git.ipfire.org Git - thirdparty/squid.git/commit

author	Amos Jeffries <yadij@users.noreply.github.com>
	Sun, 7 Jan 2018 14:31:16 +0000 (03:31 +1300)
committer	GitHub <noreply@github.com>
	Sun, 7 Jan 2018 14:31:16 +0000 (03:31 +1300)
commit	505f9427c55a365b464f1b204880df1d3ccccb7f
tree	672926be26a043353f741ec2262d024e8819d3df	tree
parent	7d5ae477d77206d557749a9596771d8a4c1d462f	commit \| diff

Bug 4631: security_file_certgen helper without disk cache (#95)

* disable the certificate DB disk cache if -s and -M command line options are omitted.

E.g. with this you can change squid.conf from:
sslcrtd_program security_file_certgen -s /var/lib/ssl_db -M 32MB
...to...
sslcrtd_program security_file_certgen

...and it will operate without the disk cache, generating certs fresh every time.

* Remove Ssl::CertificateDb::IsEnabledDiskStore()
Make the CertificateDb temporary objects dynamically allocated instead.

* Do command line checks in main() not the CertificateDb object.
This avoids a risky constructor exception and simplifies validity testing of parameters.

* Update man(8) documentation

The helper version is now 1.1. A minor version bump since it is being kept compatible with
installations using 1.0 properly but new feature available.

Also simplify the command line SYNOPSIS and incomplete mention of sslcrtd_* squid.conf directives.

src/security/cert_generators/file/certificate_db.cc		diff \| blob \| blame \| history
src/security/cert_generators/file/certificate_db.h		diff \| blob \| blame \| history
src/security/cert_generators/file/security_file_certgen.8.in		diff \| blob \| blame \| history
src/security/cert_generators/file/security_file_certgen.cc		diff \| blob \| blame \| history