Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Support loading custom OpenSSL provider #2357

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
yadij wants to merge 5 commits into squid-cache:master
base: master
Choose a base branch
Loading
from yadij:arc-openssl-provider-1

Conversation

@yadij
Copy link
Contributor

@yadij yadij commented Jan 17, 2026

When using OpenSSL, allow Squid to use a specific
crypto provider named in ssl_provider.

Replaces any system-wide configuration specified
using openssl.conf.

 

When using OpenSSL, allow Squid to use a specific
crypto provider named in ssl_provider.
Replaces any system-wide configuration specified
using openssl.conf.
@yadij yadij added the feature maintainer needs documentation updates for merge label Jan 17, 2026
Copy link
Contributor Author

yadij commented Jan 18, 2026

Existing builds will start to see something like this is cache.log on startup:

2026年01月18日 20:46:55| Provider: default( name[24]=OpenSSL Default Provider, version[5]=3.5.4, buildinfo[5]=3.5.4, status=1 )

When ssl_provider legacy is configured:

2026年01月18日 20:46:55| Provider: legacy( name[23]=OpenSSL Legacy Provider, version[5]=3.5.4, buildinfo[5]=3.5.4, status=1 )

@rousskov rousskov self-requested a review January 18, 2026 15:26
Copy link
Contributor

@rousskov rousskov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for adding this feature. I have not reviewed the entire PR yet, and will have more questions later, but these two change requests should allow you to make progress.

if (::Config.SSL.ssl_provider) {
if (!OSSL_PROVIDER_load(nullptr, ::Config.SSL.ssl_provider)) {
const auto ssl_error = ERR_get_error();
fatalf("Failed to load SSL provider: %s\n", Security::ErrorString(ssl_error));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please do not call fatalf() when reacting to a configuration application failure. Throw an exception instead.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately this function is not only called during startup. It can be delayed and called later in Squid operation after a reconfigure. The exception handlers for that case are not yet reliable.

FWIW, I planned to fix the above situation with the project moving init things into runners. But that work got stalled.

@yadij yadij requested a review from rousskov January 18, 2026 23:52
@yadij yadij added the S-waiting-for-reviewer ready for review: Set this when requesting a (re)review using GitHub PR Reviewers box label Jan 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rousskov rousskov Awaiting requested review from rousskov

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

feature maintainer needs documentation updates for merge S-waiting-for-reviewer ready for review: Set this when requesting a (re)review using GitHub PR Reviewers box

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

AltStyle によって変換されたページ (->オリジナル) /