--------------------- PatchSet 5873 Date: 2007/10/03 21:24:53 Author: amosjeffries Branch: squid3-ipv6 Tag: (none) Log: Add undocumented 'ipv4' option to http(s)_port options Allows admin to explicitly downgrade an http(s) port to IPv4-only. NP: apparently OpenSSL also does not support SSL over IPv6. Temporarily require IPv4-Only mode on https_ports' Will check this out myself later. Members: src/cache_cf.cc:1.40.2.42->1.40.2.43 Index: squid3/src/cache_cf.cc =================================================================== RCS file: /cvsroot/squid-sf//squid3/src/cache_cf.cc,v retrieving revision 1.40.2.42 retrieving revision 1.40.2.43 diff -u -r1.40.2.42 -r1.40.2.43 --- squid3/src/cache_cf.cc 30 Sep 2007 16:13:29 -0000 1.40.2.42 +++ squid3/src/cache_cf.cc 3 Oct 2007 21:24:53 -0000 1.40.2.43 @@ -1,6 +1,6 @@ /* - * $Id: cache_cf.cc,v 1.40.2.42 2007/09/30 16:13:29 serassio Exp $ + * $Id: cache_cf.cc,v 1.40.2.43 2007/10/03 21:24:53 amosjeffries Exp $ * * DEBUG: section 3 Configuration File Parsing * AUTHOR: Harvest Derived @@ -2772,6 +2772,7 @@ safe_free(s->name); s->name = xstrdup(token + 5); } else if (strcmp(token, "transparent") == 0) { + // TODO: make squid barf when this option is passed to https_port */ s->transparent = 1; #if USE_IPV6 /* INET6: until transparent REDIRECT works on IPv6 SOCKET, force wildcard to IPv4 */ @@ -2817,7 +2818,13 @@ } #endif #endif - + } else if (strcmp(token, "ipv4") == 0) { +#if USE_IPV6 + if( !s->s.SetIPv4() ) { + debugs(3, 0, "http(s)_port: IPv6 addresses cannot be used a IPv4-Only." << s->s ); + self_destruct(); + } +#endif } else { self_destruct(); } @@ -2966,6 +2973,14 @@ parse_http_port_specification(&s->http, token); +#if USE_IPV6 + /* INET6: until openssl supports IPv6 force wildcard to IPv4 */ + if( !s->http.s.SetIPv4() ) { + debugs(3, 0, "https_port: OpenSSL does not yet support IPv6 addresses." << s->s ); + self_destruct(); + } +#endif + /* parse options ... */ while ((token = strtok(NULL, w_space))) { if (strncmp(token, "cert=", 5) == 0) {