OpenSSL uses extension-data API with SSL_set_ex_data() SSL_get_ex_data() to store extra details in one part of code and retrieve them in others.
Thus the globals.h 'registrations' for these data: extern int ssl_ex_index_server; /* -1 */ extern int ssl_ctx_ex_index_dont_verify_domain; /* -1 */ extern int ssl_ex_index_cert_error_check; /* -1 */ extern int ssl_ex_index_ssl_error_detail; /* -1 */ extern int ssl_ex_index_ssl_peeked_cert; /* -1 */ extern int ssl_ex_index_ssl_errors; /* -1 */ extern int ssl_ex_index_ssl_cert_chain; /* -1 */ extern int ssl_ex_index_ssl_validation_counter; /* -1 */ GnuTLS has a similar feature, BUT critical difference is that we have to store a raw-pointer and can only attach one to a session. We cannot register different datums like OpenSSL does. The obvious solution is merging the above items into a single custom class and have a static getter function to retrieve the relevant object from a session. Creating and attaching an instance of that class if the session has none yet. I intend to do it one at a time. Starting with ssl_ex_index_server, and moving on to the others only as the non-OpenSSL code needs them. Christos; this is most likely going to be a fairly major impact on your pending work, and need some of your time testing things work okay still. Amos _______________________________________________ squid-dev mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-dev
