NegotiationHistory.cc
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #include "squid.h"
10 #include "MemBuf.h"
12 #include "SquidConfig.h"
13 #if USE_OPENSSL
14 #include "ssl/bio.h"
15 #include "ssl/support.h"
16 #endif
17 
19 #if USE_OPENSSL
20  : cipher(nullptr)
21 #endif
22 {
23 }
24 
25 const char *
27 {
28  if (!TlsFamilyProtocol(v))
29  return nullptr;
30 
31  static char buf[512];
32  snprintf(buf, sizeof(buf), "%s/%d.%d", AnyP::ProtocolType_str[v.protocol], v.major, v.minor);
33  return buf;
34 }
35 
36 #if USE_OPENSSL
38 toProtocolVersion(const int v)
39 {
40  switch(v) {
41 #if defined(TLS1_3_VERSION)
42  case TLS1_3_VERSION:
44 #endif
45 #if defined(TLS1_2_VERSION)
46  case TLS1_2_VERSION:
48 #endif
49 #if defined(TLS1_1_VERSION)
50  case TLS1_1_VERSION:
52 #endif
53 #if defined(TLS1_VERSION)
54  case TLS1_VERSION:
56 #endif
57 #if defined(SSL3_VERSION)
58  case SSL3_VERSION:
60 #endif
61 #if defined(SSL2_VERSION)
62  case SSL2_VERSION:
64 #endif
65  default:
66  return AnyP::ProtocolVersion();
67  }
68 }
69 #endif
70 
71 void
73 {
74 #if USE_OPENSSL
75  if ((cipher = SSL_get_current_cipher(session.get()))) {
76  // Set the negotiated version only if the cipher negotiated
77  // else probably the negotiation is not completed and version
78  // is not the final negotiated version
79  version_ = toProtocolVersion(SSL_version(session.get()));
80  }
81 
82  if (Debug::Enabled(83, 5)) {
83  BIO *b = SSL_get_rbio(session.get());
84  Ssl::Bio *bio = static_cast<Ssl::Bio *>(BIO_get_data(b));
85  debugs(83, 5, "SSL connection info on FD " << bio->fd() <<
86  " SSL version " << version_ <<
87  " negotiated cipher " << cipherName());
88  }
89 #else
90  (void)session;
91 #endif
92 }
93 
94 void
96 {
97  if (details) {
98  helloVersion_ = details->tlsVersion;
99  supportedVersion_ = details->tlsSupportedVersion;
100  }
101 }
102 
103 const char *
105 {
106 #if USE_OPENSSL
107  if (!cipher)
108  return nullptr;
109 
110  return SSL_CIPHER_get_name(cipher);
111 #else
112  return nullptr;
113 #endif
114 }
115 
static AnyP::ProtocolVersion toProtocolVersion(const int v)
unsigned int major
major version number
ProtocolType protocol
which protocol this version is for
unsigned int minor
minor version number
static bool Enabled(const int section, const int level)
whether debugging the given section and the given level produces output
Definition: Stream.h:79
void retrieveParsedInfo(Security::TlsDetails::Pointer const &details)
Extract information from parser stored in TlsDetails object.
void retrieveNegotiatedInfo(const Security::SessionPointer &)
Extract negotiation information from TLS object.
const char * printTlsVersion(AnyP::ProtocolVersion const &v) const
String representation of the TLS version 'v'.
AnyP::ProtocolVersion tlsSupportedVersion
Definition: Handshake.h:35
AnyP::ProtocolVersion tlsVersion
The TLS hello message version.
Definition: Handshake.h:31
BIO source and sink node, handling socket I/O and monitoring SSL state.
Definition: bio.h:34
int fd() const
The SSL socket descriptor.
Definition: bio.h:49
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Stream.h:196
const char * ProtocolType_str[]
@ PROTO_TLS
Definition: ProtocolType.h:40
@ PROTO_SSL
Definition: ProtocolType.h:41
AnyP::ProtocolVersion ProtocolVersion()
Protocol version to use in Http::Message structures wrapping FTP messages.
Definition: Elements.cc:24
std::shared_ptr< SSL > SessionPointer
Definition: Session.h:49
bool TlsFamilyProtocol(const AnyP::ProtocolVersion &version)
whether the given protocol belongs to the TLS/SSL group of protocols
Definition: Handshake.h:133
void * BIO_get_data(BIO *table)
Definition: openssl.h:62

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors