PeerConnector.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2019 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SRC_SECURITY_PEERCONNECTOR_H
10 #define SQUID_SRC_SECURITY_PEERCONNECTOR_H
11 
12 #include "acl/Acl.h"
13 #include "base/AsyncCbdataCalls.h"
14 #include "base/AsyncJob.h"
15 #include "CommCalls.h"
16 #include "http/forward.h"
18 #include "security/forward.h"
19 #if USE_OPENSSL
20 #include "ssl/support.h"
21 #endif
22 
23 #include <iosfwd>
24 #include <queue>
25 
26 class ErrorState;
29 
30 namespace Security
31 {
32 
63 class PeerConnector: virtual public AsyncJob
64 {
66 
67 public:
69 
71  class CbDialer
72  {
73  public:
74  virtual ~CbDialer() {}
76  virtual Security::EncryptorAnswer &answer() = 0;
77  };
78 
79 public:
80  PeerConnector(const Comm::ConnectionPointer &aServerConn,
81  AsyncCall::Pointer &aCallback,
82  const AccessLogEntryPointer &alp,
83  const time_t timeout = 0);
84  virtual ~PeerConnector();
85 
86 protected:
87  // AsyncJob API
88  virtual void start();
89  virtual bool doneAll() const;
90  virtual void swanSong();
91  virtual const char *status() const;
92 
94  void commCloseHandler(const CommCloseCbParams &params);
95 
97  void connectionClosed(const char *reason);
98 
102  bool prepareSocket();
103 
105  virtual bool initialize(Security::SessionPointer &);
106 
109  void negotiate();
110 
114  bool sslFinalized();
115 
120  void handleNegotiateError(const int result);
121 
125  void noteWantRead();
126 
127 #if USE_OPENSSL
133 
135  void startCertDownloading(SBuf &url);
136 
138  void certDownloadingDone(SBuf &object, int status);
139 #endif
140 
143  virtual void noteWantWrite();
144 
149  virtual void noteNegotiationError(const int result, const int ssl_error, const int ssl_lib_error);
150 
155 
159 
162 
163  void bail(ErrorState *error);
164 
167  void callBack();
168 
171 
175 
180 private:
181  PeerConnector(const PeerConnector &); // not implemented
182  PeerConnector &operator =(const PeerConnector &); // not implemented
183 
184 #if USE_OPENSSL
187 
190 #endif
191 
192  static void NegotiateSsl(int fd, void *data);
193  void negotiateSsl();
194 
196  static const unsigned int MaxCertsDownloads = 10;
198  static const unsigned int MaxNestedDownloads = 3;
199 
202  time_t startTime;
204  std::queue<SBuf> urlsOfMissingCerts;
206  unsigned int certsDownloads;
207 };
208 
209 } // namespace Security
210 
211 #endif /* SQUID_SRC_SECURITY_PEERCONNECTOR_H */
212 
CBDATA_CLASS(PeerConnector)
virtual bool doneAll() const
whether positive goal has been reached
AccessLogEntryPointer al
info for the future access.log entry
void connectionClosed(const char *reason)
Inform us that the connection is closed. Does the required clean-up.
Definition: SBuf.h:86
void startCertDownloading(SBuf &url)
Start downloading procedure for the given URL.
void bypassCertValidator()
If called the certificates validator will not used.
PeerConnector(const Comm::ConnectionPointer &aServerConn, AsyncCall::Pointer &aCallback, const AccessLogEntryPointer &alp, const time_t timeout=0)
void error(char *format,...)
static const unsigned int MaxCertsDownloads
The maximum allowed missing certificates downloads.
time_t startTime
when the peer connector negotiation started
virtual const char * status() const
internal cleanup; do not call directly
AsyncCall::Pointer callback
we call this with the results
virtual void noteWantWrite()
CbcPointer< PeerConnector > Pointer
Definition: PeerConnector.h:68
void commCloseHandler(const CommCloseCbParams &params)
The comm_close callback handler.
void const char HLPCB void * data
Definition: stub_helper.cc:16
Comm::ConnectionPointer serverConn
TCP connection to the peer.
static void NegotiateSsl(int fd, void *data)
A wrapper for Comm::SetSelect() notifications.
std::shared_ptr< SSL_CTX > ContextPointer
Definition: Context.h:29
Network/connection security abstraction layer.
Definition: Connection.h:31
virtual Security::EncryptorAnswer & answer()=0
gives PeerConnector access to the in-dialer answer
void sslCrtvdHandleReply(Ssl::CertValidationResponsePointer)
Process response from cert validator helper.
void handleNegotiateError(const int result)
unsigned int certsDownloads
the number of downloaded missing certificates
AsyncCall::Pointer closeHandler
we call this when the connection closed
virtual void start()
Preps connection and SSL state. Calls negotiate().
static const unsigned int MaxNestedDownloads
The maximum allowed nested certificates downloads.
HttpRequestPointer request
peer connection trigger or cause
void certDownloadingDone(SBuf &object, int status)
Called by Downloader after a certificate object downloaded.
virtual void noteNegotiationDone(ErrorState *error)
Callback dialer API to allow PeerConnector to set the answer.
Definition: PeerConnector.h:71
virtual bool initialize(Security::SessionPointer &)
virtual Security::ContextPointer getTlsContext()=0
virtual void noteNegotiationError(const int result, const int ssl_error, const int ssl_lib_error)
void negotiateSsl()
Comm::SetSelect() callback. Direct calls tickle/resume negotiations.
Security::CertErrors * sslCrtvdCheckForErrors(Ssl::CertValidationResponse const &, Ssl::ErrorDetail *&)
Check SSL errors returned from cert validator against sslproxy_cert_error access list.
RefCount< AccessLogEntry > AccessLogEntryPointer
Definition: PeerConnector.h:27
Comm::ConnectionPointer const & serverConnection() const
mimics FwdState to minimize changes to FwdState::initiate/negotiateSsl
PeerConnector & operator=(const PeerConnector &)
void bail(ErrorState *error)
Return an error to the PeerConnector caller.
std::queue< SBuf > urlsOfMissingCerts
The list of URLs where missing certificates should be downloaded.
std::shared_ptr< SSL > SessionPointer
Definition: Session.h:44
time_t negotiationTimeout
the SSL connection timeout to use

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors