~ubuntu-branches/ubuntu/wily/trafficserver/wily

Viewing changes to iocore/net/SSLCertLookup.cc

Committer: Package Import Robot
Author(s): Arno Töll
Date: 2011-12-11 00:45:45 UTC
mfrom: (5.1.3 sid)
Revision ID: package-import@ubuntu.com-20111211004545-5h7wnetmocctwqp0

Tags: 3.0.2-1

* New upstream release
  + Includes former Debian specific patch which makes sure the upstream
    configure script does not override any -O flags passed by the user
    anymore.
* Adapt to dpkg 1.16.1 API changes regarding build flags. This enables
  hardening build flags. This means, trafficserver is now being built with
  -fstack-protector and other security related build flags.
* Add dpkg-dev (>= 1.16.1~) to build-depends to make sure our buildflags are
  properly supported. That's guaranteed for Testing, but might be helpful to
  know for backporters.
* Fix several issues in the DEP-5 syntax. Unfortunately there is no way to
  express that a file is subject to different license agreements so far.
* Do not install the upstream changelog twice anymore
* Finally run regression checks again, now as build failures are sorted out.

files added:
debian/patches

lib/ts/ink_sys_control.cc

lib/ts/ink_sys_control.h

files modified:
CHANGES

STATUS

build/aux/config.guess

build/aux/config.sub

build/aux/ltmain.sh

build/libtool.m4

configure

configure.ac

contrib/perl/AdminClient/lib/Apache/TS/AdminClient.pm

debian/changelog

debian/control

debian/copyright

debian/docs

debian/rules

iocore/cluster/ClusterHandler.cc

iocore/hostdb/MultiCache.cc

iocore/net/P_SSLCertLookup.h

iocore/net/P_SSLConfig.h

iocore/net/P_SSLNetProcessor.h

iocore/net/SSLCertLookup.cc

iocore/net/SSLConfig.cc

iocore/net/SSLNet.cc

iocore/net/SSLNetVConnection.cc

iocore/net/UnixNetVConnection.cc

lib/ts/Makefile.am

lib/ts/Makefile.in

lib/ts/test_Map.cc

lib/ts/test_atomic.cc

lib/ts/test_freelist.cc

lib/tsconfig/TsConfigGrammar.y

mgmt/Main.cc

mgmt/RecordsConfig.cc

proxy/Initialize.cc

proxy/InkAPI.cc

proxy/InkAPITest.cc

proxy/Main.cc

proxy/PluginVC.cc

proxy/api/ts/ts.h.in

proxy/config/records.config.default.in

proxy/config/remap.config.default

proxy/config/ssl_multicert.config.default

proxy/hdrs/HdrToken.cc

proxy/hdrs/MIME.cc

proxy/http/HttpConfig.cc

proxy/http/HttpConfig.h

proxy/http/HttpSM.cc

proxy/http/HttpTransact.cc

proxy/logging/LogAccess.cc

proxy/logging/LogStandalone.cc

proxy/logstats.cc

Show diffs side-by-side

added added

removed removed

iocore/net/SSLCertLookup.cc

#define SSL_IP_TAG "dest_ip"

#define SSL_CERT_TAG "ssl_cert_name"

#define SSL_PRIVATE_KEY_TAG "ssl_key_name"

#define SSL_CA_TAG "ssl_ca_name"

const char *moduleName = "SSLCertLookup";

const matcher_tags sslCertTags = {

bool ret = 0;

char *addr = NULL;

char *sslCert = NULL;

char *sslCa = NULL;

char *priKey = NULL;

matcher_line line_info;

bool alarmAlready = false;

// Table should be empty

// ink_assert(num_el == 0);

Debug("ssl", "ssl_multicert.config: %s", configFilePath);

if (configFilePath)

file_buf = readIntoBuffer(configFilePath, moduleName, NULL);

103

106

} else {

104

107

ink_assert(line_info.type == MATCH_IP);

105

108

106

errPtr = extractIPAndCert(&line_info, &addr, &sslCert, &priKey);

109

errPtr = extractIPAndCert(&line_info, &addr, &sslCert, &sslCa, &priKey);

107

110

108

111

if (errPtr != NULL) {

109

112

snprintf(errBuf, 1024, "%s discarding %s entry at line %d : %s",

111

114

IOCORE_SignalError(errBuf, alarmAlready);

112

115

} else {

113

116

if (addr != NULL && sslCert != NULL) {

114

addInfoToHash(addr, sslCert, priKey);

117

addInfoToHash(addr, sslCert, sslCa, priKey);

115

118

ret = 1;

116

119

}

117

120

xfree(sslCert);

121

xfree(sslCa);

118

122

xfree(priKey);

119

123

xfree(addr);

120

124

addr = NULL;

143

147

}

144

148

145

149

const char *

146

SSLCertLookup::extractIPAndCert(matcher_line * line_info, char **addr, char **cert, char **priKey)

150

SSLCertLookup::extractIPAndCert(matcher_line * line_info, char **addr, char **cert, char **ca, char **priKey)

147

151

{

148

152

// ip_addr_t testAddr;

149

153

char *label;

177

181

}

178

182

}

179

183

184

if (strcasecmp(label, SSL_CA_TAG) == 0) {

185

if (value != NULL) {

186

int buf_len = sizeof(char) * (strlen(value) + 1);

187

188

*ca = (char *)xmalloc(buf_len);

189

ink_strlcpy(*ca, (const char *) value, buf_len);

190

}

191

}

192

180

193

if (strcasecmp(label, SSL_PRIVATE_KEY_TAG) == 0) {

181

194

if (value != NULL) {

182

195

int buf_len = sizeof(char) * (strlen(value) + 1);

194

207

}

195

208

196

209

int

197

SSLCertLookup::addInfoToHash(char *strAddr, char *cert, char *serverPrivateKey)

210

SSLCertLookup::addInfoToHash(char *strAddr, char *cert, char *caCert, char *serverPrivateKey)

198

211

{

199

212

200

213

#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) // openssl returns a const SSL_METHOD now

211

224

// if (serverPrivateKey == NULL)

212

225

// serverPrivateKey = cert;

213

226

214

ssl_NetProcessor.initSSLServerCTX(param, ctx, cert, serverPrivateKey, false);

227

ssl_NetProcessor.initSSLServerCTX(param, ctx, cert, caCert, serverPrivateKey, false);

215

228

ink_hash_table_insert(SSLCertLookupHashTable, strAddr, (void *) ctx);

216

229

return (true);

217

230

}

Older »