Skip to content

V4 next backports#152

Merged
yadij merged 3 commits intosquid-cache:v4.0from
squidadm:v4-next-backports
Feb 16, 2018
Merged

V4 next backports#152
yadij merged 3 commits intosquid-cache:v4.0from
squidadm:v4-next-backports

Conversation

@squidadm
Copy link
Collaborator

No description provided.

…squid-cache#81)

Move the http_port cert= and key= options logic to libsecurity and add GnuTLS implementation for PEM file loading. Also adds some extra debugging to clarify listening port initialization problems with the PEM files.

Enable most of the http(s)_port listening socket logic to always build except where OpenSSL-specific dependency still exists. It may seem reasonable to leave it optionally excluded for minimal builds, however a minimal proxy that does not support HTTPS in any way is increasingly useless in the modern web so preference is given to building the generic TLS related code. This also simplifies the required testing to detect code portability issues.

GnuTLS implementation is added for https_port configured with static cert=/key= parameters and the resulting TLS handshake behaviour. Squid built with GnuTLS can now act as useful parent proxies behind a SSL-Bump'ing frontend or for other clients which require a TLS explicit proxy.

Also fixes the definitions for the CertPointer and PrivateKeyPointer.
* Remove self-signed CA check

This check is not needed when loading the initial cert portion of a PEM file
as it will be performed later when loading the chain and was causing
self-signed CA to be rejected incorrectly.

* Fix a typo in debugs output

* Always generate static context from tls-cert= parameter

... if a cert= is provided. SSL-Bump still (for now) requires a static context as fallback when generate fails.

* Revert tlsAttemptHandshake to Squid_SSL_Accept API

* Update const correctness

* Document when initialization is skipped
@squid-prbot
Copy link
Collaborator

Can one of the admins verify this patch?

@yadij
Copy link
Contributor

yadij commented Feb 16, 2018

OK to test

@yadij yadij merged commit 6375c3b into squid-cache:v4.0 Feb 16, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants