquidTime.h"
@@ -16,7 +17,6 @@ Ssl::Helper * Ssl::Helper::GetInstance()
 
 Ssl::Helper::Helper()
 {
-    Init();
 }
 
 Ssl::Helper::~Helper()
@@ -26,8 +26,20 @@ Ssl::Helper::~Helper()
 
 void Ssl::Helper::Init()
 {
-    if (ssl_crtd == NULL)
-        ssl_crtd = new helper("ssl_crtd");
+    assert(ssl_crtd == NULL);
+
+    bool useSslBump = false;
+    for (http_port_list *s = ::Config.Sockaddr.http; s; s = s->next) {
+        if (s->sslBump) {
+            useSslBump = true;
+            break;
+        }
+    }
+
+    if (!useSslBump)
+        return;
+
+    ssl_crtd = new helper("ssl_crtd");
     ssl_crtd->childs = Ssl::TheConfig.ssl_crtdChildren;
     ssl_crtd->ipc_type = IPC_STREAM;
     // The crtd messages may contain the eol ('\n') character. We are
@@ -69,8 +81,6 @@ void Ssl::Helper::Shutdown()
         return;
     helperShutdown(ssl_crtd);
     wordlistDestroy(&ssl_crtd->cmdline);
-    if (!shutting_down)
-        return;
     delete ssl_crtd;
     ssl_crtd = NULL;
 }
@@ -78,6 +88,7 @@ void Ssl::Helper::Shutdown()
 void Ssl::Helper::sslSubmit(CrtdMessage const & message, HLPCB * callback, void * data)
 {
     static time_t first_warn = 0;
+    assert(ssl_crtd);
 
     if (ssl_crtd->stats.queue_size >= (int)(ssl_crtd->childs.n_running * 2)) {
         if (first_warn == 0)