TLS squid.conf settings for a remote server peer. More...

#include <PeerOptions.h>

Inheritance diagram for Security::PeerOptions:
Collaboration diagram for Security::PeerOptions:

Classes

struct  flags_
 flags governing Squid internal TLS operations More...
 

Public Member Functions

 PeerOptions ()
 
 PeerOptions (const PeerOptions &)=default
 
PeerOptionsoperator= (const PeerOptions &)=default
 
 PeerOptions (PeerOptions &&)=default
 
PeerOptionsoperator= (PeerOptions &&)=default
 
virtual ~PeerOptions ()
 
virtual void parse (const char *)
 parse a TLS squid.conf option More...
 
void parseOptions ()
 parse and verify the [tls-]options= string in sslOptions More...
 
virtual void clear ()
 reset the configuration details to default More...
 
virtual Security::ContextPointer createBlankContext () const
 generate an unset security context object More...
 
Security::ContextPointer createClientContext (bool setOptions)
 generate a security client-context from these configured options More...
 
void updateTlsVersionLimits ()
 sync the context options with tls-min-version=N configuration More...
 
void updateContextOptions (Security::ContextPointer &)
 Setup the library specific 'options=' parameters for the given context. More...
 
void updateContextNpn (Security::ContextPointer &)
 setup the NPN extension details for the given context More...
 
void updateContextCa (Security::ContextPointer &)
 setup the CA details for the given context More...
 
void updateContextCrl (Security::ContextPointer &)
 setup the CRL details for the given context More...
 
void updateContextTrust (Security::ContextPointer &)
 decide which CAs to trust More...
 
void updateSessionOptions (Security::SessionPointer &)
 setup any library-specific options that can be set for the given session More...
 
virtual void dumpCfg (Packable *, const char *pfx) const
 output squid.conf syntax with 'pfx' prefix on parameters for the stored settings More...
 

Public Attributes

SBuf sslOptions
 library-specific options string More...
 
SBuf caDir
 path of directory containing a set of trusted Certificate Authorities More...
 
SBuf crlFile
 path of file containing Certificate Revoke List More...
 
SBuf sslCipher
 
SBuf sslFlags
 flags defining what TLS operations Squid performs More...
 
SBuf sslDomain
 
SBuf tlsMinVersion
 version label for minimum TLS version to permit More...
 
long parsedFlags = 0
 parsed value of sslFlags More...
 
std::list< Security::KeyDatacerts
 details from the cert= and file= config parameters More...
 
std::list< SBufcaFiles
 paths of files containing trusted Certificate Authority More...
 
Security::CertRevokeList parsedCrl
 CRL to use when verifying the remote end certificate. More...
 
bool encryptTransport = false
 whether transport encryption (TLS/SSL) is to be used on connections to the peer More...
 

Protected Member Functions

template<typename T >
Security::ContextPointer convertContextFromRawPtr (T ctx) const
 

Protected Attributes

int sslVersion = 0
 
struct Security::PeerOptions::flags_ flags
 

Private Member Functions

long parseFlags ()
 
void loadCrlFile ()
 
void loadKeysFile ()
 

Private Attributes

SBuf tlsMinOptions
 
Security::ParsedOptions parsedOptions
 
bool optsReparse = true
 whether parsedOptions content needs to be regenerated More...
 

Detailed Description

Definition at line 22 of file PeerOptions.h.

Constructor & Destructor Documentation

◆ PeerOptions() [1/3]

Security::PeerOptions::PeerOptions ( )

Definition at line 24 of file PeerOptions.cc.

References parseOptions().

Referenced by clear().

◆ PeerOptions() [2/3]

Security::PeerOptions::PeerOptions ( const PeerOptions )
default

◆ PeerOptions() [3/3]

Security::PeerOptions::PeerOptions ( PeerOptions &&  )
default

◆ ~PeerOptions()

virtual Security::PeerOptions::~PeerOptions ( )
inlinevirtual

Definition at line 30 of file PeerOptions.h.

Member Function Documentation

◆ clear()

virtual void Security::PeerOptions::clear ( )
inlinevirtual

Reimplemented in Security::ServerOptions.

Definition at line 39 of file PeerOptions.h.

References PeerOptions().

◆ convertContextFromRawPtr()

template<typename T >
Security::ContextPointer Security::PeerOptions::convertContextFromRawPtr ( ctx) const
inlineprotected

Definition at line 108 of file PeerOptions.h.

References assert, and debugs.

◆ createBlankContext()

Security::ContextPointer Security::PeerOptions::createBlankContext ( ) const
virtual

Reimplemented in Security::ServerOptions.

Definition at line 239 of file PeerOptions.cc.

References debugs, Security::ErrorString(), fatalf(), Ssl::Initialize(), and TLS_client_method.

◆ createClientContext()

Security::ContextPointer Security::PeerOptions::createClientContext ( bool  setOptions)

Definition at line 269 of file PeerOptions.cc.

References Ssl::InitClientContext().

Referenced by configDoConfigure().

◆ dumpCfg()

void Security::PeerOptions::dumpCfg ( Packable p,
const char *  pfx 
) const
virtual

Reimplemented in Security::ServerOptions.

Definition at line 103 of file PeerOptions.cc.

References Packable::appendf(), SQUIDSBUFPH, and SQUIDSBUFPRINT.

Referenced by dump_peer_options(), and Security::ServerOptions::dumpCfg().

◆ loadCrlFile()

void Security::PeerOptions::loadCrlFile ( )
private

Load a CRLs list stored in the file whose /path/name is in crlFile replaces any CRL loaded previously

Definition at line 593 of file PeerOptions.cc.

References debugs, and NULL.

◆ loadKeysFile()

void Security::PeerOptions::loadKeysFile ( )
private

◆ operator=() [1/2]

PeerOptions& Security::PeerOptions::operator= ( const PeerOptions )
default

◆ operator=() [2/2]

PeerOptions& Security::PeerOptions::operator= ( PeerOptions &&  )
default

◆ parse()

void Security::PeerOptions::parse ( const char *  token)
virtual

◆ parseFlags()

long Security::PeerOptions::parseFlags ( )
private

◆ parseOptions()

void Security::PeerOptions::parseOptions ( )

Pre-parse TLS options= parameter to be applied when the TLS objects created. Options must not used in the case of peek or stare bump mode.

Definition at line 440 of file PeerOptions.cc.

References CharacterSet::ALPHA, SBuf::append(), Parser::Tokenizer::atEnd(), SBuf::c_str(), SBuf::cmp(), DBG_PARSE_NOTE, debugs, CharacterSet::DIGIT, Security::ErrorString(), fatalf(), Parser::Tokenizer::int64(), SBuf::isEmpty(), ssl_option::name, SQUIDSBUFPH, SQUIDSBUFPRINT, and ssl_options.

Referenced by parse_peer(), parse_securePeerOptions(), and PeerOptions().

◆ updateContextCa()

void Security::PeerOptions::updateContextCa ( Security::ContextPointer ctx)

Definition at line 667 of file PeerOptions.cc.

References DBG_IMPORTANT, debugs, Security::ErrorString(), and loadSystemTrustedCa().

◆ updateContextCrl()

void Security::PeerOptions::updateContextCrl ( Security::ContextPointer ctx)

Definition at line 703 of file PeerOptions.cc.

References debugs, SSL_FLAG_VERIFY_CRL, and SSL_FLAG_VERIFY_CRL_ALL.

◆ updateContextNpn()

void Security::PeerOptions::updateContextNpn ( Security::ContextPointer ctx)

Definition at line 636 of file PeerOptions.cc.

◆ updateContextOptions()

void Security::PeerOptions::updateContextOptions ( Security::ContextPointer ctx)

Definition at line 614 of file PeerOptions.cc.

◆ updateContextTrust()

void Security::PeerOptions::updateContextTrust ( Security::ContextPointer ctx)

Definition at line 728 of file PeerOptions.cc.

References assert, DBG_IMPORTANT, debugs, and Security::ErrorString().

◆ updateSessionOptions()

void Security::PeerOptions::updateSessionOptions ( Security::SessionPointer s)

◆ updateTlsVersionLimits()

void Security::PeerOptions::updateTlsVersionLimits ( )

Definition at line 151 of file PeerOptions.cc.

References SBuf::append(), SBuf::chop(), DBG_PARSE_NOTE, and debugs.

Member Data Documentation

◆ caDir

SBuf Security::PeerOptions::caDir

Definition at line 78 of file PeerOptions.h.

◆ caFiles

std::list<SBuf> Security::PeerOptions::caFiles

Definition at line 103 of file PeerOptions.h.

◆ certs

std::list<Security::KeyData> Security::PeerOptions::certs

Definition at line 102 of file PeerOptions.h.

Referenced by Ssl::InitClientContext().

◆ crlFile

SBuf Security::PeerOptions::crlFile

Definition at line 79 of file PeerOptions.h.

◆ encryptTransport

◆ flags

struct Security::PeerOptions::flags_ Security::PeerOptions::flags
protected

◆ optsReparse

bool Security::PeerOptions::optsReparse = true
private

Definition at line 97 of file PeerOptions.h.

◆ parsedCrl

Security::CertRevokeList Security::PeerOptions::parsedCrl

Definition at line 104 of file PeerOptions.h.

◆ parsedFlags

long Security::PeerOptions::parsedFlags = 0

Definition at line 100 of file PeerOptions.h.

◆ parsedOptions

Security::ParsedOptions Security::PeerOptions::parsedOptions
private

Parsed value of sslOptions + tlsMinOptions settings. Set optsReparse=true to have this re-parsed before next use.

Definition at line 94 of file PeerOptions.h.

◆ sslCipher

SBuf Security::PeerOptions::sslCipher

Definition at line 81 of file PeerOptions.h.

Referenced by Ssl::InitClientContext().

◆ sslDomain

SBuf Security::PeerOptions::sslDomain

Definition at line 83 of file PeerOptions.h.

Referenced by Security::BlindPeerConnector::initialize().

◆ sslFlags

SBuf Security::PeerOptions::sslFlags

Definition at line 82 of file PeerOptions.h.

◆ sslOptions

SBuf Security::PeerOptions::sslOptions

Definition at line 77 of file PeerOptions.h.

◆ sslVersion

int Security::PeerOptions::sslVersion = 0
protected

Definition at line 127 of file PeerOptions.h.

◆ tlsMinOptions

SBuf Security::PeerOptions::tlsMinOptions
private

Library-specific options string generated from tlsMinVersion. Call updateTlsVersionLimits() to regenerate this string.

Definition at line 90 of file PeerOptions.h.

◆ tlsMinVersion

SBuf Security::PeerOptions::tlsMinVersion

Definition at line 85 of file PeerOptions.h.


The documentation for this class was generated from the following files:

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors