ServerCertificate.cc
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #include "squid.h"
10 
11 #if USE_OPENSSL
12 
13 #include "acl/CertificateData.h"
14 #include "acl/Checklist.h"
15 #include "acl/ServerCertificate.h"
16 #include "client_side.h"
17 #include "fde.h"
18 #include "http/Stream.h"
19 #include "ssl/ServerBump.h"
20 
21 int
23 {
25  if (checklist->serverCert)
26  cert = checklist->serverCert;
27  else if (checklist->al && Comm::IsConnOpen(checklist->al->hier.tcpServer)) {
28  const auto ssl = fd_table[checklist->al->hier.tcpServer->fd].ssl.get();
29  cert.resetWithoutLocking(SSL_get_peer_certificate(ssl));
30  } else if (checklist->conn() && checklist->conn()->serverBump())
31  cert = checklist->conn()->serverBump()->serverCert;
32 
33  if (!cert)
34  return 0;
35 
36  return data->match(cert.get());
37 }
38 
39 #endif /* USE_OPENSSL */
40 
HierarchyLogEntry hier
AccessLogEntry::Pointer al
info for the future access.log, and external ACL
bool IsConnOpen(const Comm::ConnectionPointer &conn)
Definition: Connection.cc:27
ConnStateData * conn() const
The client connection manager.
Security::CertPointer serverCert
virtual int match(ACLData< MatchType > *&, ACLFilledChecklist *) override
#define fd_table
Definition: fde.h:189
Comm::ConnectionPointer tcpServer
TCP/IP level details of the last peer/server connection.
virtual bool match(M)=0
Ssl::ServerBump * serverBump()
Definition: client_side.h:286
Security::CertPointer serverCert
Definition: ServerBump.h:57
void resetWithoutLocking(T *t)
Reset raw pointer - unlock any previous one and save new one without locking.
T * get() const
Returns raw and possibly nullptr pointer.

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors