TLS squid.conf settings for a listening port. More...

#include <ServerOptions.h>

Inheritance diagram for Security::ServerOptions:
Collaboration diagram for Security::ServerOptions:

Public Types

typedef std::unique_ptr< STACK_OF(X509_NAME), Security::ServerOptions::sk_X509_NAME_free_wrapper > X509_NAME_STACK_Pointer
 

Public Member Functions

 sk_dtor_wrapper (sk_X509_NAME, STACK_OF(X509_NAME) *, X509_NAME_free)
 
 ServerOptions ()
 
 ServerOptions (const ServerOptions &)=default
 
ServerOptionsoperator= (const ServerOptions &)
 
 ServerOptions (ServerOptions &&o)
 
ServerOptionsoperator= (ServerOptions &&o)
 
virtual ~ServerOptions ()=default
 
virtual void parse (const char *)
 parse a TLS squid.conf option More...
 
virtual void clear ()
 reset the configuration details to default More...
 
virtual Security::ContextPointer createBlankContext () const
 generate an unset security context object More...
 
virtual void dumpCfg (Packable *, const char *pfx) const
 output squid.conf syntax with 'pfx' prefix on parameters for the stored settings More...
 
void initServerContexts (AnyP::PortCfg &)
 
bool updateContextConfig (Security::ContextPointer &)
 update the given TLS security context using squid.conf settings More...
 
void updateContextEecdh (Security::ContextPointer &)
 update the context with DH, EDH, EECDH settings More...
 
void updateContextClientCa (Security::ContextPointer &)
 update the context with CA details used to verify client certificates More...
 
void updateContextSessionId (Security::ContextPointer &)
 update the context with a configured session ID (if any) More...
 
void syncCaFiles ()
 sync the various sources of CA files to be loaded More...
 
Security::ContextPointer createClientContext (bool setOptions)
 generate a security client-context from these configured options More...
 
void updateTlsVersionLimits ()
 sync the context options with tls-min-version=N configuration More...
 
void updateContextOptions (Security::ContextPointer &) const
 Setup the library specific 'options=' parameters for the given context. More...
 
void updateContextNpn (Security::ContextPointer &)
 setup the NPN extension details for the given context More...
 
void updateContextCa (Security::ContextPointer &)
 setup the CA details for the given context More...
 
void updateContextCrl (Security::ContextPointer &)
 setup the CRL details for the given context More...
 
void updateSessionOptions (Security::SessionPointer &)
 setup any library-specific options that can be set for the given session More...
 

Public Attributes

Security::ContextPointer staticContext
 TLS context to use for HTTPS accelerator or static SSL-Bump. More...
 
SBuf staticContextSessionId
 "session id context" for staticContext More...
 
bool generateHostCertificates = true
 dynamically make host cert More...
 
Security::KeyData signingCa
 x509 certificate and key for signing generated certificates More...
 
Security::KeyData untrustedSigningCa
 x509 certificate and key for signing untrusted generated certificates More...
 
size_t dynamicCertMemCacheSize = 4*1024*1024
 max size of generated certificates memory cache (4 MB default) More...
 
SBuf sslOptions
 library-specific options string More...
 
SBuf caDir
 path of directory containing a set of trusted Certificate Authorities More...
 
SBuf crlFile
 path of file containing Certificate Revoke List More...
 
SBuf sslCipher
 
SBuf sslFlags
 flags defining what TLS operations Squid performs More...
 
SBuf sslDomain
 
SBuf tlsMinVersion
 version label for minimum TLS version to permit More...
 
Security::ParsedOptions parsedOptions
 parsed value of sslOptions More...
 
long parsedFlags = 0
 parsed value of sslFlags More...
 
std::list< Security::KeyDatacerts
 details from the cert= and file= config parameters More...
 
std::list< SBufcaFiles
 paths of files containing trusted Certificate Authority More...
 
Security::CertRevokeList parsedCrl
 CRL to use when verifying the remote end certificate. More...
 
bool encryptTransport = false
 whether transport encryption (TLS/SSL) is to be used on connections to the peer More...
 

Protected Member Functions

template<typename T >
Security::ContextPointer convertContextFromRawPtr (T ctx) const
 

Protected Attributes

int sslVersion = 0
 
struct Security::PeerOptions::flags_ flags
 

Private Member Functions

bool loadClientCaFile ()
 
void loadDhParams ()
 
bool createStaticServerContext (AnyP::PortCfg &)
 
void createSigningContexts (const AnyP::PortCfg &)
 

Private Attributes

SBuf clientCaFile
 name of file to load client CAs from More...
 
X509_NAME_STACK_Pointer clientCaStack
 CA certificate(s) to use when verifying client certificates. More...
 
SBuf dh
 Diffi-Helman cipher config. More...
 
SBuf dhParamsFile
 Diffi-Helman ciphers parameter file. More...
 
SBuf eecdhCurve
 Elliptic curve for ephemeral EC-based DH key exchanges. More...
 
Security::DhePointer parsedDhParams
 DH parameters for temporary/ephemeral DH key exchanges. More...
 

Detailed Description

Definition at line 25 of file ServerOptions.h.

Member Typedef Documentation

◆ X509_NAME_STACK_Pointer

typedef std::unique_ptr<STACK_OF(X509_NAME), Security::ServerOptions::sk_X509_NAME_free_wrapper> Security::ServerOptions::X509_NAME_STACK_Pointer

Definition at line 30 of file ServerOptions.h.

Constructor & Destructor Documentation

◆ ServerOptions() [1/3]

Security::ServerOptions::ServerOptions ( )
inline

◆ ServerOptions() [2/3]

Security::ServerOptions::ServerOptions ( const ServerOptions )
default

◆ ServerOptions() [3/3]

Security::ServerOptions::ServerOptions ( ServerOptions &&  o)
inline

Definition at line 40 of file ServerOptions.h.

References operator=().

◆ ~ServerOptions()

virtual Security::ServerOptions::~ServerOptions ( )
virtualdefault

Referenced by operator=().

Member Function Documentation

◆ clear()

virtual void Security::ServerOptions::clear ( )
inlinevirtual

◆ convertContextFromRawPtr()

template<typename T >
Security::ContextPointer Security::PeerOptions::convertContextFromRawPtr ( ctx) const
inlineprotectedinherited

Definition at line 91 of file PeerOptions.h.

References assert, debugs, and p.

Referenced by Security::PeerOptions::createBlankContext(), and createBlankContext().

◆ createBlankContext()

Security::ContextPointer Security::ServerOptions::createBlankContext ( ) const
virtual

◆ createClientContext()

◆ createSigningContexts()

void Security::ServerOptions::createSigningContexts ( const AnyP::PortCfg port)
private

◆ createStaticServerContext()

bool Security::ServerOptions::createStaticServerContext ( AnyP::PortCfg port)
private

generate a security server-context from these configured options the resulting context is stored in staticContext

Returns
true if a context could be created

Definition at line 207 of file ServerOptions.cc.

References SBuf::append(), SBuf::appendf(), Security::PeerOptions::certs, createBlankContext(), DBG_CRITICAL, DBG_IMPORTANT, debugs, error(), Security::ErrorString(), keys, loadClientCaFile(), staticContext, updateContextConfig(), and Security::PeerOptions::updateTlsVersionLimits().

Referenced by initServerContexts().

◆ dumpCfg()

void Security::ServerOptions::dumpCfg ( Packable p,
const char *  pfx 
) const
virtual

◆ initServerContexts()

void Security::ServerOptions::initServerContexts ( AnyP::PortCfg port)

initialize all server contexts as-needed and load PEM files. if none can be created this may do nothing.

Definition at line 186 of file ServerOptions.cc.

References buf, Security::PeerOptions::certs, createSigningContexts(), createStaticServerContext(), fatalf(), generateHostCertificates, AnyP::ProtocolVersion::protocol, AnyP::ProtocolType_str, AnyP::PortCfg::s, Ip::Address::toUrl(), and AnyP::PortCfg::transport.

Referenced by clear().

◆ loadClientCaFile()

bool Security::ServerOptions::loadClientCaFile ( )
private

load clientca= file (if any) into memory.

Return values
trueclientca is not set, or loaded successfully
falseunable to load the file, or not using OpenSSL

Definition at line 331 of file ServerOptions.cc.

References SBuf::c_str(), clientCaFile, clientCaStack, DBG_CRITICAL, debugs, and SBuf::isEmpty().

Referenced by createStaticServerContext().

◆ loadDhParams()

void Security::ServerOptions::loadDhParams ( )
private

◆ operator=() [1/2]

◆ operator=() [2/2]

ServerOptions& Security::ServerOptions::operator= ( ServerOptions &&  o)
inline

Definition at line 41 of file ServerOptions.h.

References operator=(), parse(), and ~ServerOptions().

◆ parse()

◆ sk_dtor_wrapper()

Security::ServerOptions::sk_dtor_wrapper ( sk_X509_NAME  ,
STACK_OF(X509_NAME) *  ,
X509_NAME_free   
)

◆ syncCaFiles()

void Security::ServerOptions::syncCaFiles ( )

Definition at line 316 of file ServerOptions.cc.

References Security::PeerOptions::caFiles, clientCaFile, and SBuf::isEmpty().

Referenced by clear().

◆ updateContextCa()

◆ updateContextClientCa()

◆ updateContextConfig()

◆ updateContextCrl()

◆ updateContextEecdh()

◆ updateContextNpn()

void Security::PeerOptions::updateContextNpn ( Security::ContextPointer ctx)
inherited

◆ updateContextOptions()

void Security::PeerOptions::updateContextOptions ( Security::ContextPointer ctx) const
inherited

◆ updateContextSessionId()

void Security::ServerOptions::updateContextSessionId ( Security::ContextPointer ctx)

◆ updateSessionOptions()

void Security::PeerOptions::updateSessionOptions ( Security::SessionPointer s)
inherited

◆ updateTlsVersionLimits()

Member Data Documentation

◆ caDir

SBuf Security::PeerOptions::caDir
inherited

◆ caFiles

std::list<SBuf> Security::PeerOptions::caFiles
inherited

◆ certs

◆ clientCaFile

SBuf Security::ServerOptions::clientCaFile
private

Definition at line 107 of file ServerOptions.h.

Referenced by loadClientCaFile(), operator=(), parse(), and syncCaFiles().

◆ clientCaStack

X509_NAME_STACK_Pointer Security::ServerOptions::clientCaStack
private

Definition at line 110 of file ServerOptions.h.

Referenced by loadClientCaFile(), operator=(), and updateContextClientCa().

◆ crlFile

SBuf Security::PeerOptions::crlFile
inherited

◆ dh

SBuf Security::ServerOptions::dh
private

Definition at line 115 of file ServerOptions.h.

Referenced by dumpCfg(), operator=(), and parse().

◆ dhParamsFile

SBuf Security::ServerOptions::dhParamsFile
private

Definition at line 116 of file ServerOptions.h.

Referenced by loadDhParams(), operator=(), and parse().

◆ dynamicCertMemCacheSize

size_t Security::ServerOptions::dynamicCertMemCacheSize = 4*1024*1024

Definition at line 91 of file ServerOptions.h.

Referenced by dumpCfg(), operator=(), and parse().

◆ eecdhCurve

SBuf Security::ServerOptions::eecdhCurve
private

Definition at line 117 of file ServerOptions.h.

Referenced by operator=(), parse(), and updateContextEecdh().

◆ encryptTransport

◆ flags

◆ generateHostCertificates

bool Security::ServerOptions::generateHostCertificates = true

Definition at line 75 of file ServerOptions.h.

Referenced by dumpCfg(), initServerContexts(), operator=(), and parse().

◆ parsedCrl

Security::CertRevokeList Security::PeerOptions::parsedCrl
inherited

◆ parsedDhParams

Security::DhePointer Security::ServerOptions::parsedDhParams
private

Definition at line 119 of file ServerOptions.h.

Referenced by loadDhParams(), operator=(), and updateContextEecdh().

◆ parsedFlags

◆ parsedOptions

◆ signingCa

Security::KeyData Security::ServerOptions::signingCa

◆ sslCipher

SBuf Security::PeerOptions::sslCipher
inherited

◆ sslDomain

SBuf Security::PeerOptions::sslDomain
inherited

◆ sslFlags

SBuf Security::PeerOptions::sslFlags
inherited

◆ sslOptions

◆ sslVersion

int Security::PeerOptions::sslVersion = 0
protectedinherited

◆ staticContext

Security::ContextPointer Security::ServerOptions::staticContext

Definition at line 71 of file ServerOptions.h.

Referenced by createStaticServerContext().

◆ staticContextSessionId

SBuf Security::ServerOptions::staticContextSessionId

Definition at line 72 of file ServerOptions.h.

Referenced by dumpCfg(), operator=(), parse(), and updateContextSessionId().

◆ tlsMinVersion

SBuf Security::PeerOptions::tlsMinVersion
inherited

◆ untrustedSigningCa

Security::KeyData Security::ServerOptions::untrustedSigningCa

Definition at line 88 of file ServerOptions.h.

Referenced by createSigningContexts(), and operator=().


The documentation for this class was generated from the following files:

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors