--------------------- PatchSet 8334 Date: 2006/07/02 20:13:12 Author: hno Branch: ssl-2_6 Tag: (none) Log: First steps in trying to get client-side certificate management in shape Members: src/cache_cf.c:1.77->1.77.2.1 src/client_side.c:1.128->1.128.2.1 src/ssl_support.c:1.11->1.11.2.1 src/structs.h:1.119->1.119.2.1 Index: squid/src/cache_cf.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/cache_cf.c,v retrieving revision 1.77 retrieving revision 1.77.2.1 diff -u -r1.77 -r1.77.2.1 --- squid/src/cache_cf.c 30 Jun 2006 21:52:12 -0000 1.77 +++ squid/src/cache_cf.c 2 Jul 2006 20:13:12 -0000 1.77.2.1 @@ -1,6 +1,6 @@ /* - * $Id: cache_cf.c,v 1.77 2006/06/30 21:52:12 squidadm Exp $ + * $Id: cache_cf.c,v 1.77.2.1 2006/07/02 20:13:12 hno Exp $ * * DEBUG: section 3 Configuration File Parsing * AUTHOR: Harvest Derived @@ -2723,6 +2723,10 @@ s->tproxy = 1; need_linux_tproxy = 1; #endif +#if USE_SSL + } else if (strncmp(token, "ssluserid=", 10) == 0) { + s->ssluserid = xstrdup(token + 10); +#endif } else { self_destruct(); } Index: squid/src/client_side.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/client_side.c,v retrieving revision 1.128 retrieving revision 1.128.2.1 diff -u -r1.128 -r1.128.2.1 --- squid/src/client_side.c 30 Jun 2006 21:52:12 -0000 1.128 +++ squid/src/client_side.c 2 Jul 2006 20:13:12 -0000 1.128.2.1 @@ -1,6 +1,6 @@ /* - * $Id: client_side.c,v 1.128 2006/06/30 21:52:12 squidadm Exp $ + * $Id: client_side.c,v 1.128.2.1 2006/07/02 20:13:12 hno Exp $ * * DEBUG: section 33 Client-side Routines * AUTHOR: Duane Wessels @@ -1309,7 +1309,11 @@ http->al.cache.rfc931 = conn->rfc931; } #if USE_SSL - http->al.cache.ssluser = sslGetUserEmail(fd_table[conn->fd].ssl); + if (conn->port->ssluserid) { + http->al.cache.ssluser = sslGetUserAttribute(fd_table[conn->fd].ssl, conn->port->ssluserid); + } else { + http->al.cache.ssluser = sslGetUserAttribute(fd_table[conn->fd].ssl, Config.SSL.ssluserid); + } #endif http->al.request = request; if (!http->acl_checklist) Index: squid/src/ssl_support.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/ssl_support.c,v retrieving revision 1.11 retrieving revision 1.11.2.1 diff -u -r1.11 -r1.11.2.1 --- squid/src/ssl_support.c 26 Jun 2006 15:52:40 -0000 1.11 +++ squid/src/ssl_support.c 2 Jul 2006 20:13:13 -0000 1.11.2.1 @@ -887,7 +887,6 @@ ret = ssl_get_attribute(name, attribute_name); X509_free(cert); - CRYPTO_free(name); return ret; } @@ -911,7 +910,6 @@ ret = ssl_get_attribute(name, attribute_name); X509_free(cert); - CRYPTO_free(name); return ret; } @@ -943,7 +941,7 @@ const char * sslGetUserEmail(SSL * ssl) { - return sslGetUserAttribute(ssl, "Email"); + return sslGetUserAttribute(ssl, "emailAddress"); } const char * Index: squid/src/structs.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/structs.h,v retrieving revision 1.119 retrieving revision 1.119.2.1 diff -u -r1.119 -r1.119.2.1 --- squid/src/structs.h 30 Jun 2006 21:52:14 -0000 1.119 +++ squid/src/structs.h 2 Jul 2006 20:13:13 -0000 1.119.2.1 @@ -1,6 +1,6 @@ /* - * $Id: structs.h,v 1.119 2006/06/30 21:52:14 squidadm Exp $ + * $Id: structs.h,v 1.119.2.1 2006/07/02 20:13:13 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -369,6 +369,9 @@ #if LINUX_TPROXY unsigned int tproxy; #endif +#if USE_SSL + char *ssluserid; /* needs to be here to keep generic code sane */ +#endif }; #if USE_SSL @@ -777,6 +780,7 @@ struct { int unclean_shutdown; char *ssl_engine; + char *ssluserid; } SSL; #endif struct {