TLS squid.conf settings for a remote server peer. More...

#include <PeerOptions.h>

Inheritance diagram for Security::PeerOptions:
Collaboration diagram for Security::PeerOptions:

Classes

struct  flags_
 flags governing Squid internal TLS operations More...
 

Public Member Functions

 PeerOptions ()
 
 PeerOptions (const PeerOptions &)=default
 
PeerOptionsoperator= (const PeerOptions &)=default
 
 PeerOptions (PeerOptions &&)=default
 
PeerOptionsoperator= (PeerOptions &&)=default
 
virtual ~PeerOptions ()
 
virtual void parse (const char *)
 parse a TLS squid.conf option More...
 
void parseOptions ()
 parse and verify the [tls-]options= string in sslOptions More...
 
virtual void clear ()
 reset the configuration details to default More...
 
virtual Security::ContextPointer createBlankContext () const
 generate an unset security context object More...
 
Security::ContextPointer createClientContext (bool setOptions)
 generate a security client-context from these configured options More...
 
void updateTlsVersionLimits ()
 sync the context options with tls-min-version=N configuration More...
 
void updateContextOptions (Security::ContextPointer &)
 Setup the library specific 'options=' parameters for the given context. More...
 
void updateContextNpn (Security::ContextPointer &)
 setup the NPN extension details for the given context More...
 
void updateContextCa (Security::ContextPointer &)
 setup the CA details for the given context More...
 
void updateContextCrl (Security::ContextPointer &)
 setup the CRL details for the given context More...
 
void updateContextTrust (Security::ContextPointer &)
 decide which CAs to trust More...
 
void updateSessionOptions (Security::SessionPointer &)
 setup any library-specific options that can be set for the given session More...
 
virtual void dumpCfg (Packable *, const char *pfx) const
 output squid.conf syntax with 'pfx' prefix on parameters for the stored settings More...
 

Public Attributes

SBuf sslOptions
 library-specific options string More...
 
SBuf caDir
 path of directory containing a set of trusted Certificate Authorities More...
 
SBuf crlFile
 path of file containing Certificate Revoke List More...
 
SBuf sslCipher
 
SBuf sslFlags
 flags defining what TLS operations Squid performs More...
 
SBuf sslDomain
 
SBuf tlsMinVersion
 version label for minimum TLS version to permit More...
 
long parsedFlags = 0
 parsed value of sslFlags More...
 
std::list< Security::KeyDatacerts
 details from the cert= and file= config parameters More...
 
std::list< SBufcaFiles
 paths of files containing trusted Certificate Authority More...
 
Security::CertRevokeList parsedCrl
 CRL to use when verifying the remote end certificate. More...
 
bool encryptTransport = false
 whether transport encryption (TLS/SSL) is to be used on connections to the peer More...
 

Protected Member Functions

template<typename T >
Security::ContextPointer convertContextFromRawPtr (T ctx) const
 

Protected Attributes

int sslVersion = 0
 
struct Security::PeerOptions::flags_ flags
 

Private Member Functions

long parseFlags ()
 
void loadCrlFile ()
 
void loadKeysFile ()
 

Private Attributes

SBuf tlsMinOptions
 
Security::ParsedOptions parsedOptions
 
bool optsReparse = true
 whether parsedOptions content needs to be regenerated More...
 

Detailed Description

Definition at line 22 of file PeerOptions.h.

Constructor & Destructor Documentation

◆ PeerOptions() [1/3]

Security::PeerOptions::PeerOptions ( )

Definition at line 24 of file PeerOptions.cc.

References parseOptions().

Referenced by clear().

◆ PeerOptions() [2/3]

Security::PeerOptions::PeerOptions ( const PeerOptions )
default

◆ PeerOptions() [3/3]

Security::PeerOptions::PeerOptions ( PeerOptions &&  )
default

◆ ~PeerOptions()

virtual Security::PeerOptions::~PeerOptions ( )
inlinevirtual

Definition at line 30 of file PeerOptions.h.

References parse(), and parseOptions().

Member Function Documentation

◆ clear()

◆ convertContextFromRawPtr()

template<typename T >
Security::ContextPointer Security::PeerOptions::convertContextFromRawPtr ( ctx) const
inlineprotected

Definition at line 108 of file PeerOptions.h.

References assert, debugs, and p.

Referenced by createBlankContext(), and Security::ServerOptions::createBlankContext().

◆ createBlankContext()

Security::ContextPointer Security::PeerOptions::createBlankContext ( ) const
virtual

◆ createClientContext()

◆ dumpCfg()

◆ loadCrlFile()

void Security::PeerOptions::loadCrlFile ( )
private

Load a CRLs list stored in the file whose /path/name is in crlFile replaces any CRL loaded previously

Definition at line 593 of file PeerOptions.cc.

References SBuf::c_str(), crlFile, debugs, SBuf::isEmpty(), NULL, and parsedCrl.

Referenced by clear(), and parse().

◆ loadKeysFile()

void Security::PeerOptions::loadKeysFile ( )
private

Referenced by clear().

◆ operator=() [1/2]

PeerOptions& Security::PeerOptions::operator= ( const PeerOptions )
default

◆ operator=() [2/2]

PeerOptions& Security::PeerOptions::operator= ( PeerOptions &&  )
default

◆ parse()

◆ parseFlags()

◆ parseOptions()

◆ updateContextCa()

◆ updateContextCrl()

void Security::PeerOptions::updateContextCrl ( Security::ContextPointer ctx)

◆ updateContextNpn()

void Security::PeerOptions::updateContextNpn ( Security::ContextPointer ctx)

Definition at line 636 of file PeerOptions.cc.

References flags, and Security::PeerOptions::flags_::tlsNpn.

Referenced by clear(), and createClientContext().

◆ updateContextOptions()

void Security::PeerOptions::updateContextOptions ( Security::ContextPointer ctx)

◆ updateContextTrust()

void Security::PeerOptions::updateContextTrust ( Security::ContextPointer ctx)

◆ updateSessionOptions()

void Security::PeerOptions::updateSessionOptions ( Security::SessionPointer s)

◆ updateTlsVersionLimits()

Member Data Documentation

◆ caDir

SBuf Security::PeerOptions::caDir

Definition at line 78 of file PeerOptions.h.

Referenced by dumpCfg(), parse(), and updateContextCa().

◆ caFiles

std::list<SBuf> Security::PeerOptions::caFiles

◆ certs

◆ crlFile

SBuf Security::PeerOptions::crlFile

Definition at line 79 of file PeerOptions.h.

Referenced by dumpCfg(), loadCrlFile(), and parse().

◆ encryptTransport

◆ flags

◆ optsReparse

bool Security::PeerOptions::optsReparse = true
private

Definition at line 97 of file PeerOptions.h.

Referenced by parse(), parseOptions(), and updateTlsVersionLimits().

◆ parsedCrl

Security::CertRevokeList Security::PeerOptions::parsedCrl

Definition at line 104 of file PeerOptions.h.

Referenced by loadCrlFile(), and updateContextCrl().

◆ parsedFlags

◆ parsedOptions

Security::ParsedOptions Security::PeerOptions::parsedOptions
private

Parsed value of sslOptions + tlsMinOptions settings. Set optsReparse=true to have this re-parsed before next use.

Definition at line 94 of file PeerOptions.h.

Referenced by parseOptions(), updateContextOptions(), and updateSessionOptions().

◆ sslCipher

SBuf Security::PeerOptions::sslCipher

◆ sslDomain

SBuf Security::PeerOptions::sslDomain

◆ sslFlags

SBuf Security::PeerOptions::sslFlags

Definition at line 82 of file PeerOptions.h.

Referenced by dumpCfg(), parse(), and parseFlags().

◆ sslOptions

SBuf Security::PeerOptions::sslOptions

◆ sslVersion

int Security::PeerOptions::sslVersion = 0
protected

Definition at line 127 of file PeerOptions.h.

Referenced by parse(), and updateTlsVersionLimits().

◆ tlsMinOptions

SBuf Security::PeerOptions::tlsMinOptions
private

Library-specific options string generated from tlsMinVersion. Call updateTlsVersionLimits() to regenerate this string.

Definition at line 90 of file PeerOptions.h.

Referenced by parseOptions(), updateSessionOptions(), and updateTlsVersionLimits().

◆ tlsMinVersion

SBuf Security::PeerOptions::tlsMinVersion

Definition at line 85 of file PeerOptions.h.

Referenced by parse(), updateSessionOptions(), and updateTlsVersionLimits().


The documentation for this class was generated from the following files:

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors