[squid-dev] [PATCH] squid SSL subsystem did not initialized correctly

Thu, 06 Aug 2015 02:55:33 -0700 

Hi all,
Currently SSL subsystem did not initialized correctly in squid trunk. This is because of the Security::ProxyOutgoingConfig.encryptTransport which is always false so the client SSL CTX object never builds. As a result squid may not start if SSL is configured. I am attaching a small patch I am using in my squid trees to work with SSL. 
=== modified file 'src/cache_cf.cc'
--- src/cache_cf.cc	2015-08-04 21:04:09 +0000
+++ src/cache_cf.cc	2015-08-06 09:49:07 +0000
@@ -848,47 +848,46 @@
 #endif
         }
     } else {
         Config2.effectiveUserID = geteuid();
         Config2.effectiveGroupID = getegid();
     }
 
     if (NULL != Config.effectiveGroup) {
 
         struct group *grp = getgrnam(Config.effectiveGroup);
 
         if (NULL == grp) {
             fatalf("getgrnam failed to find groupid for effective group '%s'",
                    Config.effectiveGroup);
             return;
         }
 
         Config2.effectiveGroupID = grp->gr_gid;
     }
 
-    if (Security::ProxyOutgoingConfig.encryptTransport) {
-        debugs(3, DBG_IMPORTANT, "Initializing https:// proxy context");
-        Config.ssl_client.sslContext = Security::ProxyOutgoingConfig.createClientContext(false);
-        if (!Config.ssl_client.sslContext) {
-            debugs(3, DBG_CRITICAL, "ERROR: Could not initialize https:// proxy context");
-            self_destruct();
-        }
+    debugs(3, DBG_IMPORTANT, "Initializing https:// proxy context");
+    Security::ProxyOutgoingConfig.encryptTransport = true;
+    Config.ssl_client.sslContext = Security::ProxyOutgoingConfig.createClientContext(false);
+    if (!Config.ssl_client.sslContext) {
+        debugs(3, DBG_CRITICAL, "ERROR: Could not initialize https:// proxy context");
+        self_destruct();
     }
 
     for (CachePeer *p = Config.peers; p != NULL; p = p->next) {
 
         // default value for ssldomain= is the peer host/IP
         if (p->secure.sslDomain.isEmpty())
             p->secure.sslDomain = p->host;
 
         if (p->secure.encryptTransport) {
             debugs(3, DBG_IMPORTANT, "Initializing cache_peer " << p->name << " TLS context");
             p->sslContext = p->secure.createClientContext(true);
             if (!p->sslContext) {
                 debugs(3, DBG_CRITICAL, "ERROR: Could not initialize cache_peer " << p->name << " TLS context");
                 self_destruct();
             }
         }
     }
 
 #if USE_OPENSSL
     for (AnyP::PortCfgPointer s = HttpPortList; s != NULL; s = s->next) {


_______________________________________________
squid-dev mailing list
[email protected]
http://lists.squid-cache.org/listinfo/squid-dev

Reply via email to