From c961ecc0272b5d74c52fdce5fd2ede52eb031576 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Mon, 13 Jul 2015 09:04:07 -0700 Subject: [PATCH] Cleanup: Replace SSL_CTX* with Security::ContextPointer ... or 'auto' keyword in all locations outside src/ssl/ --- src/adaptation/icap/Xaction.cc | 2 +- src/anyp/PortCfg.cc | 2 +- src/client_side.cc | 18 +++++++++--------- src/client_side.h | 2 +- src/fde.h | 6 +----- src/tests/stub_client_side.cc | 2 +- 6 files changed, 14 insertions(+), 18 deletions(-) diff --git a/src/adaptation/icap/Xaction.cc b/src/adaptation/icap/Xaction.cc index 66e092d903..e731ad2af6 100644 --- a/src/adaptation/icap/Xaction.cc +++ b/src/adaptation/icap/Xaction.cc @@ -62,7 +62,7 @@ public: /* PeerConnector API */ virtual Security::SessionPointer initializeSsl(); virtual void noteNegotiationDone(ErrorState *error); - virtual SSL_CTX *getSslContext() {return icapService->sslContext; } + virtual Security::ContextPointer getSslContext() {return icapService->sslContext;} private: Adaptation::Icap::ServiceRep::Pointer icapService; diff --git a/src/anyp/PortCfg.cc b/src/anyp/PortCfg.cc index f607abc428..2a1184a2ff 100644 --- a/src/anyp/PortCfg.cc +++ b/src/anyp/PortCfg.cc @@ -119,7 +119,7 @@ AnyP::PortCfg::clone() const #if 0 // TODO: AYJ: 2015-01-15: for now SSL does not clone the context object. // cloning should only be done before the PortCfg is post-configure initialized and opened - SSL_CTX *sslContext; + Security::ContextPointer sslContext; #endif #endif /*0*/ diff --git a/src/client_side.cc b/src/client_side.cc index 313e93315e..338be92d59 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -3520,7 +3520,7 @@ httpAccept(const CommAcceptCbParams ¶ms) /** Create SSL connection structure and update fd_table */ static Security::SessionPointer -httpsCreate(const Comm::ConnectionPointer &conn, SSL_CTX *sslContext) +httpsCreate(const Comm::ConnectionPointer &conn, Security::ContextPointer sslContext) { if (auto ssl = Ssl::CreateServer(sslContext, conn->fd, "client https start")) { debugs(33, 5, "will negotate SSL on " << conn); @@ -3668,11 +3668,11 @@ clientNegotiateSSL(int fd, void *data) } /** - * If SSL_CTX is given, starts reading the SSL handshake. - * Otherwise, calls switchToHttps to generate a dynamic SSL_CTX. + * If Security::ContextPointer is given, starts reading the TLS handshake. + * Otherwise, calls switchToHttps to generate a dynamic Security::ContextPointer. */ static void -httpsEstablish(ConnStateData *connState, SSL_CTX *sslContext) +httpsEstablish(ConnStateData *connState, Security::ContextPointer sslContext) { Security::SessionPointer ssl = nullptr; assert(connState); @@ -3785,7 +3785,7 @@ ConnStateData::postHttpsAccept() acl_checklist->nonBlockingCheck(httpsSslBumpAccessCheckDone, this); return; } else { - SSL_CTX *sslContext = port->staticSslContext.get(); + Security::ContextPointer sslContext = port->staticSslContext.get(); httpsEstablish(this, sslContext); } } @@ -3940,7 +3940,7 @@ ConnStateData::getSslContextStart() if (!(sslServerBump && (sslServerBump->act.step1 == Ssl::bumpPeek || sslServerBump->act.step1 == Ssl::bumpStare))) { debugs(33, 5, "Finding SSL certificate for " << sslBumpCertKey << " in cache"); Ssl::LocalContextStorage * ssl_ctx_cache = Ssl::TheGlobalContextStorage.getLocalStorage(port->s); - SSL_CTX * dynCtx = NULL; + Security::ContextPointer dynCtx = nullptr; Ssl::SSL_CTX_Pointer *cachedCtx = ssl_ctx_cache ? ssl_ctx_cache->get(sslBumpCertKey.termedBuf()) : NULL; if (cachedCtx && (dynCtx = cachedCtx->get())) { debugs(33, 5, "SSL certificate for " << sslBumpCertKey << " found in cache"); @@ -3983,7 +3983,7 @@ ConnStateData::getSslContextStart() if (!Ssl::configureSSL(ssl, certProperties, *port)) debugs(33, 5, "Failed to set certificates to ssl object for PeekAndSplice mode"); } else { - SSL_CTX *dynCtx = Ssl::generateSslContext(certProperties, *port); + auto dynCtx = Ssl::generateSslContext(certProperties, *port); getSslContextDone(dynCtx, true); } return; @@ -3992,7 +3992,7 @@ ConnStateData::getSslContextStart() } void -ConnStateData::getSslContextDone(SSL_CTX * sslContext, bool isNew) +ConnStateData::getSslContextDone(Security::ContextPointer sslContext, bool isNew) { // Try to add generated ssl context to storage. if (port->generateHostCertificates && isNew) { @@ -4152,7 +4152,7 @@ clientPeekAndSpliceSSL(int fd, void *data) void ConnStateData::startPeekAndSplice() { // will call httpsPeeked() with certificate and connection, eventually - SSL_CTX *unConfiguredCTX = Ssl::createSSLContext(port->signingCert, port->signPkey, *port); + auto unConfiguredCTX = Ssl::createSSLContext(port->signingCert, port->signPkey, *port); fd_table[clientConnection->fd].dynamicSslContext = unConfiguredCTX; if (!httpsCreate(clientConnection, unConfiguredCTX)) diff --git a/src/client_side.h b/src/client_side.h index cd86fa4c69..5fedb74963 100644 --- a/src/client_side.h +++ b/src/client_side.h @@ -364,7 +364,7 @@ public: * * \param[in] isNew if generated certificate is new, so we need to add this certificate to storage. */ - void getSslContextDone(SSL_CTX * sslContext, bool isNew = false); + void getSslContextDone(Security::ContextPointer sslContext, bool isNew = false); /// Callback function. It is called when squid receive message from ssl_crtd. static void sslCrtdHandleReplyWrapper(void *data, const Helper::Reply &reply); /// Proccess response from ssl_crtd. diff --git a/src/fde.h b/src/fde.h index 01afa88280..e53d0e79c2 100644 --- a/src/fde.h +++ b/src/fde.h @@ -107,9 +107,7 @@ public: READ_HANDLER *read_method; WRITE_HANDLER *write_method; Security::SessionPointer ssl; -#if USE_OPENSSL - SSL_CTX *dynamicSslContext; ///< cached and then freed when fd is closed -#endif + Security::ContextPointer dynamicSslContext; ///< cached and then freed when fd is closed #if _SQUID_WINDOWS_ struct { long handle; @@ -159,9 +157,7 @@ private: read_method = NULL; write_method = NULL; ssl = NULL; -#if USE_OPENSSL dynamicSslContext = NULL; -#endif #if _SQUID_WINDOWS_ win32.handle = (long)NULL; #endif diff --git a/src/tests/stub_client_side.cc b/src/tests/stub_client_side.cc index 1006e8d81f..259d45ae26 100644 --- a/src/tests/stub_client_side.cc +++ b/src/tests/stub_client_side.cc @@ -72,7 +72,7 @@ void ConnStateData::quitAfterError(HttpRequest *request) STUB #if USE_OPENSSL void ConnStateData::httpsPeeked(Comm::ConnectionPointer serverConnection) STUB void ConnStateData::getSslContextStart() STUB -void ConnStateData::getSslContextDone(SSL_CTX * sslContext, bool isNew) STUB +void ConnStateData::getSslContextDone(Security::ContextPointer, bool) STUB void ConnStateData::sslCrtdHandleReplyWrapper(void *data, const Helper::Reply &reply) STUB void ConnStateData::sslCrtdHandleReply(const Helper::Reply &reply) STUB void ConnStateData::switchToHttps(HttpRequest *request, Ssl::BumpMode bumpServerMode) STUB -- 2.47.3