--------------------- PatchSet 6092 Date: 2007/11/06 16:02:33 Author: rousskov Branch: ssl-bump Tag: (none) Log: Guarded sslBump code with USE_SSL. Members: src/client_side.cc:1.139.6.4->1.139.6.5 src/client_side_request.cc:1.80.2.2->1.80.2.3 src/client_side_request.h:1.30.6.1->1.30.6.2 Index: squid3/src/client_side.cc =================================================================== RCS file: /cvsroot/squid-sf//squid3/src/client_side.cc,v retrieving revision 1.139.6.4 retrieving revision 1.139.6.5 diff -u -r1.139.6.4 -r1.139.6.5 --- squid3/src/client_side.cc 6 Nov 2007 00:21:31 -0000 1.139.6.4 +++ squid3/src/client_side.cc 6 Nov 2007 16:02:33 -0000 1.139.6.5 @@ -1,6 +1,6 @@ /* - * $Id: client_side.cc,v 1.139.6.4 2007/11/06 00:21:31 rousskov Exp $ + * $Id: client_side.cc,v 1.139.6.5 2007/11/06 16:02:33 rousskov Exp $ * * DEBUG: section 33 Client-side Routines * AUTHOR: Duane Wessels @@ -163,7 +163,6 @@ static void connCancelIncompleteRequests(ConnStateData::Pointer & conn); static ConnStateData *connStateCreate(struct sockaddr_in *peer, struct sockaddr_in *me, int fd, http_port_list *port); -static SSL *httpsCreate(int newfd, ConnectionDetail *details, SSL_CTX *sslContext); int @@ -2808,6 +2807,30 @@ #if USE_SSL +// Create SSL connection structure and update fd_table +static SSL * +httpsCreate(int newfd, ConnectionDetail *details, SSL_CTX *sslContext) +{ + SSL *ssl = SSL_new(sslContext); + + if (!ssl) { + const int ssl_error = ERR_get_error(); + debugs(83, 1, "httpsAccept: Error allocating handle: " << ERR_error_string(ssl_error, NULL) ); + comm_close(newfd); + return NULL; + } + + SSL_set_fd(ssl, newfd); + fd_table[newfd].ssl = ssl; + fd_table[newfd].read_method = &ssl_read_method; + fd_table[newfd].write_method = &ssl_write_method; + + debugs(33, 5, "httpsCreate: will negotate SSL on FD " << newfd); + fd_note(newfd, "client https start"); + + return ssl; +} + /* negotiate an SSL connection */ static void clientNegotiateSSL(int fd, void *data) @@ -3023,29 +3046,6 @@ return true; } -static SSL * -httpsCreate(int newfd, ConnectionDetail *details, SSL_CTX *sslContext) -{ - SSL *ssl = SSL_new(sslContext); - - if (!ssl) { - const int ssl_error = ERR_get_error(); - debugs(83, 1, "httpsAccept: Error allocating handle: " << ERR_error_string(ssl_error, NULL) ); - comm_close(newfd); - return NULL; - } - - SSL_set_fd(ssl, newfd); - fd_table[newfd].ssl = ssl; - fd_table[newfd].read_method = &ssl_read_method; - fd_table[newfd].write_method = &ssl_write_method; - - debugs(33, 5, "httpsCreate: will negotate SSL on FD " << newfd); - fd_note(newfd, "client https start"); - - return ssl; -} - #endif /* USE_SSL */ @@ -3062,12 +3062,14 @@ continue; } +#if USE_SSL if (s->sslBump && s->sslContext == NULL) { debugs(1, 1, "Can not switch to HTTPS at " << inet_ntoa(s->http.s.sin_addr) << ", port " << (int) ntohs(s->http.s.sin_port)); // XXX: Should we abort then, perhaps when creating context? } +#endif enter_suid(); fd = comm_open(SOCK_STREAM, Index: squid3/src/client_side_request.cc =================================================================== RCS file: /cvsroot/squid-sf//squid3/src/client_side_request.cc,v retrieving revision 1.80.2.2 retrieving revision 1.80.2.3 diff -u -r1.80.2.2 -r1.80.2.3 --- squid3/src/client_side_request.cc 6 Nov 2007 00:23:13 -0000 1.80.2.2 +++ squid3/src/client_side_request.cc 6 Nov 2007 16:02:34 -0000 1.80.2.3 @@ -1,6 +1,6 @@ /* - * $Id: client_side_request.cc,v 1.80.2.2 2007/11/06 00:23:13 rousskov Exp $ + * $Id: client_side_request.cc,v 1.80.2.3 2007/11/06 16:02:34 rousskov Exp $ * * DEBUG: section 85 Client-side Request Routines * AUTHOR: Robert Collins (Originally Duane Wessels in client_side.c) @@ -880,10 +880,12 @@ { debugs(85, 4, "clientProcessRequest: " << RequestMethodStr[request->method] << " '" << uri << "'"); +#if USE_SSL if (request->method == METHOD_CONNECT && getConn()->port->sslBump) { sslBumpStart(); return; } +#endif if (request->method == METHOD_CONNECT && !redirect.status) { logType = LOG_TCP_MISS; @@ -909,6 +911,7 @@ PROF_stop(httpStart); } +#if USE_SSL // call when comm_write has completed static void SslBumpEstablish(int, char *, size_t, comm_err_t errflag, int, void *data) @@ -951,6 +954,8 @@ &SslBumpEstablish, this, NULL); } +#endif + bool ClientHttpRequest::gotEnough() const { Index: squid3/src/client_side_request.h =================================================================== RCS file: /cvsroot/squid-sf//squid3/src/client_side_request.h,v retrieving revision 1.30.6.1 retrieving revision 1.30.6.2 diff -u -r1.30.6.1 -r1.30.6.2 --- squid3/src/client_side_request.h 5 Nov 2007 17:52:37 -0000 1.30.6.1 +++ squid3/src/client_side_request.h 6 Nov 2007 16:02:34 -0000 1.30.6.2 @@ -1,6 +1,6 @@ /* - * $Id: client_side_request.h,v 1.30.6.1 2007/11/05 17:52:37 rousskov Exp $ + * $Id: client_side_request.h,v 1.30.6.2 2007/11/06 16:02:34 rousskov Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -83,8 +83,6 @@ bool multipartRangeRequest() const; void processRequest(); void httpStart(); - void sslBumpStart(); - void sslBumpEstablish(comm_err_t errflag); bool onlyIfCached()const; bool gotEnough() const; _SQUID_INLINE_ StoreEntry *storeEntry() const; @@ -160,6 +158,12 @@ StoreEntry *loggingEntry_; ConnStateData::Pointer conn_; +#if USE_SSL +public: + void sslBumpStart(); + void sslBumpEstablish(comm_err_t errflag); +#endif + #if ICAP_CLIENT public: