BlindPeerConnector.cc
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9#include "squid.h"
10#include "AccessLogEntry.h"
11#include "CachePeer.h"
12#include "comm/Connection.h"
13#include "errorpage.h"
14#include "fde.h"
15#include "HttpRequest.h"
16#include "neighbors.h"
19#include "SquidConfig.h"
20
22
25{
26 const CachePeer *peer = serverConnection()->getPeer();
27 if (peer && peer->secure.encryptTransport)
28 return peer->sslContext;
29
31}
32
33bool
35{
36 if (!Security::PeerConnector::initialize(serverSession)) {
37 debugs(83, 5, "Security::PeerConnector::initialize failed");
38 return false;
39 }
40
41 const CachePeer *peer = serverConnection()->getPeer();
42 if (peer && peer->secure.encryptTransport) {
43 assert(peer);
44
45 // NP: domain may be a raw-IP but it is now always set
47
48#if USE_OPENSSL
49 // const loss is okay here, ssl_ex_index_server is only read and not assigned a destructor
50 SBuf *host = new SBuf(peer->secure.sslDomain);
51 SSL_set_ex_data(serverSession.get(), ssl_ex_index_server, host);
52 Ssl::setClientSNI(serverSession.get(), host->c_str());
53
54 Security::SetSessionResumeData(serverSession, peer->sslSession);
55 } else {
56 SBuf *hostName = new SBuf(request->url.host());
57 SSL_set_ex_data(serverSession.get(), ssl_ex_index_server, (void*)hostName);
58 Ssl::setClientSNI(serverSession.get(), hostName->c_str());
59#endif
60 }
61
62 debugs(83, 5, "success");
63 return true;
64}
65
66void
68{
69 auto *peer = serverConnection()->getPeer();
70
71 if (error) {
72 debugs(83, 5, "error=" << (void*)error);
73 // XXX: FwdState calls NoteOutgoingConnectionSuccess() after an OK TCP connect, but
74 // we call noteFailure() if SSL failed afterwards. Is that OK?
75 // It is not clear whether we should call noteSuccess()/noteFailure()/etc.
76 // based on TCP results, SSL results, or both. And the code is probably not
77 // consistent in this aspect across tunnelling and forwarding modules.
78 if (peer && peer->secure.encryptTransport)
79 peer->noteFailure(error->httpStatus);
80 return;
81 }
82
83 if (peer && peer->secure.encryptTransport) {
84 const int fd = serverConnection()->fd;
85 Security::MaybeGetSessionResumeData(fd_table[fd].ssl, peer->sslSession);
86 }
87}
88
CBDATA_NAMESPACED_CLASS_INIT(Security, BlindPeerConnector)
class SquidConfig Config
Definition: SquidConfig.cc:12
void error(char *format,...)
#define assert(EX)
Definition: assert.h:17
Security::PeerOptions secure
security settings for peer connection
Definition: CachePeer.h:219
Security::SessionStatePointer sslSession
Definition: CachePeer.h:221
Security::ContextPointer sslContext
Definition: CachePeer.h:220
CachePeer * getPeer() const
Definition: Connection.cc:124
Definition: SBuf.h:94
const char * c_str()
Definition: SBuf.cc:516
bool isEmpty() const
Definition: SBuf.h:431
Security::ContextPointer getTlsContext() override
Return the configured TLS context object.
void noteNegotiationDone(ErrorState *) override
bool initialize(Security::SessionPointer &) override
virtual bool initialize(Security::SessionPointer &)
Comm::ConnectionPointer const & serverConnection() const
mimics FwdState to minimize changes to FwdState::initiate/negotiateSsl
bool encryptTransport
whether transport encryption (TLS/SSL) is to be used on connections to the peer
Definition: PeerOptions.h:147
struct SquidConfig::@116 ssl_client
Security::ContextPointer sslContext
Definition: SquidConfig.h:506
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Stream.h:194
#define fd_table
Definition: fde.h:189
int ssl_ex_index_server
void setClientSNI(SSL *ssl, const char *fqdn)
Definition: support.cc:1070
Network/connection security abstraction layer.
Definition: Connection.h:34
std::shared_ptr< SSL_CTX > ContextPointer
Definition: Context.h:29
void SetSessionResumeData(const Security::SessionPointer &, const Security::SessionStatePointer &)
Definition: Session.cc:246
std::shared_ptr< SSL > SessionPointer
Definition: Session.h:49
void MaybeGetSessionResumeData(const Security::SessionPointer &, Security::SessionStatePointer &data)
Definition: Session.cc:225

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors