NegotiationHistory.cc
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #include "squid.h"
10 #include "MemBuf.h"
11 #include "security/NegotiationHistory.h"
12 #include "SquidConfig.h"
13 #if USE_OPENSSL
14 #include "ssl/bio.h"
15 #include "ssl/support.h"
16 #endif
17 
18 Security::NegotiationHistory::NegotiationHistory()
19 #if USE_OPENSSL
20  : cipher(nullptr)
21 #endif
22 {
23 }
24 
25 const char *
26 Security::NegotiationHistory::printTlsVersion(AnyP::ProtocolVersion const &v) const
27 {
28  if (!TlsFamilyProtocol(v))
29  return nullptr;
30 
31  static char buf[512];
32  snprintf(buf, sizeof(buf), "%s/%d.%d", AnyP::ProtocolType_str[v.protocol], v.major, v.minor);
33  return buf;
34 }
35 
36 #if USE_OPENSSL
37 static AnyP::ProtocolVersion
38 toProtocolVersion(const int v)
39 {
40  switch(v) {
41 #if defined(TLS1_2_VERSION)
42  case TLS1_2_VERSION:
43  return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 2);
44 #endif
45 #if defined(TLS1_1_VERSION)
46  case TLS1_1_VERSION:
47  return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 1);
48 #endif
49 #if defined(TLS1_VERSION)
50  case TLS1_VERSION:
51  return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 0);
52 #endif
53 #if defined(SSL3_VERSION)
54  case SSL3_VERSION:
55  return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 3, 0);
56 #endif
57 #if defined(SSL2_VERSION)
58  case SSL2_VERSION:
59  return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 2, 0);
60 #endif
61  default:
62  return AnyP::ProtocolVersion();
63  }
64 }
65 #endif
66 
67 void
68 Security::NegotiationHistory::retrieveNegotiatedInfo(const Security::SessionPointer &session)
69 {
70 #if USE_OPENSSL
71  if ((cipher = SSL_get_current_cipher(session.get()))) {
72  // Set the negotiated version only if the cipher negotiated
73  // else probably the negotiation is not completed and version
74  // is not the final negotiated version
75  version_ = toProtocolVersion(SSL_version(session.get()));
76  }
77 
78  if (Debug::Enabled(83, 5)) {
79  BIO *b = SSL_get_rbio(session.get());
80  Ssl::Bio *bio = static_cast<Ssl::Bio *>(BIO_get_data(b));
81  debugs(83, 5, "SSL connection info on FD " << bio->fd() <<
82  " SSL version " << version_ <<
83  " negotiated cipher " << cipherName());
84  }
85 #endif
86 }
87 
88 void
89 Security::NegotiationHistory::retrieveParsedInfo(Security::TlsDetails::Pointer const &details)
90 {
91  if (details) {
92  helloVersion_ = details->tlsVersion;
93  supportedVersion_ = details->tlsSupportedVersion;
94  }
95 }
96 
97 const char *
98 Security::NegotiationHistory::cipherName() const
99 {
100 #if USE_OPENSSL
101  if (!cipher)
102  return nullptr;
103 
104  return SSL_CIPHER_get_name(cipher);
105 #else
106  return nullptr;
107 #endif
108 }
109 
AnyP::ProtocolVersion::major
unsigned int major
major version number
Definition: ProtocolVersion.h:40
Security::TlsDetails::tlsVersion
AnyP::ProtocolVersion tlsVersion
The TLS hello message version.
Definition: Handshake.h:31
AnyP::PROTO_SSL
@ PROTO_SSL
Definition: ProtocolType.h:41
Ftp::ProtocolVersion
AnyP::ProtocolVersion ProtocolVersion()
Protocol version to use in Http::Message structures wrapping FTP messages.
Definition: Elements.cc:24
Security::NegotiationHistory::retrieveParsedInfo
void retrieveParsedInfo(Security::TlsDetails::Pointer const &details)
Extract information from parser stored in TlsDetails object.
Definition: NegotiationHistory.cc:89
Security::TlsFamilyProtocol
bool TlsFamilyProtocol(const AnyP::ProtocolVersion &version)
whether the given protocol belongs to the TLS/SSL group of protocols
Definition: Handshake.h:136
AnyP::ProtocolVersion::minor
unsigned int minor
minor version number
Definition: ProtocolVersion.h:41
AnyP::ProtocolType_str
const char * ProtocolType_str[]
Security::NegotiationHistory::printTlsVersion
const char * printTlsVersion(AnyP::ProtocolVersion const &v) const
String representation of the TLS version 'v'.
Definition: NegotiationHistory.cc:26
Security::NegotiationHistory::cipherName
const char * cipherName() const
Definition: NegotiationHistory.cc:98
BIO_get_data
void * BIO_get_data(BIO *table)
Definition: openssl.h:60
AnyP::ProtocolVersion::protocol
ProtocolType protocol
which protocol this version is for
Definition: ProtocolVersion.h:39
Debug::Enabled
static bool Enabled(const int section, const int level)
whether debugging the given section and the given level produces output
Definition: Debug.h:75
Security::NegotiationHistory::retrieveNegotiatedInfo
void retrieveNegotiatedInfo(const Security::SessionPointer &)
Extract negotiation information from TLS object.
Definition: NegotiationHistory.cc:68
AnyP::PROTO_TLS
@ PROTO_TLS
Definition: ProtocolType.h:40
debugs
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Debug.h:128
toProtocolVersion
static AnyP::ProtocolVersion toProtocolVersion(const int v)
Definition: NegotiationHistory.cc:38
Ssl::Bio
BIO source and sink node, handling socket I/O and monitoring SSL state.
Definition: bio.h:34
Security::SessionPointer
std::shared_ptr< SSL > SessionPointer
Definition: Session.h:44
Security::TlsDetails::tlsSupportedVersion
AnyP::ProtocolVersion tlsSupportedVersion
Definition: Handshake.h:35
buf
void const char * buf
Definition: stub_helper.cc:16
Ssl::Bio::fd
int fd() const
The SSL socket descriptor.
Definition: bio.h:49

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors