Hello,
The attached patch removes broken and, AFAICT, unused "partial copy"
ServerOptions copy constructor.
I am not intimate with the affected code, so more work may be needed
around this change: If the partial copy constructor was meant to be
abused for something, then a new approach should be found for that use
case -- an approach that does not violate the standard copy constructor
post-conditions.
Thank you,
Alex.
Removed ServerOptions "partial copy" copy constructor.
AFAICT, the default copy constructor should work and the removed
explicit constructor was not copying the staticContext member, for no
documented reason (that I could find). It was also unused.
If the partial copy constructor was abused for something useful, then a
different approach should be found -- the one that does not violate the
standard copy constructor post-conditions.
=== modified file 'src/security/ServerOptions.cc'
--- src/security/ServerOptions.cc 2016-01-01 00:12:18 +0000
+++ src/security/ServerOptions.cc 2016-04-07 05:13:14 +0000
@@ -4,48 +4,40 @@
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
* Please see the COPYING and CONTRIBUTORS files for details.
*/
#include "squid.h"
#include "base/Packable.h"
#include "globals.h"
#include "security/ServerOptions.h"
#if USE_OPENSSL
#include "ssl/support.h"
#endif
#if HAVE_OPENSSL_ERR_H
#include <openssl/err.h>
#endif
#if HAVE_OPENSSL_X509_H
#include <openssl/x509.h>
#endif
-Security::ServerOptions::ServerOptions(const Security::ServerOptions &s) :
- dh(s.dh),
- dhParamsFile(s.dhParamsFile),
- eecdhCurve(s.eecdhCurve),
- parsedDhParams(s.parsedDhParams)
-{
-}
-
void
Security::ServerOptions::parse(const char *token)
{
if (!*token) {
// config says just "ssl" or "tls" (or "tls-")
encryptTransport = true;
return;
}
// parse the server-only options
if (strncmp(token, "dh=", 3) == 0) {
// clear any previous Diffi-Helman configuration
dh.clear();
dhParamsFile.clear();
eecdhCurve.clear();
dh.append(token + 3);
if (!dh.isEmpty()) {
auto pos = dh.find(':');
=== modified file 'src/security/ServerOptions.h'
--- src/security/ServerOptions.h 2016-01-15 06:57:17 +0000
+++ src/security/ServerOptions.h 2016-04-07 05:13:14 +0000
@@ -6,41 +6,40 @@
* Please see the COPYING and CONTRIBUTORS files for details.
*/
#ifndef SQUID_SRC_SECURITY_SERVEROPTIONS_H
#define SQUID_SRC_SECURITY_SERVEROPTIONS_H
#include "security/PeerOptions.h"
namespace Security
{
/// TLS squid.conf settings for a listening port
class ServerOptions : public PeerOptions
{
public:
ServerOptions() : PeerOptions() {
// Bug 4005: dynamic contexts use a lot of memory and it
// is more secure to have only a small set of trusted CA.
flags.tlsDefaultCa.defaultTo(false);
}
- explicit ServerOptions(const Security::ServerOptions &);
virtual ~ServerOptions() = default;
/* Security::PeerOptions API */
virtual void parse(const char *);
virtual void clear() {*this = ServerOptions();}
virtual Security::ContextPtr createBlankContext() const;
virtual void dumpCfg(Packable *, const char *pfx) const;
/// update the context with DH, EDH, EECDH settings
void updateContextEecdh(Security::ContextPtr &);
public:
/// TLS context to use for HTTPS accelerator or static SSL-Bump
Security::ContextPointer staticContext;
private:
void loadDhParams();
private:
SBuf dh; ///< Diffi-Helman cipher config
_______________________________________________
squid-dev mailing list
[email protected]
http://lists.squid-cache.org/listinfo/squid-dev
