TLS squid.conf settings for a listening port. More...
#include <ServerOptions.h>
Public Types | |
| typedef std::unique_ptr< STACK_OF(X509_NAME), Security::ServerOptions::sk_X509_NAME_free_wrapper > | X509_NAME_STACK_Pointer |
Public Member Functions | |
| sk_dtor_wrapper (sk_X509_NAME, STACK_OF(X509_NAME) *, X509_NAME_free) | |
| ServerOptions () | |
| ServerOptions (const ServerOptions &)=default | |
| ServerOptions & | operator= (const ServerOptions &) |
| ServerOptions (ServerOptions &&o) | |
| ServerOptions & | operator= (ServerOptions &&o) |
| virtual | ~ServerOptions ()=default |
| virtual void | parse (const char *) |
| parse a TLS squid.conf option More... | |
| virtual void | clear () |
| reset the configuration details to default More... | |
| virtual Security::ContextPointer | createBlankContext () const |
| generate an unset security context object More... | |
| virtual void | dumpCfg (Packable *, const char *pfx) const |
| output squid.conf syntax with 'pfx' prefix on parameters for the stored settings More... | |
| void | initServerContexts (AnyP::PortCfg &) |
| bool | updateContextConfig (Security::ContextPointer &) |
| update the given TLS security context using squid.conf settings More... | |
| void | updateContextEecdh (Security::ContextPointer &) |
| update the context with DH, EDH, EECDH settings More... | |
| void | updateContextClientCa (Security::ContextPointer &) |
| update the context with CA details used to verify client certificates More... | |
| void | updateContextSessionId (Security::ContextPointer &) |
| update the context with a configured session ID (if any) More... | |
| void | syncCaFiles () |
| sync the various sources of CA files to be loaded More... | |
| void | parseOptions () |
| parse and verify the [tls-]options= string in sslOptions More... | |
| Security::ContextPointer | createClientContext (bool setOptions) |
| generate a security client-context from these configured options More... | |
| void | updateTlsVersionLimits () |
| sync the context options with tls-min-version=N configuration More... | |
| void | updateContextOptions (Security::ContextPointer &) |
| Setup the library specific 'options=' parameters for the given context. More... | |
| void | updateContextNpn (Security::ContextPointer &) |
| setup the NPN extension details for the given context More... | |
| void | updateContextCa (Security::ContextPointer &) |
| setup the CA details for the given context More... | |
| void | updateContextCrl (Security::ContextPointer &) |
| setup the CRL details for the given context More... | |
| void | updateContextTrust (Security::ContextPointer &) |
| decide which CAs to trust More... | |
| void | updateSessionOptions (Security::SessionPointer &) |
| setup any library-specific options that can be set for the given session More... | |
Public Attributes | |
| Security::ContextPointer | staticContext |
| TLS context to use for HTTPS accelerator or static SSL-Bump. More... | |
| SBuf | staticContextSessionId |
| "session id context" for staticContext More... | |
| bool | generateHostCertificates = true |
| dynamically make host cert More... | |
| Security::KeyData | signingCa |
| x509 certificate and key for signing generated certificates More... | |
| Security::KeyData | untrustedSigningCa |
| x509 certificate and key for signing untrusted generated certificates More... | |
| size_t | dynamicCertMemCacheSize = 4*1024*1024 |
| max size of generated certificates memory cache (4 MB default) More... | |
| SBuf | sslOptions |
| library-specific options string More... | |
| SBuf | caDir |
| path of directory containing a set of trusted Certificate Authorities More... | |
| SBuf | crlFile |
| path of file containing Certificate Revoke List More... | |
| SBuf | sslCipher |
| SBuf | sslFlags |
| flags defining what TLS operations Squid performs More... | |
| SBuf | sslDomain |
| SBuf | tlsMinVersion |
| version label for minimum TLS version to permit More... | |
| long | parsedFlags = 0 |
| parsed value of sslFlags More... | |
| std::list< Security::KeyData > | certs |
| details from the cert= and file= config parameters More... | |
| std::list< SBuf > | caFiles |
| paths of files containing trusted Certificate Authority More... | |
| Security::CertRevokeList | parsedCrl |
| CRL to use when verifying the remote end certificate. More... | |
| bool | encryptTransport = false |
| whether transport encryption (TLS/SSL) is to be used on connections to the peer More... | |
Protected Member Functions | |
| template<typename T > | |
| Security::ContextPointer | convertContextFromRawPtr (T ctx) const |
Protected Attributes | |
| int | sslVersion = 0 |
| struct Security::PeerOptions::flags_ | flags |
Private Member Functions | |
| bool | loadClientCaFile () |
| void | loadDhParams () |
| bool | createStaticServerContext (AnyP::PortCfg &) |
| void | createSigningContexts (const AnyP::PortCfg &) |
Private Attributes | |
| SBuf | clientCaFile |
| name of file to load client CAs from More... | |
| X509_NAME_STACK_Pointer | clientCaStack |
| CA certificate(s) to use when verifying client certificates. More... | |
| SBuf | dh |
| Diffi-Helman cipher config. More... | |
| SBuf | dhParamsFile |
| Diffi-Helman ciphers parameter file. More... | |
| SBuf | eecdhCurve |
| Elliptic curve for ephemeral EC-based DH key exchanges. More... | |
| Security::DhePointer | parsedDhParams |
| DH parameters for temporary/ephemeral DH key exchanges. More... | |
Detailed Description
Definition at line 25 of file ServerOptions.h.
Member Typedef Documentation
◆ X509_NAME_STACK_Pointer
| typedef std::unique_ptr<STACK_OF(X509_NAME), Security::ServerOptions::sk_X509_NAME_free_wrapper> Security::ServerOptions::X509_NAME_STACK_Pointer |
Definition at line 30 of file ServerOptions.h.
Constructor & Destructor Documentation
◆ ServerOptions() [1/3]
|
inline |
Definition at line 33 of file ServerOptions.h.
References YesNoNone::defaultTo(), Security::PeerOptions::flags, operator=(), and Security::PeerOptions::flags_::tlsDefaultCa.
Referenced by clear().
◆ ServerOptions() [2/3]
|
default |
◆ ServerOptions() [3/3]
|
inline |
Definition at line 40 of file ServerOptions.h.
References operator=().
◆ ~ServerOptions()
|
virtualdefault |
Referenced by operator=().
Member Function Documentation
◆ clear()
|
inlinevirtual |
Reimplemented from Security::PeerOptions.
Definition at line 46 of file ServerOptions.h.
References createBlankContext(), dumpCfg(), initServerContexts(), ServerOptions(), syncCaFiles(), updateContextClientCa(), updateContextConfig(), updateContextEecdh(), and updateContextSessionId().
◆ convertContextFromRawPtr()
|
inlineprotectedinherited |
Definition at line 108 of file PeerOptions.h.
References assert, debugs, and p.
Referenced by Security::PeerOptions::createBlankContext(), and createBlankContext().
◆ createBlankContext()
|
virtual |
Reimplemented from Security::PeerOptions.
Definition at line 156 of file ServerOptions.cc.
References Security::PeerOptions::convertContextFromRawPtr(), DBG_CRITICAL, debugs, Security::ErrorString(), Ssl::Initialize(), and TLS_server_method.
Referenced by clear(), Ssl::createSSLContext(), and createStaticServerContext().
◆ createClientContext()
|
inherited |
Definition at line 269 of file PeerOptions.cc.
References Security::PeerOptions::createBlankContext(), Ssl::InitClientContext(), Security::PeerOptions::parsedFlags, Security::PeerOptions::updateContextCa(), Security::PeerOptions::updateContextCrl(), Security::PeerOptions::updateContextNpn(), Security::PeerOptions::updateContextOptions(), Security::PeerOptions::updateContextTrust(), and Security::PeerOptions::updateTlsVersionLimits().
Referenced by Security::PeerOptions::clear(), configDoConfigure(), and Adaptation::Icap::ServiceRep::finalize().
◆ createSigningContexts()
|
private |
initialize contexts for signing dynamic TLS certificates (if needed) the resulting keys are stored in signingCa and untrustedSigningCa
Definition at line 278 of file ServerOptions.cc.
References buf, Security::KeyData::cert, Security::PeerOptions::certs, DBG_CRITICAL, DBG_IMPORTANT, debugs, fatalf(), Ssl::generateUntrustedCert(), Security::KeyData::pkey, AnyP::ProtocolVersion::protocol, AnyP::ProtocolType_str, Security::LockingPointer< T, UnLocker, Locker >::reset(), AnyP::PortCfg::s, signingCa, Ip::Address::toUrl(), AnyP::PortCfg::transport, and untrustedSigningCa.
Referenced by initServerContexts().
◆ createStaticServerContext()
|
private |
generate a security server-context from these configured options the resulting context is stored in staticContext
- Returns
- true if a context could be created
Definition at line 207 of file ServerOptions.cc.
References SBuf::append(), SBuf::appendf(), Security::PeerOptions::certs, createBlankContext(), DBG_CRITICAL, DBG_IMPORTANT, debugs, error(), Security::ErrorString(), keys, loadClientCaFile(), staticContext, updateContextConfig(), and Security::PeerOptions::updateTlsVersionLimits().
Referenced by initServerContexts().
◆ dumpCfg()
|
virtual |
Reimplemented from Security::PeerOptions.
Definition at line 133 of file ServerOptions.cc.
References Packable::appendf(), dh, Security::PeerOptions::dumpCfg(), dynamicCertMemCacheSize, Security::PeerOptions::encryptTransport, generateHostCertificates, SBuf::isEmpty(), SQUIDSBUFPH, SQUIDSBUFPRINT, and staticContextSessionId.
Referenced by clear().
◆ initServerContexts()
| void Security::ServerOptions::initServerContexts | ( | AnyP::PortCfg & | port | ) |
initialize all server contexts as-needed and load PEM files. if none can be created this may do nothing.
Definition at line 186 of file ServerOptions.cc.
References buf, Security::PeerOptions::certs, createSigningContexts(), createStaticServerContext(), fatalf(), generateHostCertificates, AnyP::ProtocolVersion::protocol, AnyP::ProtocolType_str, AnyP::PortCfg::s, Ip::Address::toUrl(), and AnyP::PortCfg::transport.
Referenced by clear().
◆ loadClientCaFile()
|
private |
load clientca= file (if any) into memory.
- Return values
-
true clientca is not set, or loaded successfully false unable to load the file, or not using OpenSSL
Definition at line 331 of file ServerOptions.cc.
References SBuf::c_str(), clientCaFile, clientCaStack, DBG_CRITICAL, debugs, and SBuf::isEmpty().
Referenced by createStaticServerContext().
◆ loadDhParams()
|
private |
Definition at line 348 of file ServerOptions.cc.
References SBuf::c_str(), DBG_IMPORTANT, debugs, dhParamsFile, SBuf::isEmpty(), NULL, parsedDhParams, and Security::LockingPointer< T, UnLocker, Locker >::resetWithoutLocking().
Referenced by parse().
◆ operator=() [1/2]
| Security::ServerOptions & Security::ServerOptions::operator= | ( | const ServerOptions & | old | ) |
Definition at line 28 of file ServerOptions.cc.
References clientCaFile, clientCaStack, dh, dhParamsFile, dynamicCertMemCacheSize, eecdhCurve, generateHostCertificates, Security::PeerOptions::operator=(), parsedDhParams, signingCa, staticContextSessionId, and untrustedSigningCa.
Referenced by operator=(), and ServerOptions().
◆ operator=() [2/2]
|
inline |
Definition at line 41 of file ServerOptions.h.
References operator=(), parse(), and ~ServerOptions().
◆ parse()
|
virtual |
Reimplemented from Security::PeerOptions.
Definition at line 53 of file ServerOptions.cc.
References SBuf::append(), SBuf::clear(), clientCaFile, DBG_CRITICAL, DBG_IMPORTANT, DBG_PARSE_NOTE, debugs, dh, dhParamsFile, dynamicCertMemCacheSize, eecdhCurve, Security::PeerOptions::encryptTransport, SBuf::find(), generateHostCertificates, SBuf::isEmpty(), SBuf::length(), loadDhParams(), max(), SBuf::npos, Security::PeerOptions::parse(), parseBytesOptionValue(), self_destruct(), staticContextSessionId, and SBuf::substr().
Referenced by operator=().
◆ parseOptions()
|
inherited |
Pre-parse TLS options= parameter to be applied when the TLS objects created. Options must not used in the case of peek or stare bump mode.
Definition at line 440 of file PeerOptions.cc.
References CharacterSet::ALPHA, SBuf::append(), Parser::Tokenizer::atEnd(), SBuf::c_str(), SBuf::cmp(), DBG_PARSE_NOTE, debugs, CharacterSet::DIGIT, Security::ErrorString(), fatalf(), Parser::Tokenizer::int64(), SBuf::isEmpty(), ssl_option::name, Security::PeerOptions::optsReparse, p, Security::PeerOptions::parsedOptions, Parser::Tokenizer::prefix(), Parser::Tokenizer::remaining(), Parser::Tokenizer::skip(), Parser::Tokenizer::skipAll(), SQUIDSBUFPH, SQUIDSBUFPRINT, ssl_options, Security::PeerOptions::sslOptions, and Security::PeerOptions::tlsMinOptions.
Referenced by parse_peer(), parse_securePeerOptions(), Security::PeerOptions::PeerOptions(), Security::PeerOptions::updateContextOptions(), Security::PeerOptions::updateSessionOptions(), and Security::PeerOptions::~PeerOptions().
◆ sk_dtor_wrapper()
| Security::ServerOptions::sk_dtor_wrapper | ( | sk_X509_NAME | , |
| STACK_OF(X509_NAME) * | , | ||
| X509_NAME_free | |||
| ) |
◆ syncCaFiles()
| void Security::ServerOptions::syncCaFiles | ( | ) |
Definition at line 316 of file ServerOptions.cc.
References Security::PeerOptions::caFiles, clientCaFile, and SBuf::isEmpty().
Referenced by clear().
◆ updateContextCa()
|
inherited |
Definition at line 667 of file PeerOptions.cc.
References SBuf::c_str(), Security::PeerOptions::caDir, Security::PeerOptions::caFiles, DBG_IMPORTANT, debugs, Security::ErrorString(), Security::PeerOptions::flags, i, SBuf::isEmpty(), loadSystemTrustedCa(), and Security::PeerOptions::flags_::tlsDefaultCa.
Referenced by Security::PeerOptions::clear(), Security::PeerOptions::createClientContext(), and updateContextConfig().
◆ updateContextClientCa()
| void Security::ServerOptions::updateContextClientCa | ( | Security::ContextPointer & | ctx | ) |
Definition at line 420 of file ServerOptions.cc.
References clientCaStack, DBG_CRITICAL, debugs, Security::ErrorString(), NULL, Security::PeerOptions::parsedFlags, Ssl::SetupVerifyCallback(), SSL_FLAG_DELAYED_AUTH, STACK_OF(), Security::PeerOptions::updateContextCrl(), and Security::PeerOptions::updateContextTrust().
Referenced by clear(), and updateContextConfig().
◆ updateContextConfig()
| bool Security::ServerOptions::updateContextConfig | ( | Security::ContextPointer & | ctx | ) |
Definition at line 379 of file ServerOptions.cc.
References SBuf::c_str(), Config, DBG_CRITICAL, debugs, Security::ErrorString(), SBuf::isEmpty(), Ssl::MaybeSetupRsaCallback(), Security::PeerOptions::parsedFlags, Security::SetSessionCacheCallbacks(), SquidConfig::SSL, ssl_ctx_ex_index_dont_verify_domain, SSL_FLAG_DONT_VERIFY_DOMAIN, SSL_FLAG_NO_SESSION_REUSE, Security::PeerOptions::sslCipher, SquidConfig::unclean_shutdown, Security::PeerOptions::updateContextCa(), updateContextClientCa(), updateContextEecdh(), Security::PeerOptions::updateContextOptions(), and updateContextSessionId().
Referenced by clear(), Ssl::createSSLContext(), and createStaticServerContext().
◆ updateContextCrl()
|
inherited |
Definition at line 703 of file PeerOptions.cc.
References debugs, i, Security::PeerOptions::parsedCrl, Security::PeerOptions::parsedFlags, SSL_FLAG_VERIFY_CRL, and SSL_FLAG_VERIFY_CRL_ALL.
Referenced by Security::PeerOptions::clear(), Security::PeerOptions::createClientContext(), and updateContextClientCa().
◆ updateContextEecdh()
| void Security::ServerOptions::updateContextEecdh | ( | Security::ContextPointer & | ctx | ) |
Definition at line 452 of file ServerOptions.cc.
References SBuf::c_str(), DBG_CRITICAL, debugs, eecdhCurve, Security::ErrorString(), Security::LockingPointer< T, UnLocker, Locker >::get(), SBuf::isEmpty(), and parsedDhParams.
Referenced by clear(), and updateContextConfig().
◆ updateContextNpn()
|
inherited |
Definition at line 636 of file PeerOptions.cc.
References Security::PeerOptions::flags, and Security::PeerOptions::flags_::tlsNpn.
Referenced by Security::PeerOptions::clear(), and Security::PeerOptions::createClientContext().
◆ updateContextOptions()
|
inherited |
Definition at line 614 of file PeerOptions.cc.
References arg, Security::PeerOptions::parsedOptions, and Security::PeerOptions::parseOptions().
Referenced by Security::PeerOptions::clear(), Security::PeerOptions::createClientContext(), and updateContextConfig().
◆ updateContextSessionId()
| void Security::ServerOptions::updateContextSessionId | ( | Security::ContextPointer & | ctx | ) |
Definition at line 493 of file ServerOptions.cc.
References SBuf::isEmpty(), SBuf::length(), SBuf::rawContent(), and staticContextSessionId.
Referenced by clear(), and updateContextConfig().
◆ updateContextTrust()
|
inherited |
Definition at line 728 of file PeerOptions.cc.
References assert, DBG_IMPORTANT, debugs, and Security::ErrorString().
Referenced by Security::PeerOptions::clear(), Security::PeerOptions::createClientContext(), and updateContextClientCa().
◆ updateSessionOptions()
|
inherited |
Definition at line 745 of file PeerOptions.cc.
References DBG_IMPORTANT, debugs, Security::ErrorString(), Security::PeerOptions::parsedOptions, Security::PeerOptions::parseOptions(), Security::PeerOptions::sslOptions, Security::PeerOptions::tlsMinOptions, and Security::PeerOptions::tlsMinVersion.
Referenced by Security::PeerOptions::clear(), CreateSession(), and Ssl::PeekingPeerConnector::initialize().
◆ updateTlsVersionLimits()
|
inherited |
Definition at line 151 of file PeerOptions.cc.
References SBuf::append(), SBuf::chop(), SBuf::clear(), DBG_PARSE_NOTE, debugs, Parser::Tokenizer::int64(), SBuf::isEmpty(), Security::PeerOptions::optsReparse, Parser::Tokenizer::skip(), Security::PeerOptions::sslOptions, Security::PeerOptions::sslVersion, Security::PeerOptions::tlsMinOptions, and Security::PeerOptions::tlsMinVersion.
Referenced by Security::PeerOptions::clear(), Security::PeerOptions::createClientContext(), and createStaticServerContext().
Member Data Documentation
◆ caDir
|
inherited |
Definition at line 78 of file PeerOptions.h.
Referenced by Security::PeerOptions::dumpCfg(), Security::PeerOptions::parse(), and Security::PeerOptions::updateContextCa().
◆ caFiles
|
inherited |
Definition at line 103 of file PeerOptions.h.
Referenced by Security::PeerOptions::dumpCfg(), Security::PeerOptions::parse(), syncCaFiles(), and Security::PeerOptions::updateContextCa().
◆ certs
|
inherited |
Definition at line 102 of file PeerOptions.h.
Referenced by createSigningContexts(), createStaticServerContext(), Security::PeerOptions::dumpCfg(), Ssl::InitClientContext(), initServerContexts(), and Security::PeerOptions::parse().
◆ clientCaFile
|
private |
Definition at line 107 of file ServerOptions.h.
Referenced by loadClientCaFile(), operator=(), parse(), and syncCaFiles().
◆ clientCaStack
|
private |
Definition at line 110 of file ServerOptions.h.
Referenced by loadClientCaFile(), operator=(), and updateContextClientCa().
◆ crlFile
|
inherited |
Definition at line 79 of file PeerOptions.h.
Referenced by Security::PeerOptions::dumpCfg(), Security::PeerOptions::loadCrlFile(), and Security::PeerOptions::parse().
◆ dh
|
private |
Definition at line 115 of file ServerOptions.h.
Referenced by dumpCfg(), operator=(), and parse().
◆ dhParamsFile
|
private |
Definition at line 116 of file ServerOptions.h.
Referenced by loadDhParams(), operator=(), and parse().
◆ dynamicCertMemCacheSize
| size_t Security::ServerOptions::dynamicCertMemCacheSize = 4*1024*1024 |
Definition at line 91 of file ServerOptions.h.
Referenced by dumpCfg(), operator=(), and parse().
◆ eecdhCurve
|
private |
Definition at line 117 of file ServerOptions.h.
Referenced by operator=(), parse(), and updateContextEecdh().
◆ encryptTransport
|
inherited |
Definition at line 144 of file PeerOptions.h.
Referenced by dumpCfg(), Security::PeerOptions::dumpCfg(), Adaptation::Config::dumpService(), Adaptation::Icap::ServiceRep::finalize(), Security::BlindPeerConnector::getTlsContext(), PeerPoolMgr::handleOpenedConnection(), Security::BlindPeerConnector::initialize(), netdbExchangeStart(), Adaptation::ServiceConfig::parse(), Security::PeerOptions::parse(), parse(), parse_peer(), peerDigestRequest(), and FwdState::secureConnectionToPeerIfNeeded().
◆ flags
|
protectedinherited |
◆ generateHostCertificates
| bool Security::ServerOptions::generateHostCertificates = true |
Definition at line 75 of file ServerOptions.h.
Referenced by dumpCfg(), initServerContexts(), operator=(), and parse().
◆ parsedCrl
|
inherited |
Definition at line 104 of file PeerOptions.h.
Referenced by Security::PeerOptions::loadCrlFile(), and Security::PeerOptions::updateContextCrl().
◆ parsedDhParams
|
private |
Definition at line 119 of file ServerOptions.h.
Referenced by loadDhParams(), operator=(), and updateContextEecdh().
◆ parsedFlags
|
inherited |
Definition at line 100 of file PeerOptions.h.
Referenced by Security::PeerOptions::createClientContext(), Security::PeerOptions::parse(), updateContextClientCa(), updateContextConfig(), and Security::PeerOptions::updateContextCrl().
◆ signingCa
| Security::KeyData Security::ServerOptions::signingCa |
Definition at line 87 of file ServerOptions.h.
Referenced by Ssl::chainCertificatesToSSLContext(), createSigningContexts(), and operator=().
◆ sslCipher
|
inherited |
Definition at line 81 of file PeerOptions.h.
Referenced by Security::PeerOptions::dumpCfg(), Ssl::InitClientContext(), Security::PeerOptions::parse(), and updateContextConfig().
◆ sslDomain
|
inherited |
Definition at line 83 of file PeerOptions.h.
Referenced by Adaptation::ServiceConfig::grokUri(), Security::BlindPeerConnector::initialize(), and Security::PeerOptions::parse().
◆ sslFlags
|
inherited |
Definition at line 82 of file PeerOptions.h.
Referenced by Security::PeerOptions::dumpCfg(), Security::PeerOptions::parse(), and Security::PeerOptions::parseFlags().
◆ sslOptions
|
inherited |
Definition at line 77 of file PeerOptions.h.
Referenced by Security::PeerOptions::dumpCfg(), Security::PeerOptions::parse(), Security::PeerOptions::parseOptions(), Security::PeerOptions::updateSessionOptions(), and Security::PeerOptions::updateTlsVersionLimits().
◆ sslVersion
|
protectedinherited |
Definition at line 127 of file PeerOptions.h.
Referenced by Security::PeerOptions::parse(), and Security::PeerOptions::updateTlsVersionLimits().
◆ staticContext
| Security::ContextPointer Security::ServerOptions::staticContext |
Definition at line 71 of file ServerOptions.h.
Referenced by createStaticServerContext().
◆ staticContextSessionId
| SBuf Security::ServerOptions::staticContextSessionId |
Definition at line 72 of file ServerOptions.h.
Referenced by dumpCfg(), operator=(), parse(), and updateContextSessionId().
◆ tlsMinVersion
|
inherited |
Definition at line 85 of file PeerOptions.h.
Referenced by Security::PeerOptions::parse(), Security::PeerOptions::updateSessionOptions(), and Security::PeerOptions::updateTlsVersionLimits().
◆ untrustedSigningCa
| Security::KeyData Security::ServerOptions::untrustedSigningCa |
Definition at line 88 of file ServerOptions.h.
Referenced by createSigningContexts(), and operator=().
The documentation for this class was generated from the following files:
- src/security/ServerOptions.h
- src/security/ServerOptions.cc