PeerConnector.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SRC_SECURITY_PEERCONNECTOR_H
10 #define SQUID_SRC_SECURITY_PEERCONNECTOR_H
11 
12 #include "acl/Acl.h"
13 #include "base/AsyncCbdataCalls.h"
14 #include "base/AsyncJob.h"
15 #include "CommCalls.h"
16 #include "http/forward.h"
18 #include "security/forward.h"
19 #if USE_OPENSSL
20 #include "ssl/support.h"
21 #endif
22 
23 #include <iosfwd>
24 #include <queue>
25 
26 class ErrorState;
29 
30 namespace Security
31 {
32 
63 class PeerConnector: virtual public AsyncJob
64 {
66 
67 public:
69  class CbDialer
70  {
71  public:
72  virtual ~CbDialer() {}
74  virtual Security::EncryptorAnswer &answer() = 0;
75  };
76 
77 public:
78  PeerConnector(const Comm::ConnectionPointer &aServerConn,
79  AsyncCall::Pointer &aCallback,
80  const AccessLogEntryPointer &alp,
81  const time_t timeout = 0);
82  virtual ~PeerConnector();
83 
84 protected:
85  // AsyncJob API
86  virtual void start();
87  virtual bool doneAll() const;
88  virtual void swanSong();
89  virtual const char *status() const;
90 
92  void commCloseHandler(const CommCloseCbParams &params);
93 
95  void connectionClosed(const char *reason);
96 
100  bool prepareSocket();
101 
104  void setReadTimeout();
105 
107  virtual bool initialize(Security::SessionPointer &);
108 
111  void negotiate();
112 
116  bool sslFinalized();
117 
122  void handleNegotiateError(const int result);
123 
127  void noteWantRead();
128 
129 #if USE_OPENSSL
135 
137  void startCertDownloading(SBuf &url);
138 
140  void certDownloadingDone(SBuf &object, int status);
141 #endif
142 
145  virtual void noteWantWrite();
146 
151  virtual void noteNegotiationError(const int result, const int ssl_error, const int ssl_lib_error);
152 
157 
161 
164 
165  void bail(ErrorState *error);
166 
169  void callBack();
170 
173 
177 
182 private:
183  PeerConnector(const PeerConnector &); // not implemented
184  PeerConnector &operator =(const PeerConnector &); // not implemented
185 
186 #if USE_OPENSSL
189 
192 #endif
193 
195  static void NegotiateSsl(int fd, void *data);
196 
198  static const unsigned int MaxCertsDownloads = 10;
200  static const unsigned int MaxNestedDownloads = 3;
201 
204  time_t startTime;
206  std::queue<SBuf> urlsOfMissingCerts;
208  unsigned int certsDownloads;
209 };
210 
211 } // namespace Security
212 
213 #endif /* SQUID_SRC_SECURITY_PEERCONNECTOR_H */
214 
CBDATA_CLASS(PeerConnector)
AccessLogEntryPointer al
info for the future access.log entry
void connectionClosed(const char *reason)
Inform us that the connection is closed. Does the required clean-up.
virtual const char * status() const
internal cleanup; do not call directly
Definition: SBuf.h:87
void startCertDownloading(SBuf &url)
Start downloading procedure for the given URL.
void bypassCertValidator()
If called the certificates validator will not used.
PeerConnector(const Comm::ConnectionPointer &aServerConn, AsyncCall::Pointer &aCallback, const AccessLogEntryPointer &alp, const time_t timeout=0)
void error(char *format,...)
static const unsigned int MaxCertsDownloads
The maximum allowed missing certificates downloads.
time_t startTime
when the peer connector negotiation started
AsyncCall::Pointer callback
we call this with the results
virtual void noteWantWrite()
void commCloseHandler(const CommCloseCbParams &params)
The comm_close callback handler.
Comm::ConnectionPointer const & serverConnection() const
mimics FwdState to minimize changes to FwdState::initiate/negotiateSsl
void const char HLPCB void * data
Definition: stub_helper.cc:16
Comm::ConnectionPointer serverConn
TCP connection to the peer.
static void NegotiateSsl(int fd, void *data)
A wrapper function for negotiateSsl for use with Comm::SetSelect.
virtual bool doneAll() const
whether positive goal has been reached
std::shared_ptr< SSL_CTX > ContextPointer
Definition: Context.h:28
virtual Security::EncryptorAnswer & answer()=0
gives PeerConnector access to the in-dialer answer
void sslCrtvdHandleReply(Ssl::CertValidationResponsePointer)
Process response from cert validator helper.
void handleNegotiateError(const int result)
unsigned int certsDownloads
the number of downloaded missing certificates
AsyncCall::Pointer closeHandler
we call this when the connection closed
virtual void start()
Preps connection and SSL state. Calls negotiate().
static const unsigned int MaxNestedDownloads
The maximum allowed nested certificates downloads.
HttpRequestPointer request
peer connection trigger or cause
void certDownloadingDone(SBuf &object, int status)
Called by Downloader after a certificate object downloaded.
virtual void noteNegotiationDone(ErrorState *error)
Callback dialer API to allow PeerConnector to set the answer.
Definition: PeerConnector.h:69
virtual bool initialize(Security::SessionPointer &)
virtual Security::ContextPointer getTlsContext()=0
virtual void noteNegotiationError(const int result, const int ssl_error, const int ssl_lib_error)
Security::CertErrors * sslCrtvdCheckForErrors(Ssl::CertValidationResponse const &, Ssl::ErrorDetail *&)
Check SSL errors returned from cert validator against sslproxy_cert_error access list.
RefCount< AccessLogEntry > AccessLogEntryPointer
Definition: PeerConnector.h:27
PeerConnector & operator=(const PeerConnector &)
void bail(ErrorState *error)
Return an error to the PeerConnector caller.
std::queue< SBuf > urlsOfMissingCerts
The list of URLs where missing certificates should be downloaded.
std::shared_ptr< SSL > SessionPointer
Definition: Session.h:41
time_t negotiationTimeout
the SSL connection timeout to use

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors