--------------------- PatchSet 7752 Date: 2006/05/15 11:53:40 Author: hno Branch: ssl-2_5 Tag: (none) Log: Indent Members: src/client_side.c:1.47.2.21.2.33->1.47.2.21.2.34 src/comm.c:1.18.6.2.8.8->1.18.6.2.8.9 src/forward.c:1.13.6.1.8.20->1.13.6.1.8.21 src/http.c:1.17.6.3.2.15->1.17.6.3.2.16 src/ssl_support.c:1.6.6.1.2.18->1.6.6.1.2.19 src/ssl_support.h:1.5.44.6->1.5.44.7 src/structs.h:1.48.2.8.2.30->1.48.2.8.2.31 Index: squid/src/client_side.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/client_side.c,v retrieving revision 1.47.2.21.2.33 retrieving revision 1.47.2.21.2.34 diff -u -r1.47.2.21.2.33 -r1.47.2.21.2.34 --- squid/src/client_side.c 18 Apr 2006 15:57:52 -0000 1.47.2.21.2.33 +++ squid/src/client_side.c 15 May 2006 11:53:40 -0000 1.47.2.21.2.34 @@ -1,6 +1,6 @@ /* - * $Id: client_side.c,v 1.47.2.21.2.33 2006/04/18 15:57:52 hno Exp $ + * $Id: client_side.c,v 1.47.2.21.2.34 2006/05/15 11:53:40 hno Exp $ * * DEBUG: section 33 Client-side Routines * AUTHOR: Duane Wessels @@ -151,7 +151,7 @@ static BODY_HANDLER clientReadBody; static void clientAbortBody(request_t * req); #if USE_SSL -static void httpsAcceptSSL(ConnStateData *connState, SSL_CTX * sslContext); +static void httpsAcceptSSL(ConnStateData * connState, SSL_CTX * sslContext); #endif static int @@ -2468,9 +2468,9 @@ #if USE_SSL && SSL_CONNECT_INTERCEPT if (Config.Sockaddr.https) { static const char ok[] = "HTTP/1.0 200 Established\r\n\r\n"; - write(http->conn->fd, ok, strlen(ok)); + write(http->conn->fd, ok, strlen(ok)); httpsAcceptSSL(http->conn, Config.Sockaddr.https->sslContext); - httpRequestFree(http); + httpRequestFree(http); } else #endif sslStart(http, &http->out.size, &http->al.http.code); @@ -3624,20 +3624,20 @@ } fd_table[fd].read_pending = COMM_PENDING_NOW; if (SSL_session_reused(ssl)) { - debug(83, 2) ("clientNegotiateSSL: Session %p reused on FD %d (%s:%d)\n", SSL_get_session(ssl), fd, fd_table[fd].ipaddr, (int)fd_table[fd].remote_port); + debug(83, 2) ("clientNegotiateSSL: Session %p reused on FD %d (%s:%d)\n", SSL_get_session(ssl), fd, fd_table[fd].ipaddr, (int) fd_table[fd].remote_port); } else { if (do_debug(83, 4)) { /* Write out the SSL session details.. actually the call below, but * OpenSSL headers do strange typecasts confusing GCC.. */ /* PEM_write_SSL_SESSION(debug_log, SSL_get_session(ssl)); */ #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x0090708FL - PEM_ASN1_write((i2d_of_void *)i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *)SSL_get_session(ssl), NULL,NULL,0,NULL,NULL); + PEM_ASN1_write((i2d_of_void *) i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *) SSL_get_session(ssl), NULL, NULL, 0, NULL, NULL); #else - PEM_ASN1_write(i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *)SSL_get_session(ssl), NULL,NULL,0,NULL,NULL); + PEM_ASN1_write(i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *) SSL_get_session(ssl), NULL, NULL, 0, NULL, NULL); #endif /* Note: This does not automatically fflush the log file.. */ } - debug(83, 2) ("clientNegotiateSSL: New session %p on FD %d (%s:%d)\n", SSL_get_session(ssl), fd, fd_table[fd].ipaddr, (int)fd_table[fd].remote_port); + debug(83, 2) ("clientNegotiateSSL: New session %p on FD %d (%s:%d)\n", SSL_get_session(ssl), fd, fd_table[fd].ipaddr, (int) fd_table[fd].remote_port); } debug(83, 3) ("clientNegotiateSSL: FD %d negotiated cipher %s\n", fd, SSL_get_cipher(ssl)); @@ -3664,7 +3664,7 @@ CBDATA_TYPE(https_port_data); static void -httpsAcceptSSL(ConnStateData *connState, SSL_CTX * sslContext) +httpsAcceptSSL(ConnStateData * connState, SSL_CTX * sslContext) { SSL *ssl; fde *F; Index: squid/src/comm.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/comm.c,v retrieving revision 1.18.6.2.8.8 retrieving revision 1.18.6.2.8.9 diff -u -r1.18.6.2.8.8 -r1.18.6.2.8.9 --- squid/src/comm.c 2 Nov 2005 22:42:33 -0000 1.18.6.2.8.8 +++ squid/src/comm.c 15 May 2006 11:53:41 -0000 1.18.6.2.8.9 @@ -1,6 +1,6 @@ /* - * $Id: comm.c,v 1.18.6.2.8.8 2005/11/02 22:42:33 hno Exp $ + * $Id: comm.c,v 1.18.6.2.8.9 2006/05/15 11:53:41 hno Exp $ * * DEBUG: section 5 Socket Functions * AUTHOR: Harvest Derived @@ -594,14 +594,13 @@ { int ret; LOCAL_ARRAY(char, buf, 1024); - + ret = FD_READ_METHOD(fd, buf, 1024); if (n < 0 && errno != EAGAIN) { debug(5, 3) ("commLingerSSLClose: FD %d read: %s\n", fd, xstrerror()); comm_close(fd); return; } - ret = ssl_shutdown_method(fd); if (ret == -1 && errno == EAGAIN) { commSetSelect(fd, COMM_SELECT_WRITE, commLingerSSLClose, NULL, 0); Index: squid/src/forward.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/forward.c,v retrieving revision 1.13.6.1.8.20 retrieving revision 1.13.6.1.8.21 diff -u -r1.13.6.1.8.20 -r1.13.6.1.8.21 --- squid/src/forward.c 28 Apr 2006 09:44:11 -0000 1.13.6.1.8.20 +++ squid/src/forward.c 15 May 2006 11:53:41 -0000 1.13.6.1.8.21 @@ -1,6 +1,6 @@ /* - * $Id: forward.c,v 1.13.6.1.8.20 2006/04/28 09:44:11 hno Exp $ + * $Id: forward.c,v 1.13.6.1.8.21 2006/05/15 11:53:41 hno Exp $ * * DEBUG: section 17 Request Forwarding * AUTHOR: Duane Wessels @@ -261,7 +261,7 @@ #if NOT_YET if (verify_domain) { char *host; - STACK_OF(GENERAL_NAME) *altnames; + STACK_OF(GENERAL_NAME) * altnames; if (fs->peer) { if (fs->peer->ssldomain) host = fs->peer->ssldomain; @@ -271,7 +271,7 @@ host = fs->request->host; } if (!ssl_verify_domain(host, ssl)) { - debug(17, 1)("Warning: SSL certificate does not match host name '%s'\n", host); + debug(17, 1) ("Warning: SSL certificate does not match host name '%s'\n", host); } } #endif Index: squid/src/http.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/http.c,v retrieving revision 1.17.6.3.2.15 retrieving revision 1.17.6.3.2.16 diff -u -r1.17.6.3.2.15 -r1.17.6.3.2.16 --- squid/src/http.c 2 Nov 2005 22:42:33 -0000 1.17.6.3.2.15 +++ squid/src/http.c 15 May 2006 11:53:41 -0000 1.17.6.3.2.16 @@ -1,6 +1,6 @@ /* - * $Id: http.c,v 1.17.6.3.2.15 2005/11/02 22:42:33 hno Exp $ + * $Id: http.c,v 1.17.6.3.2.16 2006/05/15 11:53:41 hno Exp $ * * DEBUG: section 11 Hypertext Transfer Protocol (HTTP) * AUTHOR: Harvest Derived @@ -1039,7 +1039,6 @@ if (flags.front_end_https == 1 || request->protocol == PROTO_HTTPS) httpHeaderPutStr(hdr_out, HDR_FRONT_END_HTTPS, "On"); } - /* Now mangle the headers. */ httpHdrMangleList(hdr_out, orig_request); stringClean(&strConnection); Index: squid/src/ssl_support.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/ssl_support.c,v retrieving revision 1.6.6.1.2.18 retrieving revision 1.6.6.1.2.19 diff -u -r1.6.6.1.2.18 -r1.6.6.1.2.19 --- squid/src/ssl_support.c 28 Apr 2006 09:44:12 -0000 1.6.6.1.2.18 +++ squid/src/ssl_support.c 15 May 2006 11:53:42 -0000 1.6.6.1.2.19 @@ -41,7 +41,7 @@ FILE *in; int len = 0; char cmdline[1024]; - snprintf(cmdline, sizeof(cmdline), "\"%s\" \"%s\"", Config.Program.ssl_password, (const char *)userdata); + snprintf(cmdline, sizeof(cmdline), "\"%s\" \"%s\"", Config.Program.ssl_password, (const char *) userdata); in = popen(cmdline, "r"); if (fgets(buf, size, in)) len = strlen(buf); @@ -53,11 +53,11 @@ } static void -ssl_ask_password(SSL_CTX * context, const char * prompt) +ssl_ask_password(SSL_CTX * context, const char *prompt) { if (Config.Program.ssl_password) { SSL_CTX_set_default_passwd_cb(context, ssl_ask_password_cb); - SSL_CTX_set_default_passwd_cb_userdata(context, (void *)prompt); + SSL_CTX_set_default_passwd_cb_userdata(context, (void *) prompt); } } @@ -85,21 +85,19 @@ rsa = rsa_1024; break; default: - debug(83,1)("ssl_temp_rsa_cb: Unexpected key length %d\n", keylen); + debug(83, 1) ("ssl_temp_rsa_cb: Unexpected key length %d\n", keylen); return NULL; } if (rsa == NULL) { - debug(83,1)("ssl_temp_rsa_cb: Failed to generate key %d\n", keylen); + debug(83, 1) ("ssl_temp_rsa_cb: Failed to generate key %d\n", keylen); return NULL; } - if (newkey) { if (do_debug(83, 5)) PEM_write_RSAPrivateKey(debug_log, rsa, NULL, NULL, 0, NULL, NULL); - debug(83,1)("Generated ephemeral RSA key of length %d\n", keylen); + debug(83, 1) ("Generated ephemeral RSA key of length %d\n", keylen); } - return rsa; } @@ -398,19 +396,19 @@ } static int -ssl_load_crl(SSL_CTX *sslContext, const char *CRLfile) +ssl_load_crl(SSL_CTX * sslContext, const char *CRLfile) { X509_STORE *st = SSL_CTX_get_cert_store(sslContext); X509_CRL *crl; BIO *in = BIO_new_file(CRLfile, "r"); int count = 0; if (!in) { - debug(83, 2)("WARNING: Failed to open CRL file '%s'\n", CRLfile); + debug(83, 2) ("WARNING: Failed to open CRL file '%s'\n", CRLfile); return 0; } - while ((crl = PEM_read_bio_X509_CRL(in,NULL,NULL,NULL))) { + while ((crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL))) { if (!X509_STORE_add_crl(st, crl)) - debug(83, 2)("WARNING: Failed to add CRL from file '%s'\n", CRLfile); + debug(83, 2) ("WARNING: Failed to add CRL from file '%s'\n", CRLfile); else count++; X509_CRL_free(crl); @@ -467,13 +465,11 @@ SSL_CTX_set_options(sslContext, ssl_parse_options(options)); if (context && *context) { - SSL_CTX_set_session_id_context(sslContext, (unsigned char *)context, strlen(context)); + SSL_CTX_set_session_id_context(sslContext, (unsigned char *) context, strlen(context)); } - if (fl & SSL_FLAG_NO_SESSION_REUSE) { SSL_CTX_set_session_cache_mode(sslContext, SSL_SESS_CACHE_OFF); } - if (Config.SSL.unclean_shutdown) { debug(83, 5) ("Enabling quiet SSL shutdowns (RFC violation).\n"); SSL_CTX_set_quiet_shutdown(sslContext, 1); @@ -513,7 +509,7 @@ debug(83, 9) ("Setting CA certificate locations.\n"); if ((CAfile || CApath) && (!SSL_CTX_load_verify_locations(sslContext, CAfile, CApath))) { - ssl_error = ERR_get_error(); + ssl_error = ERR_get_error(); debug(83, 1) ("Error error setting CA certificate locations: %s\n", ERR_error_string(ssl_error, NULL)); debug(83, 1) ("continuing anyway...\n"); @@ -526,7 +522,7 @@ debug(83, 1) ("continuing anyway...\n"); } if (clientCA) { - STACK_OF(X509_NAME) *cert_names; + STACK_OF(X509_NAME) * cert_names; debug(83, 9) ("Set client certifying authority list.\n"); cert_names = SSL_load_client_CA_file(clientCA); if (cert_names == NULL) { @@ -548,7 +544,7 @@ } #ifdef X509_V_FLAG_CRL_CHECK if (fl & SSL_FLAG_VERIFY_CRL_ALL) - X509_STORE_set_flags(SSL_CTX_get_cert_store(sslContext), X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); + X509_STORE_set_flags(SSL_CTX_get_cert_store(sslContext), X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); else if (fl & SSL_FLAG_VERIFY_CRL) X509_STORE_set_flags(SSL_CTX_get_cert_store(sslContext), X509_V_FLAG_CRL_CHECK); #endif @@ -687,7 +683,7 @@ } #ifdef X509_V_FLAG_CRL_CHECK if (fl & SSL_FLAG_VERIFY_CRL_ALL) - X509_STORE_set_flags(SSL_CTX_get_cert_store(sslContext), X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); + X509_STORE_set_flags(SSL_CTX_get_cert_store(sslContext), X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); else if (fl & SSL_FLAG_VERIFY_CRL) X509_STORE_set_flags(SSL_CTX_get_cert_store(sslContext), X509_V_FLAG_CRL_CHECK); #endif @@ -739,11 +735,11 @@ break; if (errno == ECONNRESET) break; - debug (83, 2) ("SSL fd %d read error %s (%d)\n", fd, strerror(errno), errno); + debug(83, 2) ("SSL fd %d read error %s (%d)\n", fd, strerror(errno), errno); break; default: - debug (83, 2) ("SSL fd %d read error %s (%d/%d)\n", fd, ERR_error_string(ERR_get_error(), NULL), i, err); + debug(83, 2) ("SSL fd %d read error %s (%d/%d)\n", fd, ERR_error_string(ERR_get_error(), NULL), i, err); break; } } @@ -763,7 +759,6 @@ errno = ENOTCONN; return -1; } - errno = 0; ERR_clear_error(); i = SSL_write(ssl, buf, len); @@ -790,11 +785,11 @@ break; if (errno == ECONNRESET) break; - debug (83, 2) ("SSL fd %d write error %s (%d)\n", fd, strerror(errno), errno); + debug(83, 2) ("SSL fd %d write error %s (%d)\n", fd, strerror(errno), errno); break; default: - debug (83, 2) ("SSL fd %d write error %s (%d/%d)\n", fd, ERR_error_string(ERR_get_error(), NULL), i, err); + debug(83, 2) ("SSL fd %d write error %s (%d/%d)\n", fd, ERR_error_string(ERR_get_error(), NULL), i, err); i = -1; break; } @@ -812,7 +807,6 @@ errno = ENOTCONN; return 0; } - ERR_clear_error(); ret = SSL_shutdown(ssl); if (ret <= 0) { @@ -948,7 +942,7 @@ } const char * -sslGetUserCertificatePEM(SSL *ssl) +sslGetUserCertificatePEM(SSL * ssl) { X509 *cert; BIO *mem; @@ -959,12 +953,12 @@ safe_free(str); if (!ssl) - return NULL; + return NULL; cert = SSL_get_peer_certificate(ssl); if (!cert) - return NULL; + return NULL; mem = BIO_new(BIO_s_mem()); @@ -973,7 +967,7 @@ len = BIO_get_mem_data(mem, &ptr); - str = (char *)xmalloc(len + 1); + str = (char *) xmalloc(len + 1); memcpy(str, ptr, len); str[len] = '\0'; @@ -984,9 +978,9 @@ } const char * -sslGetUserCertificateChainPEM(SSL *ssl) +sslGetUserCertificateChainPEM(SSL * ssl) { - STACK_OF(X509) *chain; + STACK_OF(X509) * chain; BIO *mem; static char *str = NULL; char *ptr; @@ -996,12 +990,12 @@ safe_free(str); if (!ssl) - return NULL; + return NULL; chain = SSL_get_peer_cert_chain(ssl); if (!chain) - return sslGetUserCertificatePEM(ssl); + return sslGetUserCertificatePEM(ssl); mem = BIO_new(BIO_s_mem()); @@ -1012,7 +1006,7 @@ len = BIO_get_mem_data(mem, &ptr); - str = (char *)xmalloc(len + 1); + str = (char *) xmalloc(len + 1); memcpy(str, ptr, len); str[len] = '\0'; @@ -1023,13 +1017,13 @@ #if NOT_YET int -ssl_verify_domain(const char *host, SSL *ssl) +ssl_verify_domain(const char *host, SSL * ssl) { int i; int found = 0; char name[1024]; - STACK_OF(GENERAL_NAME) *altnames; - altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL); + STACK_OF(GENERAL_NAME) * altnames; + altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL); if (altnames) { int numalts = sk_GENERAL_NAME_num(altnames); debug(83, 3) ("Verifying server domain %s to certificate subjectAltName\n", host); @@ -1070,7 +1064,7 @@ } if (found) { return 1; - else { + } else { debug(83, 2) ("ERROR: Certificate does not match domainname %s\n", host); return 0; } Index: squid/src/ssl_support.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/ssl_support.h,v retrieving revision 1.5.44.6 retrieving revision 1.5.44.7 diff -u -r1.5.44.6 -r1.5.44.7 --- squid/src/ssl_support.h 2 Dec 2004 00:53:42 -0000 1.5.44.6 +++ squid/src/ssl_support.h 15 May 2006 11:53:42 -0000 1.5.44.7 @@ -53,10 +53,10 @@ int ssl_shutdown_method(int); int ssl_verify_domain(const char *host, SSL *); -const char *sslGetUserEmail(SSL *ssl); -const char *sslGetUserAttribute(SSL *ssl, const char *attribute); -const char *sslGetCAAttribute(SSL *ssl, const char *attribute); -const char *sslGetUserCertificatePEM(SSL *ssl); -const char *sslGetUserCertificateChainPEM(SSL *ssl); +const char *sslGetUserEmail(SSL * ssl); +const char *sslGetUserAttribute(SSL * ssl, const char *attribute); +const char *sslGetCAAttribute(SSL * ssl, const char *attribute); +const char *sslGetUserCertificatePEM(SSL * ssl); +const char *sslGetUserCertificateChainPEM(SSL * ssl); #endif /* SQUID_SSL_SUPPORT_H */ Index: squid/src/structs.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/structs.h,v retrieving revision 1.48.2.8.2.30 retrieving revision 1.48.2.8.2.31 diff -u -r1.48.2.8.2.30 -r1.48.2.8.2.31 --- squid/src/structs.h 28 Apr 2006 09:44:12 -0000 1.48.2.8.2.30 +++ squid/src/structs.h 15 May 2006 11:53:42 -0000 1.48.2.8.2.31 @@ -1,6 +1,6 @@ /* - * $Id: structs.h,v 1.48.2.8.2.30 2006/04/28 09:44:12 hno Exp $ + * $Id: structs.h,v 1.48.2.8.2.31 2006/05/15 11:53:42 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -53,6 +53,7 @@ splayNode *values; char *attribute; }; + #endif struct _acl_user_data { @@ -366,6 +367,7 @@ char *sslcontext; SSL_CTX *sslContext; }; + #endif #if DELAY_POOLS