PeekingPeerConnector.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SRC_SSL_PEEKINGPEERCONNECTOR_H
10 #define SQUID_SRC_SSL_PEEKINGPEERCONNECTOR_H
11 
12 #include "security/PeerConnector.h"
13 
14 #if USE_OPENSSL
15 
16 namespace Ssl
17 {
18 
20 class PeekingPeerConnector: public Security::PeerConnector {
21  CBDATA_CLASS(PeekingPeerConnector);
22 public:
23  PeekingPeerConnector(HttpRequestPointer &aRequest,
24  const Comm::ConnectionPointer &aServerConn,
25  const Comm::ConnectionPointer &aClientConn,
26  AsyncCall::Pointer &aCallback,
27  const AccessLogEntryPointer &alp,
28  time_t timeout = 0);
29 
30  /* Security::PeerConnector API */
31  virtual bool initialize(Security::SessionPointer &);
32  virtual Security::ContextPointer getTlsContext();
33  virtual void noteWantWrite();
34  virtual void noteNegotiationError(const Security::ErrorDetailPointer &);
35  virtual void noteNegotiationDone(ErrorState *error);
36 
39  void handleServerCertificate();
40 
43  void checkForPeekAndSplice();
44 
46  void checkForPeekAndSpliceDone(Acl::Answer);
47 
49  void checkForPeekAndSpliceMatched(const Ssl::BumpMode finalMode);
50 
52  Ssl::BumpMode checkForPeekAndSpliceGuess() const;
53 
56  void serverCertificateVerified();
57 
59  void startTunneling();
60 
62  static void cbCheckForPeekAndSpliceDone(Acl::Answer, void *data);
63 
64 private:
65 
67  void tunnelInsteadOfNegotiating();
68 
69  Comm::ConnectionPointer clientConn;
70  AsyncCall::Pointer closeHandler;
71  bool splice;
72  bool serverCertificateHandled;
73 };
74 
75 } // namespace Ssl
76 
77 #endif /* USE_OPENSSL */
78 #endif /* SQUID_SRC_SSL_PEEKINGPEERCONNECTOR_H */
79 
Ssl::PeekingPeerConnector::noteNegotiationDone
virtual void noteNegotiationDone(ErrorState *error)
Definition: PeekingPeerConnector.cc:227
Ssl::PeekingPeerConnector::startTunneling
void startTunneling()
Abruptly stops TLS negotiation and starts tunneling.
Definition: PeekingPeerConnector.cc:274
Security::ContextPointer
std::shared_ptr< SSL_CTX > ContextPointer
Definition: Context.h:29
error
void error(char *format,...)
Ssl::BumpMode
BumpMode
Definition: support.h:126
Ssl::PeekingPeerConnector::checkForPeekAndSpliceGuess
Ssl::BumpMode checkForPeekAndSpliceGuess() const
Guesses the final bumping decision when no ssl_bump rules match.
Definition: PeekingPeerConnector.cc:129
Ssl::PeekingPeerConnector::initialize
virtual bool initialize(Security::SessionPointer &)
Definition: PeekingPeerConnector.cc:152
Ssl::PeekingPeerConnector
A PeerConnector for HTTP origin servers. Capable of SslBumping.
Definition: PeekingPeerConnector.h:20
Ssl::PeekingPeerConnector::PeekingPeerConnector
PeekingPeerConnector(HttpRequestPointer &aRequest, const Comm::ConnectionPointer &aServerConn, const Comm::ConnectionPointer &aClientConn, AsyncCall::Pointer &aCallback, const AccessLogEntryPointer &alp, time_t timeout=0)
Definition: PeekingPeerConnector.cc:28
Ssl::PeekingPeerConnector::splice
bool splice
whether we are going to splice or not
Definition: PeekingPeerConnector.h:71
Ssl
Definition: Xaction.cc:48
Ssl::PeekingPeerConnector::closeHandler
AsyncCall::Pointer closeHandler
we call this when the connection closed
Definition: PeekingPeerConnector.h:70
Ssl::PeekingPeerConnector::clientConn
Comm::ConnectionPointer clientConn
TCP connection to the client.
Definition: PeekingPeerConnector.h:69
Ssl::PeekingPeerConnector::serverCertificateHandled
bool serverCertificateHandled
whether handleServerCertificate() succeeded
Definition: PeekingPeerConnector.h:72
Security::SessionPointer
std::shared_ptr< SSL > SessionPointer
Definition: Session.h:49
Ssl::PeekingPeerConnector::getTlsContext
virtual Security::ContextPointer getTlsContext()
Definition: PeekingPeerConnector.cc:146
Ssl::PeekingPeerConnector::checkForPeekAndSpliceDone
void checkForPeekAndSpliceDone(Acl::Answer)
Callback function for ssl_bump acl check in step3 SSL bump step.
Definition: PeekingPeerConnector.cc:59
Ssl::PeekingPeerConnector::cbCheckForPeekAndSpliceDone
static void cbCheckForPeekAndSpliceDone(Acl::Answer, void *data)
A wrapper function for checkForPeekAndSpliceDone for use with acl.
Definition: PeekingPeerConnector.cc:51
Ssl::PeekingPeerConnector::CBDATA_CLASS
CBDATA_CLASS(PeekingPeerConnector)
Ssl::PeekingPeerConnector::checkForPeekAndSpliceMatched
void checkForPeekAndSpliceMatched(const Ssl::BumpMode finalMode)
Handles the final bumping decision.
Definition: PeekingPeerConnector.cc:93
Ssl::PeekingPeerConnector::noteNegotiationError
virtual void noteNegotiationError(const Security::ErrorDetailPointer &)
Called when the SSL_connect function aborts with an SSL negotiation error.
Definition: PeekingPeerConnector.cc:311
Ssl::PeekingPeerConnector::tunnelInsteadOfNegotiating
void tunnelInsteadOfNegotiating()
Inform caller class that the SSL negotiation aborted.

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors