------------------------------------------------------------ revno: 13334 revision-id: squid3@treenet.co.nz-20140330120034-kt72hdkxd777sloa parent: squid3@treenet.co.nz-20140330064634-jla8la34jyod7sz9 committer: Amos Jeffries branch nick: trunk timestamp: Sun 2014-03-30 05:00:34 -0700 message: Cleanup: replace USE_SSL wrapper macro with USE_OPENSSL Squid-3 currently only supports OpenSSL for SSL/TLS components. This makes the support type explicit and prepares for alternative SSL libraries to be added in future with different macro wrappers. ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20140330120034-kt72hdkxd777sloa # target_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/ # testament_sha1: ced930fd4c7a16d4c6a08a124c05c0a9b55c093f # timestamp: 2014-03-30 12:04:29 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/ # base_revision_id: squid3@treenet.co.nz-20140330064634-\ # jla8la34jyod7sz9 # # Begin patch === modified file 'configure.ac' --- configure.ac 2014-03-30 06:41:27 +0000 +++ configure.ac 2014-03-30 12:00:34 +0000 @@ -1224,7 +1224,7 @@ with_openssl=yes esac ]) -AH_TEMPLATE(USE_SSL,[OpenSSL support is available]) +AH_TEMPLATE(USE_OPENSSL,[OpenSSL support is available]) ## OpenSSL is default disable due to licensing issues on some OS if test "x$with_openssl" = "xyes"; then AC_CHECK_HEADERS( \ @@ -1262,7 +1262,7 @@ if test "x$LIBOPENSSL_LIBS" != "x" ; then CXXFLAGS="$LIBOPENSSL_CFLAGS $CXXFLAGS" SSLLIB="$LIBOPENSSL_LIBS $SSLLIB" - AC_DEFINE(USE_SSL,1,[OpenSSL support is available]) + AC_DEFINE(USE_OPENSSL,1,[OpenSSL support is available]) # check for other specific broken implementations SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS === modified file 'squid3.dox' --- squid3.dox 2014-01-11 01:35:50 +0000 +++ squid3.dox 2014-03-30 12:00:34 +0000 @@ -1282,7 +1282,7 @@ USE_SELECT \ USE_SELECT_WIN32 \ USE_SQUID_ESI \ - USE_SSL \ + USE_OPENSSL \ USE_LINUX_TPROXY2 \ USE_LINUX_TPROXY4 \ USE_UNLINKD \ === modified file 'src/AccessLogEntry.cc' --- src/AccessLogEntry.cc 2014-02-06 12:16:08 +0000 +++ src/AccessLogEntry.cc 2014-03-30 12:00:34 +0000 @@ -4,13 +4,13 @@ #include "HttpRequest.h" #include "SquidConfig.h" -#if USE_SSL +#if USE_OPENSSL #include "ssl/support.h" AccessLogEntry::SslDetails::SslDetails(): user(NULL), bumpMode(::Ssl::bumpEnd) { } -#endif /* USE_SSL */ +#endif /* USE_OPENSSL */ void AccessLogEntry::getLogClientIp(char *buf, size_t bufsz) const === modified file 'src/AccessLogEntry.h' --- src/AccessLogEntry.h 2013-12-06 14:59:47 +0000 +++ src/AccessLogEntry.h 2014-03-30 12:00:34 +0000 @@ -45,7 +45,7 @@ #if ICAP_CLIENT #include "adaptation/icap/Elements.h" #endif -#if USE_SSL +#if USE_OPENSSL #include "ssl/gadgets.h" #endif @@ -137,7 +137,7 @@ const char *opcode; } htcp; -#if USE_SSL +#if USE_OPENSSL /// logging information specific to the SSL protocol class SslDetails { @@ -165,7 +165,7 @@ msec(0), rfc931 (NULL), extuser(NULL), -#if USE_SSL +#if USE_OPENSSL ssluser(NULL), #endif port(NULL) { @@ -180,7 +180,7 @@ int msec; const char *rfc931; const char *extuser; -#if USE_SSL +#if USE_OPENSSL const char *ssluser; Ssl::X509_Pointer sslClientCert; ///< cert received from the client === modified file 'src/AclRegs.cc' --- src/AclRegs.cc 2013-11-12 14:48:50 +0000 +++ src/AclRegs.cc 2014-03-30 12:00:34 +0000 @@ -57,7 +57,7 @@ #include "acl/SourceAsn.h" #include "acl/SourceDomain.h" #include "acl/SourceIp.h" -#if USE_SSL +#if USE_OPENSSL #include "acl/Certificate.h" #include "acl/CertificateData.h" #include "acl/SslError.h" @@ -66,7 +66,7 @@ #include "acl/Strategised.h" #include "acl/Strategy.h" #include "acl/StringData.h" -#if USE_SSL +#if USE_OPENSSL #include "acl/ServerCertificate.h" #endif #include "acl/Tag.h" @@ -151,7 +151,7 @@ ACL::Prototype ACLUrlPort::RegistryProtoype(&ACLUrlPort::RegistryEntry_, "port"); ACLStrategised ACLUrlPort::RegistryEntry_(new ACLIntRange, ACLUrlPortStrategy::Instance(), "port"); -#if USE_SSL +#if USE_OPENSSL ACL::Prototype ACLSslError::RegistryProtoype(&ACLSslError::RegistryEntry_, "ssl_error"); ACLStrategised ACLSslError::RegistryEntry_(new ACLSslErrorData, ACLSslErrorStrategy::Instance(), "ssl_error"); ACL::Prototype ACLCertificate::UserRegistryProtoype(&ACLCertificate::UserRegistryEntry_, "user_cert"); === modified file 'src/CachePeer.h' --- src/CachePeer.h 2013-05-13 22:48:23 +0000 +++ src/CachePeer.h 2014-03-30 12:00:34 +0000 @@ -37,7 +37,7 @@ //TODO: remove, it is unconditionally defined and always used. #define PEER_MULTICAST_SIBLINGS 1 -#if USE_SSL +#if HAVE_OPENSSL_SSL_H #include #endif @@ -187,7 +187,7 @@ int connect_fail_limit; int max_conn; char *domain; /* Forced domain */ -#if USE_SSL +#if USE_OPENSSL int use_ssl; char *sslcert; === modified file 'src/ClientRequestContext.h' --- src/ClientRequestContext.h 2013-06-27 15:58:46 +0000 +++ src/ClientRequestContext.h 2014-03-30 12:00:34 +0000 @@ -40,7 +40,7 @@ void adaptationAccessCheck(); #endif -#if USE_SSL +#if USE_OPENSSL /** * Initiates and start the acl checklist to check if the a CONNECT * request must be bumped. @@ -77,7 +77,7 @@ bool interpreted_req_hdrs; bool tosToClientDone; bool nfmarkToClientDone; -#if USE_SSL +#if USE_OPENSSL bool sslBumpCheckDone; #endif ErrorState *error; ///< saved error page for centralized/delayed processing === modified file 'src/FwdState.cc' --- src/FwdState.cc 2014-02-10 17:52:49 +0000 +++ src/FwdState.cc 2014-03-30 12:00:34 +0000 @@ -71,7 +71,7 @@ #include "StoreClient.h" #include "urn.h" #include "whois.h" -#if USE_SSL +#if USE_OPENSSL #include "ssl/cert_validate_message.h" #include "ssl/Config.h" #include "ssl/ErrorDetail.h" @@ -85,7 +85,7 @@ static PSC fwdPeerSelectionCompleteWrapper; static CLCB fwdServerClosedWrapper; -#if USE_SSL +#if USE_OPENSSL static PF fwdNegotiateSSLWrapper; #endif static CNCB fwdConnectDoneWrapper; @@ -229,7 +229,7 @@ assert(err); errorAppendEntry(entry, err); err = NULL; -#if USE_SSL +#if USE_OPENSSL if (request->flags.sslPeek && request->clientConnectionManager.valid()) { CallJobHere1(17, 4, request->clientConnectionManager, ConnStateData, ConnStateData::httpsPeeked, Comm::ConnectionPointer(NULL)); @@ -508,7 +508,7 @@ fwd->serverClosed(params.fd); } -#if USE_SSL +#if USE_OPENSSL static void fwdNegotiateSSLWrapper(int fd, void *data) { @@ -646,7 +646,7 @@ retryOrBail(); } -#if USE_SSL +#if USE_OPENSSL void FwdState::negotiateSSL(int fd) { @@ -1032,7 +1032,7 @@ if (serverConnection()->getPeer()) peerConnectSucceded(serverConnection()->getPeer()); -#if USE_SSL +#if USE_OPENSSL if (!request->flags.pinned) { if ((serverConnection()->getPeer() && serverConnection()->getPeer()->use_ssl) || (!serverConnection()->getPeer() && request->protocol == AnyP::PROTO_HTTPS) || @@ -1258,7 +1258,7 @@ } #endif -#if USE_SSL +#if USE_OPENSSL if (request->flags.sslPeek) { CallJobHere1(17, 4, request->clientConnectionManager, ConnStateData, ConnStateData::httpsPeeked, serverConnection()); @@ -1279,7 +1279,7 @@ request->peer_domain = NULL; switch (request->protocol) { -#if USE_SSL +#if USE_OPENSSL case AnyP::PROTO_HTTPS: httpStart(this); === modified file 'src/FwdState.h' --- src/FwdState.h 2014-02-10 17:52:49 +0000 +++ src/FwdState.h 2014-03-30 12:00:34 +0000 @@ -8,7 +8,7 @@ #include "fde.h" #include "http/StatusCode.h" #include "ip/Address.h" -#if USE_SSL +#if USE_OPENSSL #include "ssl/support.h" #endif @@ -19,7 +19,7 @@ class ErrorState; class HttpRequest; -#if USE_SSL +#if USE_OPENSSL namespace Ssl { class ErrorDetail; @@ -83,7 +83,7 @@ /** return a ConnectionPointer to the current server connection (may or may not be open) */ Comm::ConnectionPointer const & serverConnection() const { return serverConn; }; -#if USE_SSL +#if USE_OPENSSL /// Callback function called when squid receive message from cert validator helper static void sslCrtvdHandleReplyWrapper(void *data, Ssl::CertValidationResponse const &); /// Process response from cert validator helper === modified file 'src/HttpHeader.h' --- src/HttpHeader.h 2014-02-10 22:39:56 +0000 +++ src/HttpHeader.h 2014-03-30 12:00:34 +0000 @@ -176,7 +176,7 @@ #endif hoRequest, hoReply, -#if USE_SSL +#if USE_OPENSSL hoErrorDetail, #endif hoEnd === modified file 'src/HttpHeaderTools.cc' --- src/HttpHeaderTools.cc 2013-11-23 00:58:42 +0000 +++ src/HttpHeaderTools.cc 2014-03-30 12:00:34 +0000 @@ -50,7 +50,7 @@ #include "Store.h" #include "StrList.h" -#if USE_SSL +#if USE_OPENSSL #include "ssl/support.h" #endif === modified file 'src/SquidConfig.h' --- src/SquidConfig.h 2014-03-15 02:50:12 +0000 +++ src/SquidConfig.h 2014-03-30 12:00:34 +0000 @@ -40,8 +40,11 @@ #include "Notes.h" #include "YesNoNone.h" -#if USE_SSL +#if USE_OPENSSL +#if HAVE_OPENSSL_SSL_H #include +#endif + class sslproxy_cert_sign; class sslproxy_cert_adapt; #endif @@ -135,7 +138,7 @@ struct { AnyP::PortCfg *http; -#if USE_SSL +#if USE_OPENSSL AnyP::PortCfg *https; #endif } Sockaddr; @@ -199,7 +202,7 @@ #endif char *diskd; -#if USE_SSL +#if USE_OPENSSL char *ssl_password; #endif @@ -385,7 +388,7 @@ acl_access *htcp_clr; #endif -#if USE_SSL +#if USE_OPENSSL acl_access *ssl_bump; #endif #if FOLLOW_X_FORWARDED_FOR @@ -487,7 +490,7 @@ int rebuild_chunk_percentage; } digest; #endif -#if USE_SSL +#if USE_OPENSSL struct { int unclean_shutdown; @@ -509,7 +512,7 @@ time_t minimum_expiry_time; /* seconds */ external_acl *externalAclHelperList; -#if USE_SSL +#if USE_OPENSSL struct { char *cert; === modified file 'src/acl/Certificate.cc' --- src/acl/Certificate.cc 2013-10-25 00:13:46 +0000 +++ src/acl/Certificate.cc 2014-03-30 12:00:34 +0000 @@ -37,7 +37,7 @@ /* MS Visual Studio Projects are monolithic, so we need the following * #if to exclude the SSL code from compile process when not needed. */ -#if USE_SSL +#if USE_OPENSSL #include "acl/Certificate.h" #include "acl/CertificateData.h" @@ -67,4 +67,4 @@ ACLCertificateStrategy ACLCertificateStrategy::Instance_; -#endif /* USE_SSL */ +#endif /* USE_OPENSSL */ === modified file 'src/acl/FilledChecklist.cc' --- src/acl/FilledChecklist.cc 2013-10-25 00:13:46 +0000 +++ src/acl/FilledChecklist.cc 2014-03-30 12:00:34 +0000 @@ -24,7 +24,7 @@ #if SQUID_SNMP snmp_community(NULL), #endif -#if USE_SSL +#if USE_OPENSSL sslErrors(NULL), #endif extacl_entry (NULL), @@ -54,7 +54,7 @@ cbdataReferenceDone(conn_); -#if USE_SSL +#if USE_OPENSSL cbdataReferenceDone(sslErrors); #endif @@ -140,7 +140,7 @@ #if SQUID_SNMP snmp_community(NULL), #endif -#if USE_SSL +#if USE_OPENSSL sslErrors(NULL), #endif extacl_entry (NULL), === modified file 'src/acl/FilledChecklist.h' --- src/acl/FilledChecklist.h 2013-12-06 14:59:47 +0000 +++ src/acl/FilledChecklist.h 2014-03-30 12:00:34 +0000 @@ -8,7 +8,7 @@ #if USE_AUTH #include "auth/UserRequest.h" #endif -#if USE_SSL +#if USE_OPENSSL #include "ssl/support.h" #endif @@ -69,7 +69,7 @@ char *snmp_community; #endif -#if USE_SSL +#if USE_OPENSSL /// SSL [certificate validation] errors, in undefined order Ssl::CertErrors *sslErrors; /// The peer certificate === modified file 'src/acl/ServerCertificate.cc' --- src/acl/ServerCertificate.cc 2013-10-25 00:13:46 +0000 +++ src/acl/ServerCertificate.cc 2014-03-30 12:00:34 +0000 @@ -3,7 +3,7 @@ #include "squid.h" -#if USE_SSL +#if USE_OPENSSL #include "acl/CertificateData.h" #include "acl/Checklist.h" @@ -35,4 +35,4 @@ ACLServerCertificateStrategy ACLServerCertificateStrategy::Instance_; -#endif /* USE_SSL */ +#endif /* USE_OPENSSL */ === modified file 'src/adaptation/icap/History.h' --- src/adaptation/icap/History.h 2013-02-11 23:11:12 +0000 +++ src/adaptation/icap/History.h 2014-03-30 12:00:34 +0000 @@ -28,7 +28,7 @@ int processingTime() const; String rfc931; ///< the username from ident -#if USE_SSL +#if USE_OPENSSL String ssluser; ///< the username from SSL #endif LogTags logType; ///< the squid request status (TCP_MISS etc) === modified file 'src/adaptation/icap/ModXact.cc' --- src/adaptation/icap/ModXact.cc 2014-01-15 01:54:19 +0000 +++ src/adaptation/icap/ModXact.cc 2014-03-30 12:00:34 +0000 @@ -1285,7 +1285,7 @@ if (h->rfc931.size()) al.cache.rfc931 = h->rfc931.termedBuf(); -#if USE_SSL +#if USE_OPENSSL if (h->ssluser.size()) al.cache.ssluser = h->ssluser.termedBuf(); #endif === modified file 'src/anyp/PortCfg.cc' --- src/anyp/PortCfg.cc 2014-02-21 10:46:19 +0000 +++ src/anyp/PortCfg.cc 2014-03-30 12:00:34 +0000 @@ -2,7 +2,7 @@ #include "anyp/PortCfg.h" #include "comm.h" #include "fatal.h" -#if USE_SSL +#if USE_OPENSSL #include "ssl/support.h" #endif @@ -29,7 +29,7 @@ vport(0), disable_pmtu_discovery(0), listenConn() -#if USE_SSL +#if USE_OPENSSL ,cert(NULL), key(NULL), version(0), @@ -71,7 +71,7 @@ safe_free(name); safe_free(defaultsite); -#if USE_SSL +#if USE_OPENSSL safe_free(cert); safe_free(key); safe_free(options); @@ -106,7 +106,7 @@ #if 0 // TODO: AYJ: 2009-07-18: for now SSL does not clone. Configure separate ports with IPs and SSL settings -#if USE_SSL +#if USE_OPENSSL char *cert; char *key; int version; @@ -127,7 +127,7 @@ return b; } -#if USE_SSL +#if USE_OPENSSL void AnyP::PortCfg::configureSslServerContext() { === modified file 'src/anyp/PortCfg.h' --- src/anyp/PortCfg.h 2013-07-26 02:06:25 +0000 +++ src/anyp/PortCfg.h 2014-03-30 12:00:34 +0000 @@ -6,7 +6,7 @@ #include "anyp/TrafficMode.h" #include "comm/Connection.h" -#if USE_SSL +#if USE_OPENSSL #include "ssl/gadgets.h" #endif @@ -19,7 +19,7 @@ PortCfg(); ~PortCfg(); AnyP::PortCfg *clone() const; -#if USE_SSL +#if USE_OPENSSL /// creates, configures, and validates SSL context and related port options void configureSslServerContext(); #endif @@ -64,7 +64,7 @@ */ Comm::ConnectionPointer listenConn; -#if USE_SSL +#if USE_OPENSSL char *cert; char *key; int version; === modified file 'src/cache_cf.cc' --- src/cache_cf.cc 2014-03-15 02:50:12 +0000 +++ src/cache_cf.cc 2014-03-30 12:00:34 +0000 @@ -91,7 +91,7 @@ #if USE_ECAP #include "adaptation/ecap/Config.h" #endif -#if USE_SSL +#if USE_OPENSSL #include "ssl/Config.h" #include "ssl/support.h" #endif @@ -121,7 +121,7 @@ #include #endif -#if USE_SSL +#if USE_OPENSSL #include "ssl/gadgets.h" #endif @@ -190,7 +190,7 @@ static int parse_line(char *); static void parse_obsolete(const char *); static void parseBytesLine(size_t * bptr, const char *units); -#if USE_SSL +#if USE_OPENSSL static void parseBytesOptionValue(size_t * bptr, const char *units, char const * value); #endif static void parseBytesLineSigned(ssize_t * bptr, const char *units); @@ -231,7 +231,7 @@ static void dump_PortCfg(StoreEntry *, const char *, const AnyP::PortCfg *); static void free_PortCfg(AnyP::PortCfg **); -#if USE_SSL +#if USE_OPENSSL static void parse_sslproxy_cert_sign(sslproxy_cert_sign **cert_sign); static void dump_sslproxy_cert_sign(StoreEntry *entry, const char *name, sslproxy_cert_sign *cert_sign); static void free_sslproxy_cert_sign(sslproxy_cert_sign **cert_sign); @@ -241,7 +241,7 @@ static void parse_sslproxy_ssl_bump(acl_access **ssl_bump); static void dump_sslproxy_ssl_bump(StoreEntry *entry, const char *name, acl_access *ssl_bump); static void free_sslproxy_ssl_bump(acl_access **ssl_bump); -#endif /* USE_SSL */ +#endif /* USE_OPENSSL */ static void parse_b_size_t(size_t * var); static void parse_b_int64_t(int64_t * var); @@ -913,7 +913,7 @@ Config2.effectiveGroupID = grp->gr_gid; } -#if USE_SSL +#if USE_OPENSSL debugs(3, DBG_IMPORTANT, "Initializing https proxy context"); @@ -2285,7 +2285,7 @@ if (token[13]) p->domain = xstrdup(token + 13); -#if USE_SSL +#if USE_OPENSSL } else if (strcmp(token, "ssl") == 0) { p->use_ssl = 1; @@ -3717,7 +3717,7 @@ ++t; s->tcp_keepalive.timeout = xatoui(t); } -#if USE_SSL +#if USE_OPENSSL } else if (strcmp(token, "sslBump") == 0) { debugs(3, DBG_CRITICAL, "WARNING: '" << token << "' is deprecated " << "in http_port. Use 'ssl-bump' instead."); @@ -3819,7 +3819,7 @@ parse_port_option(s, token); } -#if USE_SSL +#if USE_OPENSSL if (s->transport.protocol == AnyP::PROTO_HTTPS) { /* ssl-bump on https_port configuration requires either tproxy or intercept, and vice versa */ const bool hijacked = s->flags.isIntercepted(); @@ -3926,7 +3926,7 @@ } } -#if USE_SSL +#if USE_OPENSSL if (s->flags.tunnelSslBumping) storeAppendPrintf(e, " ssl-bump"); @@ -3996,7 +3996,7 @@ configFreeMemory(void) { free_all(); -#if USE_SSL +#if USE_OPENSSL SSL_CTX_free(Config.ssl_client.sslContext); #endif } @@ -4479,7 +4479,7 @@ } #endif -#if USE_SSL +#if USE_OPENSSL static void parse_sslproxy_cert_adapt(sslproxy_cert_adapt **cert_adapt) { char *al; === modified file 'src/cf.data.pre' --- src/cf.data.pre 2014-03-30 04:17:07 +0000 +++ src/cf.data.pre 2014-03-30 12:00:34 +0000 @@ -842,7 +842,7 @@ NAME: acl TYPE: acl LOC: Config.aclList -IF USE_SSL +IF USE_OPENSSL DEFAULT: ssl::certHasExpired ssl_error X509_V_ERR_CERT_HAS_EXPIRED DEFAULT: ssl::certNotYetValid ssl_error X509_V_ERR_CERT_NOT_YET_VALID DEFAULT: ssl::certDomainMismatch ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH @@ -1107,7 +1107,7 @@ # adaptation_meta because it starts matching immediately after # the service has been selected for adaptation. -IF USE_SSL +IF USE_OPENSSL acl aclname ssl_error errorname # match against SSL certificate validation error [fast] # @@ -1838,7 +1838,7 @@ DOC_END NAME: https_port -IFDEF: USE_SSL +IFDEF: USE_OPENSSL TYPE: PortCfg DEFAULT: none LOC: Config.Sockaddr.https @@ -2282,7 +2282,7 @@ COMMENT_END NAME: ssl_unclean_shutdown -IFDEF: USE_SSL +IFDEF: USE_OPENSSL TYPE: onoff DEFAULT: off LOC: Config.SSL.unclean_shutdown @@ -2292,7 +2292,7 @@ DOC_END NAME: ssl_engine -IFDEF: USE_SSL +IFDEF: USE_OPENSSL TYPE: string LOC: Config.SSL.ssl_engine DEFAULT: none @@ -2302,7 +2302,7 @@ DOC_END NAME: sslproxy_client_certificate -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none LOC: Config.ssl_client.cert TYPE: string @@ -2311,7 +2311,7 @@ DOC_END NAME: sslproxy_client_key -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none LOC: Config.ssl_client.key TYPE: string @@ -2320,7 +2320,7 @@ DOC_END NAME: sslproxy_version -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: 1 DEFAULT_DOC: automatic SSL/TLS version negotiation LOC: Config.ssl_client.version @@ -2339,7 +2339,7 @@ DOC_END NAME: sslproxy_options -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none LOC: Config.ssl_client.options TYPE: string @@ -2369,7 +2369,7 @@ DOC_END NAME: sslproxy_cipher -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none LOC: Config.ssl_client.cipher TYPE: string @@ -2380,7 +2380,7 @@ DOC_END NAME: sslproxy_cafile -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none LOC: Config.ssl_client.cafile TYPE: string @@ -2390,7 +2390,7 @@ DOC_END NAME: sslproxy_capath -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none LOC: Config.ssl_client.capath TYPE: string @@ -2400,7 +2400,7 @@ DOC_END NAME: sslproxy_session_ttl -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: 300 LOC: Config.SSL.session_ttl TYPE: int @@ -2409,7 +2409,7 @@ DOC_END NAME: sslproxy_session_cache_size -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: 2 MB LOC: Config.SSL.sessionCacheSize TYPE: b_size_t @@ -2418,7 +2418,7 @@ DOC_END NAME: ssl_bump -IFDEF: USE_SSL +IFDEF: USE_OPENSSL TYPE: sslproxy_ssl_bump LOC: Config.accessList.ssl_bump DEFAULT_DOC: Does not bump unless rules are present in squid.conf @@ -2477,7 +2477,7 @@ DOC_END NAME: sslproxy_flags -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none LOC: Config.ssl_client.flags TYPE: string @@ -2490,7 +2490,7 @@ DOC_END NAME: sslproxy_cert_error -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none DEFAULT_DOC: Server certificate errors terminate the transaction. LOC: Config.ssl_client.cert_error @@ -2525,7 +2525,7 @@ DOC_END NAME: sslproxy_cert_sign -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none POSTSCRIPTUM: signUntrusted ssl::certUntrusted POSTSCRIPTUM: signSelf ssl::certSelfSigned @@ -2571,7 +2571,7 @@ DOC_END NAME: sslproxy_cert_adapt -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none TYPE: sslproxy_cert_adapt LOC: Config.ssl_client.cert_adapt @@ -2614,7 +2614,7 @@ DOC_END NAME: sslpassword_program -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none LOC: Config.Program.ssl_password TYPE: string @@ -2679,7 +2679,7 @@ NAME: sslcrtvalidator_program TYPE: eol -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: none LOC: Ssl::TheConfig.ssl_crt_validator DOC_START @@ -2695,7 +2695,7 @@ NAME: sslcrtvalidator_children TYPE: HelperChildConfig -IFDEF: USE_SSL +IFDEF: USE_OPENSSL DEFAULT: 32 startup=5 idle=1 concurrency=1 LOC: Ssl::TheConfig.ssl_crt_validator_Children DOC_START === modified file 'src/cf_gen_defines' --- src/cf_gen_defines 2013-10-01 23:21:17 +0000 +++ src/cf_gen_defines 2014-03-30 12:00:34 +0000 @@ -25,7 +25,7 @@ define["USE_SQUID_ESI"]="--enable-esi" define["USE_SQUID_EUI"]="--enable-eui" define["USE_SSL_CRTD"]="--enable-ssl-crtd" - define["USE_SSL"]="--enable-ssl" + define["USE_OPENSSL"]="--with-openssl" define["USE_UNLINKD"]="--enable-unlinkd" define["USE_WCCP"]="--enable-wccp" define["USE_WCCPv2"]="--enable-wccpv2" === modified file 'src/client_side.cc' --- src/client_side.cc 2014-03-27 09:09:24 +0000 +++ src/client_side.cc 2014-03-30 12:00:34 +0000 @@ -135,7 +135,7 @@ #if USE_DELAY_POOLS #include "ClientInfo.h" #endif -#if USE_SSL +#if USE_OPENSSL #include "ssl/context_storage.h" #include "ssl/gadgets.h" #include "ssl/helper.h" @@ -191,7 +191,7 @@ static IOCB clientWriteComplete; static IOCB clientWriteBodyComplete; static IOACB httpAccept; -#if USE_SSL +#if USE_OPENSSL static IOACB httpsAccept; #endif static CTCB clientLifetimeTimeout; @@ -635,7 +635,7 @@ if (getConn() != NULL && getConn()->clientConnection != NULL && getConn()->clientConnection->rfc931[0]) al->cache.rfc931 = getConn()->clientConnection->rfc931; -#if USE_SSL && 0 +#if USE_OPENSSL && 0 /* This is broken. Fails if the connection has been closed. Needs * to snarf the ssl details some place earlier.. @@ -882,7 +882,7 @@ if (bodyPipe != NULL) stopProducingFor(bodyPipe, false); -#if USE_SSL +#if USE_OPENSSL delete sslServerBump; #endif } @@ -2512,7 +2512,7 @@ debugs(33,4, HERE << "Will close after error: " << clientConnection); } -#if USE_SSL +#if USE_OPENSSL bool ConnStateData::serveDelayedError(ClientSocketContext *context) { ClientHttpRequest *http = context->http; @@ -2596,7 +2596,7 @@ return false; } -#endif // USE_SSL +#endif // USE_OPENSSL static void clientProcessRequest(ConnStateData *conn, HttpParser *hp, ClientSocketContext *context, const HttpRequestMethod& method, Http::ProtocolVersion http_ver) @@ -2814,7 +2814,7 @@ conn->flags.readMore = false; } -#if USE_SSL +#if USE_OPENSSL if (conn->switchedToHttps() && conn->serveDelayedError(context)) goto finish; #endif @@ -3262,7 +3262,7 @@ ConnStateData::ConnStateData(const MasterXaction::Pointer &xact) : AsyncJob("ConnStateData"), -#if USE_SSL +#if USE_OPENSSL sslBumpMode(Ssl::bumpEnd), switchedToHttps_(false), sslServerBump(NULL), @@ -3406,7 +3406,7 @@ #endif } -#if USE_SSL +#if USE_OPENSSL /** Create SSL connection structure and update fd_table */ static SSL * @@ -3996,7 +3996,7 @@ getSslContextStart(); } -#endif /* USE_SSL */ +#endif /* USE_OPENSSL */ /// check FD after clientHttp[s]ConnectionOpened, adjust HttpSockets as needed static bool @@ -4039,7 +4039,7 @@ continue; } -#if USE_SSL +#if USE_OPENSSL if (s->flags.tunnelSslBumping && !Config.accessList.ssl_bump) { debugs(33, DBG_IMPORTANT, "WARNING: No ssl_bump configured. Disabling ssl-bump on " << AnyP::UriScheme(s->transport.protocol) << "_port " << s->s); s->flags.tunnelSslBumping = false; @@ -4077,7 +4077,7 @@ } } -#if USE_SSL +#if USE_OPENSSL static void clientHttpsConnectionsOpen(void) { @@ -4161,7 +4161,7 @@ clientOpenListenSockets(void) { clientHttpConnectionsOpen(); -#if USE_SSL +#if USE_OPENSSL clientHttpsConnectionsOpen(); #endif @@ -4180,7 +4180,7 @@ } } -#if USE_SSL +#if USE_OPENSSL for (AnyP::PortCfg *s = Config.Sockaddr.https; s; s = s->next) { if (s->listenConn != NULL) { debugs(1, DBG_IMPORTANT, "Closing HTTPS port " << s->listenConn->local); === modified file 'src/client_side.h' --- src/client_side.h 2014-03-29 00:15:56 +0000 +++ src/client_side.h 2014-03-30 12:00:34 +0000 @@ -40,7 +40,7 @@ #if USE_AUTH #include "auth/UserRequest.h" #endif -#if USE_SSL +#if USE_OPENSSL #include "ssl/support.h" #endif @@ -162,7 +162,7 @@ }; class ConnectionDetail; -#if USE_SSL +#if USE_OPENSSL namespace Ssl { class ServerBump; @@ -334,7 +334,7 @@ /// The caller assumes responsibility for connection closure detection. void stopPinnedConnectionMonitoring(); -#if USE_SSL +#if USE_OPENSSL /// called by FwdState when it is done bumping the server void httpsPeeked(Comm::ConnectionPointer serverConnection); @@ -399,7 +399,7 @@ // XXX: CBDATA plays with public/private and leaves the following 'private' fields all public... :( -#if USE_SSL +#if USE_OPENSSL bool switchedToHttps_; /// The SSL server host name appears in CONNECT request or the server ip address for the intercepted requests String sslConnectHostOrIp; ///< The SSL server host name as passed in the CONNECT request === modified file 'src/client_side_request.cc' --- src/client_side_request.cc 2014-03-15 02:50:12 +0000 +++ src/client_side_request.cc 2014-03-30 12:00:34 +0000 @@ -88,7 +88,7 @@ #include "adaptation/icap/History.h" #endif #endif -#if USE_SSL +#if USE_OPENSSL #include "ssl/ServerBump.h" #include "ssl/support.h" #endif @@ -110,7 +110,7 @@ /* Local functions */ /* other */ static void clientAccessCheckDoneWrapper(allow_t, void *); -#if USE_SSL +#if USE_OPENSSL static void sslBumpAccessCheckDoneWrapper(allow_t, void *); #endif static int clientHierarchical(ClientHttpRequest * http); @@ -146,7 +146,7 @@ store_id_fail_count = 0; no_cache_done = false; interpreted_req_hdrs = false; -#if USE_SSL +#if USE_OPENSSL sslBumpCheckDone = false; #endif debugs(85,3, HERE << this << " ClientRequestContext constructed"); @@ -167,7 +167,7 @@ al->cache.port = cbdataReference(aConn->port); al->cache.caddr = aConn->log_addr; -#if USE_SSL +#if USE_OPENSSL if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) { if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl) al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl)); @@ -177,7 +177,7 @@ #if USE_ADAPTATION request_satisfaction_mode = false; #endif -#if USE_SSL +#if USE_OPENSSL sslBumpNeed_ = Ssl::bumpEnd; #endif } @@ -855,7 +855,7 @@ if (ih != NULL) { if (getConn() != NULL && getConn()->clientConnection != NULL) { ih->rfc931 = getConn()->clientConnection->rfc931; -#if USE_SSL +#if USE_OPENSSL if (getConn()->clientConnection->isOpen()) { ih->ssluser = sslGetUserEmail(fd_table[getConn()->clientConnection->fd].ssl); } @@ -1438,7 +1438,7 @@ http->doCallouts(); } -#if USE_SSL +#if USE_OPENSSL bool ClientRequestContext::sslBumpAccessCheck() { @@ -1519,7 +1519,7 @@ debugs(85, 4, "clientProcessRequest: " << RequestMethodStr(request->method) << " '" << uri << "'"); if (request->method == Http::METHOD_CONNECT && !redirect.status) { -#if USE_SSL +#if USE_OPENSSL if (sslBumpNeeded()) { sslBumpStart(); return; @@ -1549,7 +1549,7 @@ PROF_stop(httpStart); } -#if USE_SSL +#if USE_OPENSSL void ClientHttpRequest::sslBumpNeed(Ssl::BumpMode mode) @@ -1789,7 +1789,7 @@ } } -#if USE_SSL +#if USE_OPENSSL // We need to check for SslBump even if the calloutContext->error is set // because bumping may require delaying the error until after CONNECT. if (!calloutContext->sslBumpCheckDone) { @@ -1803,7 +1803,7 @@ if (calloutContext->error) { const char *storeUri = request->storeId(); StoreEntry *e= storeCreateEntry(storeUri, storeUri, request->flags, request->method); -#if USE_SSL +#if USE_OPENSSL if (sslBumpNeeded()) { // set final error but delay sending until we bump Ssl::ServerBump *srvBump = new Ssl::ServerBump(request, e); === modified file 'src/client_side_request.h' --- src/client_side_request.h 2013-12-05 11:04:45 +0000 +++ src/client_side_request.h 2014-03-30 12:00:34 +0000 @@ -142,7 +142,7 @@ StoreEntry *loggingEntry_; ConnStateData * conn_; -#if USE_SSL +#if USE_OPENSSL /// whether (and how) the request needs to be bumped Ssl::BumpMode sslBumpNeed_; === modified file 'src/comm.cc' --- src/comm.cc 2014-03-29 00:15:56 +0000 +++ src/comm.cc 2014-03-30 12:00:34 +0000 @@ -60,7 +60,7 @@ #include "StoreIOBuffer.h" #include "tools.h" -#if USE_SSL +#if USE_OPENSSL #include "ssl/support.h" #endif @@ -1009,7 +1009,7 @@ void comm_lingering_close(int fd) { -#if USE_SSL +#if USE_OPENSSL if (fd_table[fd].ssl) ssl_shutdown_method(fd_table[fd].ssl); #endif @@ -1068,7 +1068,7 @@ comm_close(fd); } -#if USE_SSL +#if USE_OPENSSL void commStartSslClose(const FdeCbParams ¶ms) { @@ -1080,7 +1080,7 @@ void comm_close_complete(const FdeCbParams ¶ms) { -#if USE_SSL +#if USE_OPENSSL fde *F = &fd_table[params.fd]; if (F->ssl) { @@ -1143,7 +1143,7 @@ F->flags.close_request = true; -#if USE_SSL +#if USE_OPENSSL if (F->ssl) { AsyncCall::Pointer startCall=commCbCall(5,4, "commStartSslClose", FdeCbPtrFun(commStartSslClose, NULL)); === modified file 'src/errorpage.cc' --- src/errorpage.cc 2014-02-10 16:39:10 +0000 +++ src/errorpage.cc 2014-03-30 12:00:34 +0000 @@ -54,7 +54,7 @@ #include "auth/UserRequest.h" #endif #include "SquidTime.h" -#if USE_SSL +#if USE_OPENSSL #include "ssl/ErrorDetailManager.h" #endif @@ -228,7 +228,7 @@ error_stylesheet.Printf("%s",tmpl.text()); } -#if USE_SSL +#if USE_OPENSSL Ssl::errorDetailInitialize(); #endif } @@ -252,7 +252,7 @@ error_page_count = 0; -#if USE_SSL +#if USE_OPENSSL Ssl::errorDetailClean(); #endif } @@ -588,7 +588,7 @@ callback_data(NULL), request_hdrs(NULL), err_msg(NULL), -#if USE_SSL +#if USE_OPENSSL detail(NULL), #endif detailCode(ERR_DETAIL_NONE) @@ -708,7 +708,7 @@ if (err_language != Config.errorDefaultLanguage) #endif safe_free(err_language); -#if USE_SSL +#if USE_OPENSSL delete detail; #endif } @@ -833,7 +833,7 @@ case 'D': if (!allowRecursion) p = "%D"; // if recursion is not allowed, do not convert -#if USE_SSL +#if USE_OPENSSL // currently only SSL error details implemented else if (detail) { detail->useRequest(request); @@ -1071,7 +1071,7 @@ break; case 'x': -#if USE_SSL +#if USE_OPENSSL if (detail) mb.Printf("%s", detail->errorName()); else @@ -1222,7 +1222,7 @@ // error tracking. if (request) { int edc = ERR_DETAIL_NONE; // error detail code -#if USE_SSL +#if USE_OPENSSL if (detail) edc = detail->errorNo(); else === modified file 'src/errorpage.h' --- src/errorpage.h 2013-03-16 04:57:43 +0000 +++ src/errorpage.h 2014-03-30 12:00:34 +0000 @@ -43,7 +43,7 @@ #include "SquidString.h" /* auth/UserRequest.h is empty unless USE_AUTH is defined */ #include "auth/UserRequest.h" -#if USE_SSL +#if USE_OPENSSL #include "ssl/ErrorDetail.h" #endif @@ -180,7 +180,7 @@ char *request_hdrs; char *err_msg; /* Preformatted error message from the cache */ -#if USE_SSL +#if USE_OPENSSL Ssl::ErrorDetail *detail; #endif /// type-specific detail about the transaction error; === modified file 'src/external_acl.cc' --- src/external_acl.cc 2014-02-08 13:36:42 +0000 +++ src/external_acl.cc 2014-03-30 12:00:34 +0000 @@ -63,7 +63,7 @@ #include "tools.h" #include "URL.h" #include "wordlist.h" -#if USE_SSL +#if USE_OPENSSL #include "ssl/support.h" #endif #if USE_AUTH @@ -183,7 +183,7 @@ EXT_ACL_HEADER_REPLY_ID, EXT_ACL_HEADER_REPLY_ID_MEMBER, -#if USE_SSL +#if USE_OPENSSL EXT_ACL_USER_CERT, EXT_ACL_USER_CA_CERT, EXT_ACL_USER_CERT_RAW, @@ -468,7 +468,7 @@ format->type = _external_acl_format::EXT_ACL_PATH; else if (strcmp(token, "%METHOD") == 0 || strcmp(token, "%>rm") == 0) format->type = _external_acl_format::EXT_ACL_METHOD; -#if USE_SSL +#if USE_OPENSSL else if (strcmp(token, "%USER_CERT") == 0) format->type = _external_acl_format::EXT_ACL_USER_CERT_RAW; else if (strcmp(token, "%USER_CERTCHAIN") == 0) @@ -623,7 +623,7 @@ DUMP_EXT_ACL_TYPE(PORT); DUMP_EXT_ACL_TYPE(PATH); DUMP_EXT_ACL_TYPE(METHOD); -#if USE_SSL +#if USE_OPENSSL DUMP_EXT_ACL_TYPE_FMT(USER_CERT_RAW, " %%USER_CERT_RAW"); DUMP_EXT_ACL_TYPE_FMT(USER_CERTCHAIN_RAW, " %%USER_CERTCHAIN_RAW"); DUMP_EXT_ACL_TYPE_FMT(USER_CERT, " %%USER_CERT_%s", format->header); @@ -1111,7 +1111,7 @@ str = sb.termedBuf(); } break; -#if USE_SSL +#if USE_OPENSSL case _external_acl_format::EXT_ACL_USER_CERT_RAW: === modified file 'src/fde.h' --- src/fde.h 2013-06-03 14:05:16 +0000 +++ src/fde.h 2014-03-30 12:00:34 +0000 @@ -34,7 +34,7 @@ #include "defines.h" #include "ip/Address.h" -#if USE_SSL +#if HAVE_OPENSSL_SSL_H #include #endif @@ -132,7 +132,7 @@ CommWriteStateData *wstate; /* State data for comm_write */ READ_HANDLER *read_method; WRITE_HANDLER *write_method; -#if USE_SSL +#if USE_OPENSSL SSL *ssl; SSL_CTX *dynamicSslContext; ///< cached and then freed when fd is closed #endif @@ -185,7 +185,7 @@ wstate = NULL; read_method = NULL; write_method = NULL; -#if USE_SSL +#if USE_OPENSSL ssl = NULL; dynamicSslContext = NULL; #endif === modified file 'src/format/ByteCode.h' --- src/format/ByteCode.h 2014-01-05 02:56:31 +0000 +++ src/format/ByteCode.h 2014-03-30 12:00:34 +0000 @@ -196,7 +196,7 @@ #endif LFT_CREDENTIALS, -#if USE_SSL +#if USE_OPENSSL LFT_SSL_BUMP_MODE, LFT_SSL_USER_CERT_SUBJECT, LFT_SSL_USER_CERT_ISSUER, === modified file 'src/format/Format.cc' --- src/format/Format.cc 2014-02-08 13:36:42 +0000 +++ src/format/Format.cc 2014-03-30 12:00:34 +0000 @@ -15,7 +15,7 @@ #include "SquidTime.h" #include "Store.h" #include "URL.h" -#if USE_SSL +#if USE_OPENSSL #include "ssl/ErrorDetail.h" #endif @@ -801,7 +801,7 @@ #endif if (!out) out = strOrNull(al->cache.extuser); -#if USE_SSL +#if USE_OPENSSL if (!out) out = strOrNull(al->cache.ssluser); #endif @@ -877,7 +877,7 @@ break; case LFT_SQUID_ERROR_DETAIL: -#if USE_SSL +#if USE_OPENSSL if (al->request && al->request->errType == ERR_SECURE_CONNECT_FAIL) { if (! (out = Ssl::GetErrorName(al->request->errDetail))) { snprintf(tmp, sizeof(tmp), "SSL_ERR=%d", al->request->errDetail); @@ -1063,7 +1063,7 @@ dooff = 1; break; -#if USE_SSL +#if USE_OPENSSL case LFT_SSL_BUMP_MODE: { const Ssl::BumpMode mode = static_cast(al->ssl.bumpMode); // for Ssl::bumpEnd, Ssl::bumpMode() returns NULL and we log '-' === modified file 'src/format/Token.cc' --- src/format/Token.cc 2014-01-05 02:56:31 +0000 +++ src/format/Token.cc 2014-03-30 12:00:34 +0000 @@ -169,7 +169,7 @@ }; #endif -#if USE_SSL +#if USE_OPENSSL // SSL (ssl::) tokens static TokenTableEntry TokenTableSsl[] = { {"bump_mode", LFT_SSL_BUMP_MODE}, @@ -193,7 +193,7 @@ #if ICAP_CLIENT TheConfig.registerTokens(String("icap"),::Format::TokenTableIcap); #endif -#if USE_SSL +#if USE_OPENSSL TheConfig.registerTokens(String("ssl"),::Format::TokenTableSsl); #endif } === modified file 'src/log/FormatSquidIcap.cc' --- src/log/FormatSquidIcap.cc 2013-06-03 14:05:16 +0000 +++ src/log/FormatSquidIcap.cc 2014-03-30 12:00:34 +0000 @@ -67,7 +67,7 @@ if (!user) user = ::Format::QuoteUrlEncodeUsername(al->cache.extuser); -#if USE_SSL +#if USE_OPENSSL if (!user) user = ::Format::QuoteUrlEncodeUsername(al->cache.ssluser); #endif === modified file 'src/log/FormatSquidNative.cc' --- src/log/FormatSquidNative.cc 2013-11-11 12:09:44 +0000 +++ src/log/FormatSquidNative.cc 2014-03-30 12:00:34 +0000 @@ -56,7 +56,7 @@ if (!user) user = ::Format::QuoteUrlEncodeUsername(al->cache.extuser); -#if USE_SSL +#if USE_OPENSSL if (!user) user = ::Format::QuoteUrlEncodeUsername(al->cache.ssluser); #endif === modified file 'src/main.cc' --- src/main.cc 2014-03-23 02:56:12 +0000 +++ src/main.cc 2014-03-30 12:00:34 +0000 @@ -122,7 +122,7 @@ #if USE_SSL_CRTD #include "ssl/certificate_db.h" #endif -#if USE_SSL +#if USE_OPENSSL #include "ssl/context_storage.h" #include "ssl/helper.h" #endif @@ -750,7 +750,7 @@ #if USE_SSL_CRTD Ssl::Helper::GetInstance()->Shutdown(); #endif -#if USE_SSL +#if USE_OPENSSL if (Ssl::CertValidationHelper::GetInstance()) Ssl::CertValidationHelper::GetInstance()->Shutdown(); Ssl::TheGlobalContextStorage.reconfigureStart(); @@ -837,7 +837,7 @@ #if USE_SSL_CRTD Ssl::Helper::GetInstance()->Init(); #endif -#if USE_SSL +#if USE_OPENSSL if (Ssl::CertValidationHelper::GetInstance()) Ssl::CertValidationHelper::GetInstance()->Init(); #endif @@ -1042,7 +1042,7 @@ Ssl::Helper::GetInstance()->Init(); #endif -#if USE_SSL +#if USE_OPENSSL if (!configured_once) Ssl::initialize_session_cache(); @@ -1831,7 +1831,7 @@ #if USE_SSL_CRTD Ssl::Helper::GetInstance()->Shutdown(); #endif -#if USE_SSL +#if USE_OPENSSL if (Ssl::CertValidationHelper::GetInstance()) Ssl::CertValidationHelper::GetInstance()->Shutdown(); #endif === modified file 'src/redirect.cc' --- src/redirect.cc 2014-03-15 02:50:12 +0000 +++ src/redirect.cc 2014-03-30 12:00:34 +0000 @@ -49,7 +49,7 @@ #if USE_AUTH #include "auth/UserRequest.h" #endif -#if USE_SSL +#if USE_OPENSSL #include "ssl/support.h" #endif === modified file 'src/ssl/ProxyCerts.h' --- src/ssl/ProxyCerts.h 2013-05-13 22:48:23 +0000 +++ src/ssl/ProxyCerts.h 2014-03-30 12:00:34 +0000 @@ -29,7 +29,7 @@ * */ -#if USE_SSL +#if USE_OPENSSL #include "acl/forward.h" class sslproxy_cert_sign === modified file 'src/ssl/context_storage.cc' --- src/ssl/context_storage.cc 2014-02-21 10:46:19 +0000 +++ src/ssl/context_storage.cc 2014-03-30 12:00:34 +0000 @@ -5,7 +5,7 @@ #include "StoreEntryStream.h" #include -#if USE_SSL +#if HAVE_OPENSSL_SSL_H #include #endif === modified file 'src/ssl/context_storage.h' --- src/ssl/context_storage.h 2014-02-21 10:46:19 +0000 +++ src/ssl/context_storage.h 2014-03-30 12:00:34 +0000 @@ -1,7 +1,7 @@ #ifndef SQUID_SSL_CONTEXT_STORAGE_H #define SQUID_SSL_CONTEXT_STORAGE_H -#if USE_SSL +#if USE_OPENSSL #include "base/LruMap.h" #include "CacheManager.h" @@ -13,7 +13,9 @@ #include #include +#if HAVE_OPENSSL_SSL_H #include +#endif /// TODO: Replace on real size. #define SSL_CTX_SIZE 1024 @@ -65,6 +67,6 @@ /// Global cache for store all SSL server certificates. extern GlobalContextStorage TheGlobalContextStorage; } //namespace Ssl -#endif // USE_SSL +#endif // USE_OPENSSL #endif // SQUID_SSL_CONTEXT_STORAGE_H === modified file 'src/ssl/gadgets.cc' --- src/ssl/gadgets.cc 2013-08-25 06:36:13 +0000 +++ src/ssl/gadgets.cc 2014-03-30 12:00:34 +0000 @@ -1,5 +1,6 @@ #include "squid.h" #include "ssl/gadgets.h" + #if HAVE_OPENSSL_X509V3_H #include #endif === modified file 'src/ssl/support.cc' --- src/ssl/support.cc 2014-02-21 16:14:05 +0000 +++ src/ssl/support.cc 2014-03-30 12:00:34 +0000 @@ -36,7 +36,7 @@ /* MS Visual Studio Projects are monolithic, so we need the following * #if to exclude the SSL code from compile process when not needed. */ -#if USE_SSL +#if USE_OPENSSL #include "acl/FilledChecklist.h" #include "anyp/PortCfg.h" @@ -1874,4 +1874,4 @@ delete owner; } -#endif /* USE_SSL */ +#endif /* USE_OPENSSL */ === modified file 'src/stat.cc' --- src/stat.cc 2014-03-23 02:56:12 +0000 +++ src/stat.cc 2014-03-30 12:00:34 +0000 @@ -70,7 +70,7 @@ #if USE_DELAY_POOLS #include "DelayId.h" #endif -#if USE_SSL +#if USE_OPENSSL #include "ssl/support.h" #endif @@ -1913,7 +1913,7 @@ if (!p && conn != NULL && conn->clientConnection->rfc931[0]) p = conn->clientConnection->rfc931; -#if USE_SSL +#if USE_OPENSSL if (!p && conn != NULL && Comm::IsConnOpen(conn->clientConnection)) p = sslGetUserEmail(fd_table[conn->clientConnection->fd].ssl); === modified file 'src/tests/stub_client_side.cc' --- src/tests/stub_client_side.cc 2014-03-15 02:30:08 +0000 +++ src/tests/stub_client_side.cc 2014-03-30 12:00:34 +0000 @@ -62,7 +62,7 @@ void ConnStateData::requestTimeout(const CommTimeoutCbParams ¶ms) STUB void ConnStateData::swanSong() STUB void ConnStateData::quitAfterError(HttpRequest *request) STUB -#if USE_SSL +#if USE_OPENSSL void ConnStateData::httpsPeeked(Comm::ConnectionPointer serverConnection) STUB void ConnStateData::getSslContextStart() STUB void ConnStateData::getSslContextDone(SSL_CTX * sslContext, bool isNew) STUB === modified file 'src/tests/stub_libsslsquid.cc' --- src/tests/stub_libsslsquid.cc 2014-02-19 18:48:16 +0000 +++ src/tests/stub_libsslsquid.cc 2014-03-30 12:00:34 +0000 @@ -1,6 +1,6 @@ #include "squid.h" -#if USE_SSL +#if USE_OPENSSL #include "fatal.h" === modified file 'src/tools.cc' --- src/tools.cc 2014-03-23 02:56:12 +0000 +++ src/tools.cc 2014-03-30 12:00:34 +0000 @@ -482,7 +482,7 @@ if (Config.Sockaddr.http && sa.isAnyAddr()) sa = Config.Sockaddr.http->s; -#if USE_SSL +#if USE_OPENSSL if (Config.Sockaddr.https && sa.isAnyAddr()) sa = Config.Sockaddr.https->s; @@ -1142,7 +1142,7 @@ return p->s.port(); } -#if USE_SSL +#if USE_OPENSSL if ((p = Config.Sockaddr.https)) { // skip any special interception ports while (p && p->flags.isIntercepted()) === modified file 'src/url.cc' --- src/url.cc 2014-02-07 13:45:20 +0000 +++ src/url.cc 2014-03-30 12:00:34 +0000 @@ -858,7 +858,7 @@ break; case AnyP::PROTO_HTTPS: -#if USE_SSL +#if USE_OPENSSL rc = 1;