PeerConnector.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2018 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SRC_SECURITY_PEERCONNECTOR_H
10 #define SQUID_SRC_SECURITY_PEERCONNECTOR_H
11 
12 #include "acl/Acl.h"
13 #include "base/AsyncCbdataCalls.h"
14 #include "base/AsyncJob.h"
15 #include "CommCalls.h"
16 #include "http/forward.h"
18 #include "security/forward.h"
19 #if USE_OPENSSL
20 #include "ssl/support.h"
21 #endif
22 
23 #include <iosfwd>
24 #include <queue>
25 
26 class ErrorState;
29 
30 namespace Security
31 {
32 
63 class PeerConnector: virtual public AsyncJob
64 {
66 
67 public:
69 
71  class CbDialer
72  {
73  public:
74  virtual ~CbDialer() {}
76  virtual Security::EncryptorAnswer &answer() = 0;
77  };
78 
79 public:
80  PeerConnector(const Comm::ConnectionPointer &aServerConn,
81  AsyncCall::Pointer &aCallback,
82  const AccessLogEntryPointer &alp,
83  const time_t timeout = 0);
84  virtual ~PeerConnector();
85 
86 protected:
87  // AsyncJob API
88  virtual void start();
89  virtual bool doneAll() const;
90  virtual void swanSong();
91  virtual const char *status() const;
92 
94  void commCloseHandler(const CommCloseCbParams &params);
95 
97  void connectionClosed(const char *reason);
98 
102  bool prepareSocket();
103 
106  void setReadTimeout();
107 
109  virtual bool initialize(Security::SessionPointer &);
110 
113  void negotiate();
114 
118  bool sslFinalized();
119 
124  void handleNegotiateError(const int result);
125 
129  void noteWantRead();
130 
131 #if USE_OPENSSL
137 
139  void startCertDownloading(SBuf &url);
140 
142  void certDownloadingDone(SBuf &object, int status);
143 #endif
144 
147  virtual void noteWantWrite();
148 
153  virtual void noteNegotiationError(const int result, const int ssl_error, const int ssl_lib_error);
154 
159 
163 
166 
167  void bail(ErrorState *error);
168 
171  void callBack();
172 
175 
179 
184 private:
185  PeerConnector(const PeerConnector &); // not implemented
186  PeerConnector &operator =(const PeerConnector &); // not implemented
187 
188 #if USE_OPENSSL
191 
194 #endif
195 
196  static void NegotiateSsl(int fd, void *data);
197  void negotiateSsl();
198 
200  static const unsigned int MaxCertsDownloads = 10;
202  static const unsigned int MaxNestedDownloads = 3;
203 
206  time_t startTime;
208  std::queue<SBuf> urlsOfMissingCerts;
210  unsigned int certsDownloads;
211 };
212 
213 } // namespace Security
214 
215 #endif /* SQUID_SRC_SECURITY_PEERCONNECTOR_H */
216 
CBDATA_CLASS(PeerConnector)
AccessLogEntryPointer al
info for the future access.log entry
void connectionClosed(const char *reason)
Inform us that the connection is closed. Does the required clean-up.
virtual const char * status() const
internal cleanup; do not call directly
Definition: SBuf.h:86
void startCertDownloading(SBuf &url)
Start downloading procedure for the given URL.
void bypassCertValidator()
If called the certificates validator will not used.
PeerConnector(const Comm::ConnectionPointer &aServerConn, AsyncCall::Pointer &aCallback, const AccessLogEntryPointer &alp, const time_t timeout=0)
void error(char *format,...)
static const unsigned int MaxCertsDownloads
The maximum allowed missing certificates downloads.
time_t startTime
when the peer connector negotiation started
AsyncCall::Pointer callback
we call this with the results
virtual void noteWantWrite()
CbcPointer< PeerConnector > Pointer
Definition: PeerConnector.h:68
void commCloseHandler(const CommCloseCbParams &params)
The comm_close callback handler.
Comm::ConnectionPointer const & serverConnection() const
mimics FwdState to minimize changes to FwdState::initiate/negotiateSsl
void const char HLPCB void * data
Definition: stub_helper.cc:16
Comm::ConnectionPointer serverConn
TCP connection to the peer.
static void NegotiateSsl(int fd, void *data)
A wrapper for Comm::SetSelect() notifications.
virtual bool doneAll() const
whether positive goal has been reached
std::shared_ptr< SSL_CTX > ContextPointer
Definition: Context.h:28
virtual Security::EncryptorAnswer & answer()=0
gives PeerConnector access to the in-dialer answer
void sslCrtvdHandleReply(Ssl::CertValidationResponsePointer)
Process response from cert validator helper.
void handleNegotiateError(const int result)
unsigned int certsDownloads
the number of downloaded missing certificates
AsyncCall::Pointer closeHandler
we call this when the connection closed
virtual void start()
Preps connection and SSL state. Calls negotiate().
static const unsigned int MaxNestedDownloads
The maximum allowed nested certificates downloads.
HttpRequestPointer request
peer connection trigger or cause
void certDownloadingDone(SBuf &object, int status)
Called by Downloader after a certificate object downloaded.
virtual void noteNegotiationDone(ErrorState *error)
Callback dialer API to allow PeerConnector to set the answer.
Definition: PeerConnector.h:71
virtual bool initialize(Security::SessionPointer &)
virtual Security::ContextPointer getTlsContext()=0
virtual void noteNegotiationError(const int result, const int ssl_error, const int ssl_lib_error)
void negotiateSsl()
Comm::SetSelect() callback. Direct calls tickle/resume negotiations.
Security::CertErrors * sslCrtvdCheckForErrors(Ssl::CertValidationResponse const &, Ssl::ErrorDetail *&)
Check SSL errors returned from cert validator against sslproxy_cert_error access list.
RefCount< AccessLogEntry > AccessLogEntryPointer
Definition: PeerConnector.h:27
PeerConnector & operator=(const PeerConnector &)
void bail(ErrorState *error)
Return an error to the PeerConnector caller.
std::queue< SBuf > urlsOfMissingCerts
The list of URLs where missing certificates should be downloaded.
std::shared_ptr< SSL > SessionPointer
Definition: Session.h:41
time_t negotiationTimeout
the SSL connection timeout to use

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors