lp://staging/~rousskov/squid/DynamicSslCert

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

9342. By Alex Rousskov on 2009-01-09

Cannot use request->GetHost() when calling switchToHttps() because
switchToHttps() calls freeAllContexts() which frees request.

9341. By Alex Rousskov on 2008-11-10

Merged from trunk.

9340. By Alex Rousskov on 2008-11-10

DynamicSslCert, phase1: Dynamically generate host certificates using OpenSSL
shell commands.

This support will either become more configurable or, more likely, will be
removed in favor of using OpenSSL library calls to generate said certificates.
We started with using shell commands because that interface felt easier to
debug and tune.

The low-level code to generate the certificates is in ssl_support. Here we
focus on deciding whether the certificates should be generated dynamically and
supplying generation parameters.

9339. By Alex Rousskov on 2008-11-10

Added fde::dynamicSslContext to store the dynamic context pointer and delete
the context when the descriptor is being closed. We use a similar trick for
the SSL session in fde::ssl.

It is not 100% clear to me why it is safe to store a pointer in two places and
delete it in one, but apparently there are no situations where the core code
uses the SSL pointer after closing the descriptor. If there are such cases,
we should refcount the corresponding SSL objects.

9338. By Alex Rousskov on 2008-11-10

Added low-level support for generating self- and CA-signed host SSL
certificates using OpenSSL shell commands.

This support will either become more configurable or, more likely, will be
removed in favor of using OpenSSL library calls to generate said certificates.
We started with using shell commands because that interface felt easier to
debug and tune.

9337. By Alex Rousskov on 2008-11-10

Added generate-host-certificates and ca-config http_port options to
control dynamic generation of host certificates for SslBump

Synced with the following http_port_list changes:

* Renamed http_port_list::sslcontext to sslContextSessionId to be more precise
and to avoid clashes with other things named "SSL context".
* Renamed http_port_list::sslContext to staticSslContext to distinguish from
dynamic SSL contexts generated for each server host and to avoid clashes with
other things named "SSL context"

9336. By Alex Rousskov on 2008-11-10

Added generateHostCertificates and caConfig http_port_list members to
control dynamic generation of host certificates for SslBump

Renamed http_port_list::sslcontext to sslContextSessionId to be more precise
and to avoid clashes with other things named "SSL context". The squid.conf
option remains to be called "sslcontext" but should probably be renamed.

Renamed http_port_list::sslContext to staticSslContext to distinguish from
dynamic SSL contexts generated for each server host and to avoid clashes
with other things named "SSL context"

Free some old and all newly added http_port_list members in the destructor.

9335. By Alex Rousskov on 2008-10-29

Fixed "src/Makefile.am:981: whitespace following trailing backslash" warning.

9334. By Amos Jeffries on 2008-10-29

Fix build error in testDiskIO.

Disk IO Modules sources should have been included through the DiskIO
libraries. Not directly as .o files.

TODO: Still one more build error with Store objects to track down.

9333. By Amos Jeffries on 2008-10-29

Correct test-builds to allow individual tests run by name