PeerOptions.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2019 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SRC_SECURITY_PEEROPTIONS_H
10 #define SQUID_SRC_SECURITY_PEEROPTIONS_H
11 
12 #include "base/YesNoNone.h"
13 #include "ConfigParser.h"
14 #include "security/KeyData.h"
15 
16 class Packable;
17 
18 namespace Security
19 {
20 
23 {
24 public:
25  PeerOptions();
26  PeerOptions(const PeerOptions &) = default;
27  PeerOptions &operator =(const PeerOptions &) = default;
28  PeerOptions(PeerOptions &&) = default;
29  PeerOptions &operator =(PeerOptions &&) = default;
30  virtual ~PeerOptions() {}
31 
33  virtual void parse(const char *);
34 
36  virtual void clear() {*this = PeerOptions();}
37 
40 
43 
46 
49 
52 
55 
58 
61 
64 
66  virtual void dumpCfg(Packable *, const char *pfx) const;
67 
68 private:
69  void parseOptions();
70  long parseFlags();
71  void loadCrlFile();
72  void loadKeysFile();
73 
74 public:
78 
82 
84 
86  long parsedFlags = 0;
87 
88  std::list<Security::KeyData> certs;
89  std::list<SBuf> caFiles;
91 
92 protected:
93  template<typename T>
95 #if USE_OPENSSL
96  return ContextPointer(ctx, [](SSL_CTX *p) {
97  debugs(83, 5, "SSL_free ctx=" << (void*)p);
98  SSL_CTX_free(p);
99  });
100 #elif USE_GNUTLS
101  return Security::ContextPointer(ctx, [](gnutls_certificate_credentials_t p) {
102  debugs(83, 5, "gnutls_certificate_free_credentials ctx=" << (void*)p);
103  gnutls_certificate_free_credentials(p);
104  });
105 #else
106  assert(!ctx);
107  return Security::ContextPointer();
108 #endif
109  }
110 
111  int sslVersion = 0;
112 
114  struct flags_ {
116  flags_(const flags_ &) = default;
117  flags_ &operator =(const flags_ &) = default;
118 
121 
123  bool tlsNpn;
124  } flags;
125 
126 public:
128  bool encryptTransport = false;
129 };
130 
133 
134 } // namespace Security
135 
136 // parse the tls_outgoing_options directive
138 #define free_securePeerOptions(x) Security::ProxyOutgoingConfig.clear()
139 #define dump_securePeerOptions(e,n,x) do { (e)->appendf(n); (x).dumpCfg((e),""); (e)->append("\n",1); } while(false)
140 
141 #endif /* SQUID_SRC_SECURITY_PEEROPTIONS_H */
142 
#define assert(EX)
Definition: assert.h:17
virtual void clear()
reset the configuration details to default
Definition: PeerOptions.h:36
Definition: SBuf.h:86
Security::ContextPointer convertContextFromRawPtr(T ctx) const
Definition: PeerOptions.h:94
void updateContextCrl(Security::ContextPointer &)
setup the CRL details for the given context
Definition: PeerOptions.cc:682
Security::ParsedOptions parsedOptions
parsed value of sslOptions
Definition: PeerOptions.h:85
bool encryptTransport
whether transport encryption (TLS/SSL) is to be used on connections to the peer
Definition: PeerOptions.h:128
Security::CertRevokeList parsedCrl
CRL to use when verifying the remote end certificate.
Definition: PeerOptions.h:90
YesNoNone tlsDefaultCa
whether to use the system default Trusted CA when verifying the remote end certificate ...
Definition: PeerOptions.h:120
SBuf sslOptions
library-specific options string
Definition: PeerOptions.h:75
long ParsedOptions
Definition: forward.h:129
bool tlsNpn
whether to use the TLS NPN extension on these connections
Definition: PeerOptions.h:123
char * p
Definition: membanger.c:43
TLS squid.conf settings for a remote server peer.
Definition: PeerOptions.h:22
void updateContextNpn(Security::ContextPointer &)
setup the NPN extension details for the given context
Definition: PeerOptions.cc:615
void updateContextCa(Security::ContextPointer &)
setup the CA details for the given context
Definition: PeerOptions.cc:646
flags governing Squid internal TLS operations
Definition: PeerOptions.h:114
virtual ~PeerOptions()
Definition: PeerOptions.h:30
virtual Security::ContextPointer createBlankContext() const
generate an unset security context object
Definition: PeerOptions.cc:245
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Debug.h:124
#define true
Definition: GnuRegex.c:234
std::list< Security::CrlPointer > CertRevokeList
Definition: forward.h:82
void updateSessionOptions(Security::SessionPointer &)
setup any library-specific options that can be set for the given session
Definition: PeerOptions.cc:724
PeerOptions ProxyOutgoingConfig
configuration options for DIRECT server access
Definition: PeerOptions.cc:22
void updateContextTrust(Security::ContextPointer &)
decide which CAs to trust
Definition: PeerOptions.cc:707
void parse_securePeerOptions(Security::PeerOptions *)
Definition: PeerOptions.cc:749
SBuf crlFile
path of file containing Certificate Revoke List
Definition: PeerOptions.h:77
std::shared_ptr< SSL_CTX > ContextPointer
Definition: Context.h:29
Network/connection security abstraction layer.
Definition: Connection.h:31
Security::ContextPointer createClientContext(bool setOptions)
generate a security client-context from these configured options
Definition: PeerOptions.cc:275
SBuf sslFlags
flags defining what TLS operations Squid performs
Definition: PeerOptions.h:80
virtual void parse(const char *)
parse a TLS squid.conf option
Definition: PeerOptions.cc:31
SBuf tlsMinVersion
version label for minimum TLS version to permit
Definition: PeerOptions.h:83
SBuf caDir
path of directory containing a set of trusted Certificate Authorities
Definition: PeerOptions.h:76
void updateContextOptions(Security::ContextPointer &) const
Setup the library specific &#39;options=&#39; parameters for the given context.
Definition: PeerOptions.cc:594
flags_ & operator=(const flags_ &)=default
virtual void dumpCfg(Packable *, const char *pfx) const
output squid.conf syntax with &#39;pfx&#39; prefix on parameters for the stored settings
Definition: PeerOptions.cc:102
std::list< SBuf > caFiles
paths of files containing trusted Certificate Authority
Definition: PeerOptions.h:89
struct Security::PeerOptions::flags_ flags
std::list< Security::KeyData > certs
details from the cert= and file= config parameters
Definition: PeerOptions.h:88
void updateTlsVersionLimits()
sync the context options with tls-min-version=N configuration
Definition: PeerOptions.cc:150
void parseOptions()
parsed value of sslOptions
Definition: PeerOptions.cc:433
PeerOptions & operator=(const PeerOptions &)=default
long parsedFlags
parsed value of sslFlags
Definition: PeerOptions.h:86
std::shared_ptr< SSL > SessionPointer
Definition: Session.h:42

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors