NegotiationHistory.cc
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #include "squid.h"
10 #include "MemBuf.h"
11 #include "security/NegotiationHistory.h"
12 #include "SquidConfig.h"
13 #if USE_OPENSSL
14 #include "ssl/bio.h"
15 #include "ssl/support.h"
16 #endif
17 
18 Security::NegotiationHistory::NegotiationHistory()
19 #if USE_OPENSSL
20  : cipher(nullptr)
21 #endif
22 {
23 }
24 
25 const char *
26 Security::NegotiationHistory::printTlsVersion(AnyP::ProtocolVersion const &v) const
27 {
28  if (!TlsFamilyProtocol(v))
29  return nullptr;
30 
31  static char buf[512];
32  snprintf(buf, sizeof(buf), "%s/%d.%d", AnyP::ProtocolType_str[v.protocol], v.major, v.minor);
33  return buf;
34 }
35 
36 #if USE_OPENSSL
37 static AnyP::ProtocolVersion
38 toProtocolVersion(const int v)
39 {
40  switch(v) {
41 #if defined(TLS1_3_VERSION)
42  case TLS1_3_VERSION:
43  return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 3);
44 #endif
45 #if defined(TLS1_2_VERSION)
46  case TLS1_2_VERSION:
47  return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 2);
48 #endif
49 #if defined(TLS1_1_VERSION)
50  case TLS1_1_VERSION:
51  return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 1);
52 #endif
53 #if defined(TLS1_VERSION)
54  case TLS1_VERSION:
55  return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 0);
56 #endif
57 #if defined(SSL3_VERSION)
58  case SSL3_VERSION:
59  return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 3, 0);
60 #endif
61 #if defined(SSL2_VERSION)
62  case SSL2_VERSION:
63  return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 2, 0);
64 #endif
65  default:
66  return AnyP::ProtocolVersion();
67  }
68 }
69 #endif
70 
71 void
72 Security::NegotiationHistory::retrieveNegotiatedInfo(const Security::SessionPointer &session)
73 {
74 #if USE_OPENSSL
75  if ((cipher = SSL_get_current_cipher(session.get()))) {
76  // Set the negotiated version only if the cipher negotiated
77  // else probably the negotiation is not completed and version
78  // is not the final negotiated version
79  version_ = toProtocolVersion(SSL_version(session.get()));
80  }
81 
82  if (Debug::Enabled(83, 5)) {
83  BIO *b = SSL_get_rbio(session.get());
84  Ssl::Bio *bio = static_cast<Ssl::Bio *>(BIO_get_data(b));
85  debugs(83, 5, "SSL connection info on FD " << bio->fd() <<
86  " SSL version " << version_ <<
87  " negotiated cipher " << cipherName());
88  }
89 #else
90  (void)session;
91 #endif
92 }
93 
94 void
95 Security::NegotiationHistory::retrieveParsedInfo(Security::TlsDetails::Pointer const &details)
96 {
97  if (details) {
98  helloVersion_ = details->tlsVersion;
99  supportedVersion_ = details->tlsSupportedVersion;
100  }
101 }
102 
103 const char *
104 Security::NegotiationHistory::cipherName() const
105 {
106 #if USE_OPENSSL
107  if (!cipher)
108  return nullptr;
109 
110  return SSL_CIPHER_get_name(cipher);
111 #else
112  return nullptr;
113 #endif
114 }
115 
toProtocolVersion
static AnyP::ProtocolVersion toProtocolVersion(const int v)
Definition: NegotiationHistory.cc:38
AnyP::ProtocolVersion::major
unsigned int major
major version number
Definition: ProtocolVersion.h:40
AnyP::ProtocolVersion::protocol
ProtocolType protocol
which protocol this version is for
Definition: ProtocolVersion.h:39
AnyP::ProtocolVersion::minor
unsigned int minor
minor version number
Definition: ProtocolVersion.h:41
Debug::Enabled
static bool Enabled(const int section, const int level)
whether debugging the given section and the given level produces output
Definition: Stream.h:79
Security::NegotiationHistory::retrieveParsedInfo
void retrieveParsedInfo(Security::TlsDetails::Pointer const &details)
Extract information from parser stored in TlsDetails object.
Definition: NegotiationHistory.cc:95
Security::NegotiationHistory::retrieveNegotiatedInfo
void retrieveNegotiatedInfo(const Security::SessionPointer &)
Extract negotiation information from TLS object.
Definition: NegotiationHistory.cc:72
Security::NegotiationHistory::printTlsVersion
const char * printTlsVersion(AnyP::ProtocolVersion const &v) const
String representation of the TLS version 'v'.
Definition: NegotiationHistory.cc:26
Security::TlsDetails::tlsSupportedVersion
AnyP::ProtocolVersion tlsSupportedVersion
Definition: Handshake.h:35
Security::TlsDetails::tlsVersion
AnyP::ProtocolVersion tlsVersion
The TLS hello message version.
Definition: Handshake.h:31
Ssl::Bio
BIO source and sink node, handling socket I/O and monitoring SSL state.
Definition: bio.h:34
Ssl::Bio::fd
int fd() const
The SSL socket descriptor.
Definition: bio.h:49
debugs
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Stream.h:196
AnyP::ProtocolType_str
const char * ProtocolType_str[]
AnyP::PROTO_TLS
@ PROTO_TLS
Definition: ProtocolType.h:40
AnyP::PROTO_SSL
@ PROTO_SSL
Definition: ProtocolType.h:41
Ftp::ProtocolVersion
AnyP::ProtocolVersion ProtocolVersion()
Protocol version to use in Http::Message structures wrapping FTP messages.
Definition: Elements.cc:24
Security::SessionPointer
std::shared_ptr< SSL > SessionPointer
Definition: Session.h:49
Security::TlsFamilyProtocol
bool TlsFamilyProtocol(const AnyP::ProtocolVersion &version)
whether the given protocol belongs to the TLS/SSL group of protocols
Definition: Handshake.h:133
BIO_get_data
void * BIO_get_data(BIO *table)
Definition: openssl.h:62

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors