TS-1147: Remove SSLNetProcessor::initSSL()
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/e7d57849 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/e7d57849 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/e7d57849 Branch: refs/heads/master Commit: e7d57849df051436d2f13b529d14c0bfe6091d46 Parents: 8fd5523 Author: James Peach <[email protected]> Authored: Fri Mar 30 21:55:08 2012 -0700 Committer: James Peach <[email protected]> Committed: Fri Apr 6 21:19:42 2012 -0700 ---------------------------------------------------------------------- iocore/net/P_SSLNetProcessor.h | 1 - iocore/net/SSLNetProcessor.cc | 27 ++------------------------- 2 files changed, 2 insertions(+), 26 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/e7d57849/iocore/net/P_SSLNetProcessor.h ---------------------------------------------------------------------- diff --git a/iocore/net/P_SSLNetProcessor.h b/iocore/net/P_SSLNetProcessor.h index a3156a3..fdfb2bc 100644 --- a/iocore/net/P_SSLNetProcessor.h +++ b/iocore/net/P_SSLNetProcessor.h @@ -62,7 +62,6 @@ public: void cleanup(void); int reconfigure(); - int initSSL(const SslConfigParams * param); int initSSLClient(const SslConfigParams * param); int initSSLServerCTX(SSL_CTX * ctx, http://git-wip-us.apache.org/repos/asf/trafficserver/blob/e7d57849/iocore/net/SSLNetProcessor.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLNetProcessor.cc b/iocore/net/SSLNetProcessor.cc index dc8a832..eef1967 100644 --- a/iocore/net/SSLNetProcessor.cc +++ b/iocore/net/SSLNetProcessor.cc @@ -141,13 +141,9 @@ SSLNetProcessor::reconfigure(void) if (HttpProxyPort::hasSSL()) { // Only init server stuff if SSL is enabled in the config file - err = initSSL(param); - if (err == 0) { - sslCertLookup.init(param); - } else { - logSSLError("Can't initialize the SSL library, disabling SSL termination!"); - } + sslCertLookup.init(param); } + // Enable client regardless of config file setttings as remap file // can cause HTTP layer to connect using SSL. But only if SSL // initialization hasn't failed already. @@ -216,25 +212,6 @@ SSLNetProcessor::logSSLError(const char *errStr, int critical) } int -SSLNetProcessor::initSSL(const SslConfigParams * param) -{ - ink_ssl_method_t meth = NULL; - - // Note that we do not call RAND_seed() explicitly here, we depend on OpenSSL - // to do the seeding of the PRNG for us. This is the case for all platforms that - // has /dev/urandom for example. - - meth = SSLv23_server_method(); - ctx = SSL_CTX_new(meth); - if (!ctx) { - logSSLError("Cannot create new server contex."); - return (-1); - } - - return initSSLServerCTX(ctx, param, param->serverCertPath, param->serverCertChainPath, param->serverKeyPath, true); -} - -int SSLNetProcessor::initSSLServerCTX(SSL_CTX * lCtx, const SslConfigParams * param, const char *serverCertPtr, const char *serverCaCertPtr, const char *serverKeyPtr, bool defaultEnabled)
