ssl: Multiple certificates

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 18 Apr 2001 20:25:11 +0200

Hi fellow Squid hackers.

In the "ssl" branch support for multiple SSL certificates has just been
added, and I'd like a quick review of this before committing it to HEAD.

All details about the SSL port is now specified in https_port using the
syntax
  https_port [ip:]port cert=certificate.pem [key=keyfile.pem]

Only one port is allowed to be specified per https_port line.

The ssl_certificate_file and ssl_key_file directives is completely
replaced by this mechanism.

To implement different certificates per port I had to undo some
ugliness in the "incoming" callbacks (a pointer to a counter was
forcably sent to the callbacks, any comm_set_select registered cbdata
blindly ignored), and this may have effects on:

 * Incoming HTTP
 * Incoming HTTPS
 * Incoming ICP
 * Incoming DNS replies

What I did was to convert this magic counter to a global variable
outside the callback structures and use the cbdata callback parameter
the way it is intended.

--
Henrik
Received on Wed Apr 18 2001 - 12:22:49 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:47 MST