Hi all,
This patch implements dynamic SSL certificate generartion in
Squid.When used with SSL Bump, the feature allows Squid to dynamically
generate (using a configurable CA certificate) and cache SSL
certificates for the proxied hosts.
A description for this feature can be found at:
http://wiki.squid-cache.org/Features/DynamicSslCert
A first version of the patch posted by Alex, some months before:
http://www.squid-cache.org/mail-archive/squid-dev/201003/0201.html
Some words about the patch:
* ssl related source files moved under the src/ssl directory
* Introduce the TidyPointer class similar to std::auto_ptr, which
implements a pointer that deletes the object it points to when the
pointer's owner or context is gone. It is designed to avoid memory
leaks in the presence of exceptions and processing short cuts.
* Implements ssl context cache to use with generated ssl contexts.
The Ssl::LocalContextStorage class stores the hostname/ssl context pairs
for a local listening address/port. The Ssl::GlobalContextStorage class
used to store Ssl::LocalContextStorages per local listening address and
handles squid shutdown/configure/reconfigure
* Ssl::Helper class implements the squid part of the ssl_crtd helpers.
* The ssl_crtd helper implemented in ssl_crtd.cc and
certificate_db.* files
* The Ssl::CertificateDb class (certificate_db.* files) implements
a database of certificates on disk files. It is used by ssl_crtd
helper to manipulate generated certificates.
* The ssl related files included in the libraries libsslutil.a which
contains common classes and functions and the libsquidssl.a which has
squid related ssl objects and functions
* Use the Ssl namespace for new ssl code
Authors: Alex Rousskov, Andrew Balabohin, Christos Tsantilas
This is a Measurement Factory Project.
This archive was generated by hypermail 2.2.0 : Thu Nov 11 2010 - 12:00:09 MST