BlindPeerConnector.cc
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #include "squid.h"
10 #include "AccessLogEntry.h"
11 #include "CachePeer.h"
12 #include "comm/Connection.h"
13 #include "errorpage.h"
14 #include "fde.h"
15 #include "HttpRequest.h"
16 #include "neighbors.h"
19 #include "SquidConfig.h"
20 
21 CBDATA_NAMESPACED_CLASS_INIT(Security, BlindPeerConnector);
22 
25 {
26  const CachePeer *peer = serverConnection()->getPeer();
27  if (peer && peer->secure.encryptTransport)
28  return peer->sslContext;
29 
31 }
32 
33 bool
35 {
36  if (!Security::PeerConnector::initialize(serverSession)) {
37  debugs(83, 5, "Security::PeerConnector::initialize failed");
38  return false;
39  }
40 
41  const CachePeer *peer = serverConnection()->getPeer();
42  if (peer && peer->secure.encryptTransport) {
43  assert(peer);
44 
45  // NP: domain may be a raw-IP but it is now always set
46  assert(!peer->secure.sslDomain.isEmpty());
47 
48 #if USE_OPENSSL
49  // const loss is okay here, ssl_ex_index_server is only read and not assigned a destructor
50  SBuf *host = new SBuf(peer->secure.sslDomain);
51  SSL_set_ex_data(serverSession.get(), ssl_ex_index_server, host);
52  Ssl::setClientSNI(serverSession.get(), host->c_str());
53 
54  Security::SetSessionResumeData(serverSession, peer->sslSession);
55  } else {
56  SBuf *hostName = new SBuf(request->url.host());
57  SSL_set_ex_data(serverSession.get(), ssl_ex_index_server, (void*)hostName);
58  Ssl::setClientSNI(serverSession.get(), hostName->c_str());
59 #endif
60  }
61 
62  debugs(83, 5, "success");
63  return true;
64 }
65 
66 void
68 {
69  auto *peer = serverConnection()->getPeer();
70 
71  if (error) {
72  debugs(83, 5, "error=" << (void*)error);
73  // XXX: forward.cc calls peerConnectSucceeded() after an OK TCP connect but
74  // we call peerConnectFailed() if SSL failed afterwards. Is that OK?
75  // It is not clear whether we should call peerConnectSucceeded/Failed()
76  // based on TCP results, SSL results, or both. And the code is probably not
77  // consistent in this aspect across tunnelling and forwarding modules.
78  if (peer && peer->secure.encryptTransport)
79  peerConnectFailed(peer);
80  return;
81  }
82 
83  if (peer && peer->secure.encryptTransport) {
84  const int fd = serverConnection()->fd;
85  Security::MaybeGetSessionResumeData(fd_table[fd].ssl, peer->sslSession);
86  }
87 }
88 
void peerConnectFailed(CachePeer *p)
Definition: neighbors.cc:1290
std::shared_ptr< SSL_CTX > ContextPointer
Definition: Context.h:29
virtual bool initialize(Security::SessionPointer &)
void MaybeGetSessionResumeData(const Security::SessionPointer &, Security::SessionStatePointer &data)
Definition: Session.cc:226
bool isEmpty() const
Definition: SBuf.h:420
struct SquidConfig::@123 ssl_client
void error(char *format,...)
Definition: SBuf.h:86
virtual bool initialize(Security::SessionPointer &)
Security::SessionStatePointer sslSession
Definition: CachePeer.h:192
virtual Security::ContextPointer getTlsContext()
Return the configured TLS context object.
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Debug.h:128
CachePeer * getPeer() const
Definition: Connection.cc:105
CBDATA_NAMESPACED_CLASS_INIT(Security, BlindPeerConnector)
#define assert(EX)
Definition: assert.h:19
Security::ContextPointer sslContext
Definition: CachePeer.h:191
const char * c_str()
Definition: SBuf.cc:526
int ssl_ex_index_server
#define fd_table
Definition: fde.h:189
virtual void noteNegotiationDone(ErrorState *)
std::shared_ptr< SSL > SessionPointer
Definition: Session.h:44
char * url
Definition: tcp-banger2.c:114
bool encryptTransport
whether transport encryption (TLS/SSL) is to be used on connections to the peer
Definition: PeerOptions.h:144
Security::ContextPointer sslContext
Definition: SquidConfig.h:520
Network/connection security abstraction layer.
Definition: Connection.h:33
Security::PeerOptions secure
security settings for peer connection
Definition: CachePeer.h:190
struct _request * request(char *urlin)
Definition: tcp-banger2.c:291
const Comm::ConnectionPointer & serverConnection() const
mimics FwdState to minimize changes to FwdState::initiate/negotiateSsl
void setClientSNI(SSL *ssl, const char *fqdn)
Definition: support.cc:897
class SquidConfig Config
Definition: SquidConfig.cc:12
void SetSessionResumeData(const Security::SessionPointer &, const Security::SessionStatePointer &)
Definition: Session.cc:247

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors