Re: [PATCH] Ssl::PeerConnector class

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 23 Apr 2014 07:18:38 +1200

On 13/04/2014 6:36 a.m., Tsantilas Christos wrote:
> Hi all,
>
> This patch moves the SSL initialization code from FwdState class to a
> new Ssl::PeerConnector class, and uses the new class from tunnel.cc and
> FwdState.cc code to connect to ssl peer (ssl cache_peer or ssl server).
>
> The Ssl::PeerConnector class connects Squid client-side to a SSL
> cache_peer or SSL server. It is used by TunnelStateData and FwdState to
> initiate and establish the SSL connection. The Ssl::PeerConnector class
> handles peer certificate validation.
>
> The caller receives a call back with PeerConnectorAnswer. In the case
> the SSL connection is not established because of an error, an error
> object suitable for error response generation is attached to
> PeerConnectorAnser.
>
> The Ssl::PeerConnector class includes the old SSL initialization code
> from FwdState class.
>
> This is a Measurement Factory project
>

Hi Christos,
  Alex and I have just reached a design agreement about how to manage
these modularizations going forward.

We have decided to construct a namespace Security:: in a library at
security/libsecurity.la which presents the polished neutral API for
accessing SSL features. Leaving the code presenting OpenSSL specific API
in ssl/*

Since this class is already presenting a neutral API. Would you be able
to make this the first code moved to the new namespace Security::
(instead of Ssl::)?

+1 for commit regardless of whether you choose to accept this request.

Thank you.
Amos
Received on Tue Apr 22 2014 - 19:18:46 MDT

This archive was generated by hypermail 2.2.0 : Wed Apr 23 2014 - 12:00:13 MDT