NegotiationHistory.cc
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9#include "squid.h"
10#include "MemBuf.h"
11#include "security/NegotiationHistory.h"
12#include "SquidConfig.h"
13#if USE_OPENSSL
14#include "ssl/bio.h"
15#include "ssl/support.h"
16#endif
17
18Security::NegotiationHistory::NegotiationHistory()
19#if USE_OPENSSL
20 : cipher(nullptr)
21#endif
22{
23}
24
25const char *
26Security::NegotiationHistory::printTlsVersion(AnyP::ProtocolVersion const &v) const
27{
28 if (!TlsFamilyProtocol(v))
29 return nullptr;
30
31 static char buf[512];
32 snprintf(buf, sizeof(buf), "%s/%d.%d", AnyP::ProtocolType_str[v.protocol], v.major, v.minor);
33 return buf;
34}
35
36#if USE_OPENSSL
37static AnyP::ProtocolVersion
38toProtocolVersion(const int v)
39{
40 switch(v) {
41#if defined(TLS1_3_VERSION)
42 case TLS1_3_VERSION:
43 return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 3);
44#endif
45#if defined(TLS1_2_VERSION)
46 case TLS1_2_VERSION:
47 return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 2);
48#endif
49#if defined(TLS1_1_VERSION)
50 case TLS1_1_VERSION:
51 return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 1);
52#endif
53#if defined(TLS1_VERSION)
54 case TLS1_VERSION:
55 return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 0);
56#endif
57#if defined(SSL3_VERSION)
58 case SSL3_VERSION:
59 return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 3, 0);
60#endif
61#if defined(SSL2_VERSION)
62 case SSL2_VERSION:
63 return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 2, 0);
64#endif
65 default:
66 return AnyP::ProtocolVersion();
67 }
68}
69#endif
70
71void
72Security::NegotiationHistory::retrieveNegotiatedInfo(const Security::SessionPointer &session)
73{
74#if USE_OPENSSL
75 if ((cipher = SSL_get_current_cipher(session.get()))) {
76 // Set the negotiated version only if the cipher negotiated
77 // else probably the negotiation is not completed and version
78 // is not the final negotiated version
79 version_ = toProtocolVersion(SSL_version(session.get()));
80 }
81
82 if (Debug::Enabled(83, 5)) {
83 BIO *b = SSL_get_rbio(session.get());
84 Ssl::Bio *bio = static_cast<Ssl::Bio *>(BIO_get_data(b));
85 debugs(83, 5, "SSL connection info on FD " << bio->fd() <<
86 " SSL version " << version_ <<
87 " negotiated cipher " << cipherName());
88 }
89#else
90 (void)session;
91#endif
92}
93
94void
95Security::NegotiationHistory::retrieveParsedInfo(Security::TlsDetails::Pointer const &details)
96{
97 if (details) {
98 helloVersion_ = details->tlsVersion;
99 supportedVersion_ = details->tlsSupportedVersion;
100 }
101}
102
103const char *
104Security::NegotiationHistory::cipherName() const
105{
106#if USE_OPENSSL
107 if (!cipher)
108 return nullptr;
109
110 return SSL_CIPHER_get_name(cipher);
111#else
112 return nullptr;
113#endif
114}
115
toProtocolVersion
static AnyP::ProtocolVersion toProtocolVersion(const int v)
Definition: NegotiationHistory.cc:38
AnyP::ProtocolVersion::major
unsigned int major
major version number
Definition: ProtocolVersion.h:40
AnyP::ProtocolVersion::protocol
ProtocolType protocol
which protocol this version is for
Definition: ProtocolVersion.h:39
AnyP::ProtocolVersion::minor
unsigned int minor
minor version number
Definition: ProtocolVersion.h:41
Debug::Enabled
static bool Enabled(const int section, const int level)
whether debugging the given section and the given level produces output
Definition: Stream.h:75
Security::NegotiationHistory::retrieveParsedInfo
void retrieveParsedInfo(Security::TlsDetails::Pointer const &details)
Extract information from parser stored in TlsDetails object.
Definition: NegotiationHistory.cc:95
Security::NegotiationHistory::retrieveNegotiatedInfo
void retrieveNegotiatedInfo(const Security::SessionPointer &)
Extract negotiation information from TLS object.
Definition: NegotiationHistory.cc:72
Security::NegotiationHistory::printTlsVersion
const char * printTlsVersion(AnyP::ProtocolVersion const &v) const
String representation of the TLS version 'v'.
Definition: NegotiationHistory.cc:26
Security::TlsDetails::tlsSupportedVersion
AnyP::ProtocolVersion tlsSupportedVersion
Definition: Handshake.h:35
Security::TlsDetails::tlsVersion
AnyP::ProtocolVersion tlsVersion
The TLS hello message version.
Definition: Handshake.h:31
Ssl::Bio
BIO source and sink node, handling socket I/O and monitoring SSL state.
Definition: bio.h:34
Ssl::Bio::fd
int fd() const
The SSL socket descriptor.
Definition: bio.h:49
debugs
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Stream.h:194
AnyP::ProtocolType_str
const char * ProtocolType_str[]
AnyP::PROTO_TLS
@ PROTO_TLS
Definition: ProtocolType.h:38
AnyP::PROTO_SSL
@ PROTO_SSL
Definition: ProtocolType.h:39
Ftp::ProtocolVersion
AnyP::ProtocolVersion ProtocolVersion()
Protocol version to use in Http::Message structures wrapping FTP messages.
Definition: Elements.cc:24
Security::SessionPointer
std::shared_ptr< SSL > SessionPointer
Definition: Session.h:49
Security::TlsFamilyProtocol
bool TlsFamilyProtocol(const AnyP::ProtocolVersion &version)
whether the given protocol belongs to the TLS/SSL group of protocols
Definition: Handshake.h:133
BIO_get_data
void * BIO_get_data(BIO *table)
Definition: openssl.h:62

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors