BlindPeerConnector.cc
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2019 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #include "squid.h"
10 #include "CachePeer.h"
11 #include "comm/Connection.h"
12 #include "errorpage.h"
13 #include "fde.h"
14 #include "HttpRequest.h"
15 #include "neighbors.h"
18 #include "SquidConfig.h"
19 
20 CBDATA_NAMESPACED_CLASS_INIT(Security, BlindPeerConnector);
21 
24 {
25  const CachePeer *peer = serverConnection()->getPeer();
26  if (peer && peer->secure.encryptTransport)
27  return peer->sslContext;
28 
30 }
31 
32 bool
34 {
35  if (!Security::PeerConnector::initialize(serverSession)) {
36  debugs(83, 5, "Security::PeerConnector::initialize failed");
37  return false;
38  }
39 
40  const CachePeer *peer = serverConnection()->getPeer();
41  if (peer && peer->secure.encryptTransport) {
42  assert(peer);
43 
44  // NP: domain may be a raw-IP but it is now always set
45  assert(!peer->secure.sslDomain.isEmpty());
46 
47 #if USE_OPENSSL
48  // const loss is okay here, ssl_ex_index_server is only read and not assigned a destructor
49  SBuf *host = new SBuf(peer->secure.sslDomain);
50  SSL_set_ex_data(serverSession.get(), ssl_ex_index_server, host);
51  Ssl::setClientSNI(serverSession.get(), host->c_str());
52 
53  Security::SetSessionResumeData(serverSession, peer->sslSession);
54  } else {
55  SBuf *hostName = new SBuf(request->url.host());
56  SSL_set_ex_data(serverSession.get(), ssl_ex_index_server, (void*)hostName);
57  Ssl::setClientSNI(serverSession.get(), hostName->c_str());
58 #endif
59  }
60 
61  debugs(83, 5, "success");
62  return true;
63 }
64 
65 void
67 {
68  auto *peer = serverConnection()->getPeer();
69 
70  if (error) {
71  debugs(83, 5, "error=" << (void*)error);
72  // XXX: forward.cc calls peerConnectSucceeded() after an OK TCP connect but
73  // we call peerConnectFailed() if SSL failed afterwards. Is that OK?
74  // It is not clear whether we should call peerConnectSucceeded/Failed()
75  // based on TCP results, SSL results, or both. And the code is probably not
76  // consistent in this aspect across tunnelling and forwarding modules.
77  if (peer && peer->secure.encryptTransport)
78  peerConnectFailed(peer);
79  return;
80  }
81 
82  if (peer && peer->secure.encryptTransport) {
83  const int fd = serverConnection()->fd;
84  Security::MaybeGetSessionResumeData(fd_table[fd].ssl, peer->sslSession);
85  }
86 }
87 
#define fd_table
Definition: fde.h:157
#define assert(EX)
Definition: assert.h:17
struct SquidConfig::@122 ssl_client
int ssl_ex_index_server
virtual void noteNegotiationDone(ErrorState *)
Definition: SBuf.h:86
void error(char *format,...)
bool encryptTransport
whether transport encryption (TLS/SSL) is to be used on connections to the peer
Definition: PeerOptions.h:144
Security::ContextPointer sslContext
Definition: SquidConfig.h:513
CachePeer * getPeer() const
Definition: Connection.cc:98
bool isEmpty() const
Definition: SBuf.h:420
Security::ContextPointer sslContext
Definition: CachePeer.h:188
void peerConnectFailed(CachePeer *p)
Definition: neighbors.cc:1292
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Debug.h:124
Security::PeerOptions secure
security settings for peer connection
Definition: CachePeer.h:187
AnyP::Uri url
the request URI
Definition: HttpRequest.h:115
std::shared_ptr< SSL_CTX > ContextPointer
Definition: Context.h:29
Network/connection security abstraction layer.
Definition: Connection.h:31
void host(const char *src)
Definition: Uri.cc:47
virtual bool initialize(Security::SessionPointer &)
HttpRequestPointer request
peer connection trigger or cause
void setClientSNI(SSL *ssl, const char *fqdn)
Definition: support.cc:897
void SetSessionResumeData(const Security::SessionPointer &, const Security::SessionStatePointer &)
Definition: Session.cc:247
void MaybeGetSessionResumeData(const Security::SessionPointer &, Security::SessionStatePointer &data)
Definition: Session.cc:226
virtual bool initialize(Security::SessionPointer &)
Security::SessionStatePointer sslSession
Definition: CachePeer.h:189
Comm::ConnectionPointer const & serverConnection() const
mimics FwdState to minimize changes to FwdState::initiate/negotiateSsl
class SquidConfig Config
Definition: SquidConfig.cc:12
virtual Security::ContextPointer getTlsContext()
Return the configured TLS context object.
CBDATA_NAMESPACED_CLASS_INIT(Security, BlindPeerConnector)
std::shared_ptr< SSL > SessionPointer
Definition: Session.h:44

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors