TLS squid.conf settings for a remote server peer. More...
#include <PeerOptions.h>


| Classes | |
| struct | flags_ | 
| flags governing Squid internal TLS operations  More... | |
| Public Member Functions | |
| PeerOptions () | |
| PeerOptions (const PeerOptions &)=default | |
| PeerOptions & | operator= (const PeerOptions &)=default | 
| PeerOptions (PeerOptions &&)=default | |
| PeerOptions & | operator= (PeerOptions &&)=default | 
| virtual | ~PeerOptions () | 
| virtual void | parse (const char *) | 
| parse a TLS squid.conf option  More... | |
| void | parseOptions () | 
| parse and verify the [tls-]options= string in sslOptions  More... | |
| virtual void | clear () | 
| reset the configuration details to default  More... | |
| virtual Security::ContextPointer | createBlankContext () const | 
| generate an unset security context object  More... | |
| Security::ContextPointer | createClientContext (bool setOptions) | 
| generate a security client-context from these configured options  More... | |
| void | updateTlsVersionLimits () | 
| sync the context options with tls-min-version=N configuration  More... | |
| void | updateContextOptions (Security::ContextPointer &) | 
| Setup the library specific 'options=' parameters for the given context.  More... | |
| void | updateContextNpn (Security::ContextPointer &) | 
| setup the NPN extension details for the given context  More... | |
| void | updateContextCa (Security::ContextPointer &) | 
| setup the CA details for the given context  More... | |
| void | updateContextCrl (Security::ContextPointer &) | 
| setup the CRL details for the given context  More... | |
| void | updateContextTrust (Security::ContextPointer &) | 
| decide which CAs to trust  More... | |
| void | updateSessionOptions (Security::SessionPointer &) | 
| setup any library-specific options that can be set for the given session  More... | |
| virtual void | dumpCfg (std::ostream &, const char *pfx) const | 
| output squid.conf syntax with 'pfx' prefix on parameters for the stored settings  More... | |
| Public Attributes | |
| SBuf | sslOptions | 
| library-specific options string  More... | |
| SBuf | caDir | 
| path of directory containing a set of trusted Certificate Authorities  More... | |
| SBuf | crlFile | 
| path of file containing Certificate Revoke List  More... | |
| SBuf | sslCipher | 
| SBuf | sslFlags | 
| flags defining what TLS operations Squid performs  More... | |
| SBuf | sslDomain | 
| SBuf | tlsMinVersion | 
| version label for minimum TLS version to permit  More... | |
| ParsedPortFlags | parsedFlags = 0 | 
| parsed value of sslFlags  More... | |
| std::list< Security::KeyData > | certs | 
| details from the cert= and file= config parameters  More... | |
| std::list< SBuf > | caFiles | 
| paths of files containing trusted Certificate Authority  More... | |
| Security::CertRevokeList | parsedCrl | 
| CRL to use when verifying the remote end certificate.  More... | |
| bool | encryptTransport = false | 
| whether transport encryption (TLS/SSL) is to be used on connections to the peer  More... | |
| Protected Member Functions | |
| template<typename T > | |
| Security::ContextPointer | convertContextFromRawPtr (T ctx) const | 
| Protected Attributes | |
| int | sslVersion = 0 | 
| struct Security::PeerOptions::flags_ | flags | 
| Private Member Functions | |
| ParsedPortFlags | parseFlags () | 
| void | loadCrlFile () | 
| void | loadKeysFile () | 
| Private Attributes | |
| SBuf | tlsMinOptions | 
| Security::ParsedOptions | parsedOptions | 
| bool | optsReparse = true | 
| whether parsedOptions content needs to be regenerated  More... | |
Detailed Description
Definition at line 25 of file PeerOptions.h.
Constructor & Destructor Documentation
◆ PeerOptions() [1/3]
| Security::PeerOptions::PeerOptions | ( | ) | 
◆ PeerOptions() [2/3]
| 
 | default | 
◆ PeerOptions() [3/3]
| 
 | default | 
◆ ~PeerOptions()
| 
 | inlinevirtual | 
Definition at line 33 of file PeerOptions.h.
Member Function Documentation
◆ clear()
| 
 | inlinevirtual | 
Reimplemented in Security::ServerOptions.
Definition at line 42 of file PeerOptions.h.
References PeerOptions().
◆ convertContextFromRawPtr()
| 
 | inlineprotected | 
Definition at line 111 of file PeerOptions.h.
◆ createBlankContext()
| 
 | virtual | 
Reimplemented in Security::ServerOptions.
Definition at line 246 of file PeerOptions.cc.
References debugs, Security::ErrorString(), fatalf(), Ssl::Initialize(), and TLS_client_method.
◆ createClientContext()
| Security::ContextPointer Security::PeerOptions::createClientContext | ( | bool | setOptions | ) | 
Definition at line 276 of file PeerOptions.cc.
References Ssl::InitClientContext().
Referenced by configDoConfigure().
◆ dumpCfg()
| 
 | virtual | 
Reimplemented in Security::ServerOptions.
Definition at line 110 of file PeerOptions.cc.
Referenced by dump_peer_options(), and Security::ServerOptions::dumpCfg().
◆ loadCrlFile()
| 
 | private | 
Load a CRLs list stored in the file whose /path/name is in crlFile replaces any CRL loaded previously
Definition at line 618 of file PeerOptions.cc.
References debugs.
◆ loadKeysFile()
| 
 | private | 
◆ operator=() [1/2]
| 
 | default | 
Referenced by Security::ServerOptions::operator=().
◆ operator=() [2/2]
| 
 | default | 
◆ parse()
| 
 | virtual | 
Reimplemented in Security::ServerOptions.
Definition at line 38 of file PeerOptions.cc.
References Security::KeyData::certFile, DBG_CRITICAL, DBG_PARSE_NOTE, debugs, fatal(), fatalf(), Security::KeyData::privateKeyFile, and xatoi().
Referenced by Security::ServerOptions::parse(), parse_obsolete(), and parse_securePeerOptions().
◆ parseFlags()
| 
 | private | 
Parses the TLS flags squid.conf parameter
Definition at line 554 of file PeerOptions.cc.
References DBG_IMPORTANT, DBG_PARSE_NOTE, debugs, fatal(), fatalf(), Here, SQUIDSBUFPH, SQUIDSBUFPRINT, SSL_FLAG_CONDITIONAL_AUTH, SSL_FLAG_DELAYED_AUTH, SSL_FLAG_DONT_VERIFY_DOMAIN, SSL_FLAG_DONT_VERIFY_PEER, SSL_FLAG_NO_DEFAULT_CA, SSL_FLAG_NO_SESSION_REUSE, SSL_FLAG_VERIFY_CRL, and SSL_FLAG_VERIFY_CRL_ALL.
◆ parseOptions()
| void Security::PeerOptions::parseOptions | ( | ) | 
Pre-parse TLS options= parameter to be applied when the TLS objects created. Options must not used in the case of peek or stare bump mode.
Definition at line 447 of file PeerOptions.cc.
References CharacterSet::ALPHA, SBuf::append(), Parser::Tokenizer::atEnd(), SBuf::c_str(), SBuf::cmp(), DBG_IMPORTANT, DBG_PARSE_NOTE, debugs, CharacterSet::DIGIT, Security::ErrorString(), fatalf(), Parser::Tokenizer::int64(), SBuf::isEmpty(), ssl_option::name, SQUIDSBUFPH, SQUIDSBUFPRINT, and ssl_options.
Referenced by parse_securePeerOptions(), and PeerOptions().
◆ updateContextCa()
| void Security::PeerOptions::updateContextCa | ( | Security::ContextPointer & | ctx | ) | 
Definition at line 696 of file PeerOptions.cc.
References DBG_IMPORTANT, debugs, Security::ErrorString(), and loadSystemTrustedCa().
◆ updateContextCrl()
| void Security::PeerOptions::updateContextCrl | ( | Security::ContextPointer & | ctx | ) | 
Definition at line 732 of file PeerOptions.cc.
References debugs, SSL_FLAG_VERIFY_CRL, and SSL_FLAG_VERIFY_CRL_ALL.
◆ updateContextNpn()
| void Security::PeerOptions::updateContextNpn | ( | Security::ContextPointer & | ctx | ) | 
Definition at line 664 of file PeerOptions.cc.
◆ updateContextOptions()
| void Security::PeerOptions::updateContextOptions | ( | Security::ContextPointer & | ctx | ) | 
Definition at line 639 of file PeerOptions.cc.
◆ updateContextTrust()
| void Security::PeerOptions::updateContextTrust | ( | Security::ContextPointer & | ctx | ) | 
Definition at line 759 of file PeerOptions.cc.
References assert, DBG_IMPORTANT, debugs, and Security::ErrorString().
◆ updateSessionOptions()
| void Security::PeerOptions::updateSessionOptions | ( | Security::SessionPointer & | s | ) | 
Definition at line 779 of file PeerOptions.cc.
References DBG_IMPORTANT, debugs, and Security::ErrorString().
Referenced by CreateSession().
◆ updateTlsVersionLimits()
| void Security::PeerOptions::updateTlsVersionLimits | ( | ) | 
Definition at line 158 of file PeerOptions.cc.
References SBuf::append(), SBuf::chop(), DBG_PARSE_NOTE, and debugs.
Member Data Documentation
◆ caDir
| SBuf Security::PeerOptions::caDir | 
Definition at line 81 of file PeerOptions.h.
◆ caFiles
| std::list<SBuf> Security::PeerOptions::caFiles | 
Definition at line 106 of file PeerOptions.h.
◆ certs
| std::list<Security::KeyData> Security::PeerOptions::certs | 
Definition at line 105 of file PeerOptions.h.
Referenced by Ssl::InitClientContext().
◆ crlFile
| SBuf Security::PeerOptions::crlFile | 
Definition at line 82 of file PeerOptions.h.
◆ encryptTransport
| bool Security::PeerOptions::encryptTransport = false | 
Definition at line 147 of file PeerOptions.h.
Referenced by Adaptation::Config::dumpService(), PeerPoolMgr::handleOpenedConnection(), Security::BlindPeerConnector::initialize(), netdbExchangeStart(), FwdState::secureConnectionToPeerIfNeeded(), and CachePeer::securityContext().
◆ flags
| 
 | protected | 
Referenced by Security::ServerOptions::ServerOptions().
◆ optsReparse
| 
 | private | 
Definition at line 100 of file PeerOptions.h.
◆ parsedCrl
| Security::CertRevokeList Security::PeerOptions::parsedCrl | 
Definition at line 107 of file PeerOptions.h.
◆ parsedFlags
| ParsedPortFlags Security::PeerOptions::parsedFlags = 0 | 
Definition at line 103 of file PeerOptions.h.
◆ parsedOptions
| 
 | private | 
Parsed value of sslOptions + tlsMinOptions settings. Set optsReparse=true to have this re-parsed before next use.
Definition at line 97 of file PeerOptions.h.
◆ sslCipher
| SBuf Security::PeerOptions::sslCipher | 
Definition at line 84 of file PeerOptions.h.
Referenced by Ssl::InitClientContext().
◆ sslDomain
| SBuf Security::PeerOptions::sslDomain | 
Definition at line 86 of file PeerOptions.h.
Referenced by Security::BlindPeerConnector::initialize().
◆ sslFlags
| SBuf Security::PeerOptions::sslFlags | 
Definition at line 85 of file PeerOptions.h.
◆ sslOptions
| SBuf Security::PeerOptions::sslOptions | 
Definition at line 80 of file PeerOptions.h.
◆ sslVersion
| 
 | protected | 
Definition at line 130 of file PeerOptions.h.
◆ tlsMinOptions
| 
 | private | 
Library-specific options string generated from tlsMinVersion. Call updateTlsVersionLimits() to regenerate this string.
Definition at line 93 of file PeerOptions.h.
◆ tlsMinVersion
| SBuf Security::PeerOptions::tlsMinVersion | 
Definition at line 88 of file PeerOptions.h.
The documentation for this class was generated from the following files:
- src/security/PeerOptions.h
- src/security/PeerOptions.cc
Introduction
- About Squid
- Why Squid?
- Squid Developers
- How to Donate
- How to Help Out
- Getting Squid
- Squid Source Packages
- Squid Deployment Case-Studies
- Squid Software Foundation
Documentation
- Quick Setup
- Configuration:
- FAQ and Wiki
- Guide Books:
- Non-English
- More...
Support
- Security Advisories
- Bugzilla Database
- Mailing lists
- Contacting us
- Commercial services
- Project Sponsors
- Squid-based products
