A PeerConnector for HTTP origin servers. Capable of SslBumping. More...

#include <PeekingPeerConnector.h>

Inheritance diagram for Ssl::PeekingPeerConnector:
Collaboration diagram for Ssl::PeekingPeerConnector:

Public Types

typedef CbcPointer< PeerConnectorPointer
 

Public Member Functions

 PeekingPeerConnector (HttpRequestPointer &aRequest, const Comm::ConnectionPointer &aServerConn, const Comm::ConnectionPointer &aClientConn, AsyncCall::Pointer &aCallback, const AccessLogEntryPointer &alp, const time_t timeout=0)
 
virtual bool initialize (Security::SessionPointer &)
 
virtual Security::ContextPointer getTlsContext ()
 
virtual void noteWantWrite ()
 
virtual void noteNegotiationError (const int result, const int ssl_error, const int ssl_lib_error)
 
virtual void noteNegotiationDone (ErrorState *error)
 
void handleServerCertificate ()
 
void checkForPeekAndSplice ()
 
void checkForPeekAndSpliceDone (Acl::Answer answer)
 Callback function for ssl_bump acl check in step3 SSL bump step. More...
 
void checkForPeekAndSpliceMatched (const Ssl::BumpMode finalMode)
 Handles the final bumping decision. More...
 
Ssl::BumpMode checkForPeekAndSpliceGuess () const
 Guesses the final bumping decision when no ssl_bump rules match. More...
 
void serverCertificateVerified ()
 
bool canBeCalled (AsyncCall &call) const
 whether we can be called More...
 
void callStart (AsyncCall &call)
 
virtual void callEnd ()
 called right after the called job method More...
 
virtual void callException (const std::exception &e)
 called when the job throws during an async call More...
 
virtual void * toCbdata ()=0
 

Static Public Member Functions

static void cbCheckForPeekAndSpliceDone (Acl::Answer answer, void *data)
 A wrapper function for checkForPeekAndSpliceDone for use with acl. More...
 
static Pointer Start (AsyncJob *job)
 starts a freshly created job (i.e., makes the job asynchronous) More...
 

Protected Member Functions

virtual void start ()
 Preps connection and SSL state. Calls negotiate(). More...
 
virtual bool doneAll () const
 whether positive goal has been reached More...
 
virtual void swanSong ()
 
virtual const char * status () const
 internal cleanup; do not call directly More...
 
void commCloseHandler (const CommCloseCbParams &params)
 The comm_close callback handler. More...
 
void connectionClosed (const char *reason)
 Inform us that the connection is closed. Does the required clean-up. More...
 
bool prepareSocket ()
 
void negotiate ()
 
bool sslFinalized ()
 
void handleNegotiateError (const int result)
 
void noteWantRead ()
 
bool checkForMissingCertificates ()
 
void startCertDownloading (SBuf &url)
 Start downloading procedure for the given URL. More...
 
void certDownloadingDone (SBuf &object, int status)
 Called by Downloader after a certificate object downloaded. More...
 
Comm::ConnectionPointer const & serverConnection () const
 mimics FwdState to minimize changes to FwdState::initiate/negotiateSsl More...
 
void bail (ErrorState *error)
 Return an error to the PeerConnector caller. More...
 
void callBack ()
 
void bypassCertValidator ()
 If called the certificates validator will not used. More...
 
void recordNegotiationDetails ()
 
void deleteThis (const char *aReason)
 
void mustStop (const char *aReason)
 
bool done () const
 the job is destroyed in callEnd() when done() More...
 

Protected Attributes

HttpRequestPointer request
 peer connection trigger or cause More...
 
Comm::ConnectionPointer serverConn
 TCP connection to the peer. More...
 
AccessLogEntryPointer al
 info for the future access.log entry More...
 
AsyncCall::Pointer callback
 we call this with the results More...
 
const char * stopReason
 reason for forcing done() to be true More...
 
const char * typeName
 kid (leaf) class name, for debugging More...
 
AsyncCall::Pointer inCall
 the asynchronous call being handled, if any More...
 
const InstanceId< AsyncJobid
 job identifier More...
 

Private Member Functions

 CBDATA_CLASS (PeekingPeerConnector)
 
void tunnelInsteadOfNegotiating ()
 Inform caller class that the SSL negotiation aborted. More...
 

Private Attributes

Comm::ConnectionPointer clientConn
 TCP connection to the client. More...
 
AsyncCall::Pointer closeHandler
 we call this when the connection closed More...
 
bool splice
 whether we are going to splice or not More...
 
bool resumingSession
 whether it is an SSL resuming session connection More...
 
bool serverCertificateHandled
 whether handleServerCertificate() succeeded More...
 

Detailed Description

Definition at line 20 of file PeekingPeerConnector.h.

Member Typedef Documentation

◆ Pointer

Definition at line 68 of file PeerConnector.h.

Constructor & Destructor Documentation

◆ PeekingPeerConnector()

Member Function Documentation

◆ bail()

◆ bypassCertValidator()

void Security::PeerConnector::bypassCertValidator ( )
inlineprotectedinherited

◆ callBack()

◆ callEnd()

void AsyncJob::callEnd ( )
virtualinherited

◆ callException()

◆ callStart()

void AsyncJob::callStart ( AsyncCall call)
inherited

◆ canBeCalled()

bool AsyncJob::canBeCalled ( AsyncCall call) const
inherited

Definition at line 101 of file AsyncJob.cc.

References AsyncCall::cancel(), debugs, HERE(), AsyncJob::inCall, and NULL.

Referenced by AsyncJob::swanSong().

◆ cbCheckForPeekAndSpliceDone()

void Ssl::PeekingPeerConnector::cbCheckForPeekAndSpliceDone ( Acl::Answer  answer,
void *  data 
)
static

◆ CBDATA_CLASS()

Ssl::PeekingPeerConnector::CBDATA_CLASS ( PeekingPeerConnector  )
private

◆ certDownloadingDone()

◆ checkForMissingCertificates()

bool Security::PeerConnector::checkForMissingCertificates ( )
protectedinherited

◆ checkForPeekAndSplice()

◆ checkForPeekAndSpliceDone()

void Ssl::PeekingPeerConnector::checkForPeekAndSpliceDone ( Acl::Answer  answer)

◆ checkForPeekAndSpliceGuess()

◆ checkForPeekAndSpliceMatched()

◆ commCloseHandler()

void Security::PeerConnector::commCloseHandler ( const CommCloseCbParams params)
protectedinherited

◆ connectionClosed()

void Security::PeerConnector::connectionClosed ( const char *  reason)
protectedinherited

◆ deleteThis()

void AsyncJob::deleteThis ( const char *  aReason)
protectedinherited

◆ done()

◆ doneAll()

bool Security::PeerConnector::doneAll ( ) const
protectedvirtualinherited

◆ getTlsContext()

Security::ContextPointer Ssl::PeekingPeerConnector::getTlsContext ( )
virtual

Must implemented by the kid classes to return the TLS context object to use for building the encryption context objects.

Implements Security::PeerConnector.

Definition at line 132 of file PeekingPeerConnector.cc.

References Config, SquidConfig::ssl_client, and SquidConfig::sslContext.

Referenced by PeekingPeerConnector().

◆ handleNegotiateError()

void Security::PeerConnector::handleNegotiateError ( const int  result)
protectedinherited

Called when the negotiation step aborted because data needs to be transferred to/from server or on error. In the first case setups the appropriate Comm::SetSelect handler. In second case fill an error and report to the PeerConnector caller.

Definition at line 382 of file PeerConnector.cc.

References DBG_IMPORTANT, debugs, Comm::Connection::fd, fd_table, Must, Security::PeerConnector::noteNegotiationError(), Security::PeerConnector::noteWantRead(), Security::PeerConnector::noteWantWrite(), Security::PeerConnector::recordNegotiationDetails(), and Security::PeerConnector::serverConnection().

Referenced by Security::PeerConnector::negotiate(), and Security::PeerConnector::CbDialer::~CbDialer().

◆ handleServerCertificate()

void Ssl::PeekingPeerConnector::handleServerCertificate ( )

Updates associated client connection manager members if the server certificate was received from the server.

Definition at line 317 of file PeekingPeerConnector.cc.

References HttpRequest::clientConnectionManager, Comm::Connection::fd, fd_table, Security::PeerConnector::request, serverCertificateHandled, Security::PeerConnector::serverConnection(), and CbcPointer< Cbc >::valid().

Referenced by checkForPeekAndSplice(), noteNegotiationDone(), and PeekingPeerConnector().

◆ initialize()

◆ mustStop()

void AsyncJob::mustStop ( const char *  aReason)
protectedinherited

Definition at line 69 of file AsyncJob.cc.

References debugs, AsyncJob::inCall, Must, NULL, AsyncJob::stopReason, and AsyncJob::typeName.

Referenced by HttpStateData::abortAll(), Ftp::Client::abortAll(), Comm::TcpAcceptor::acceptOne(), Adaptation::Ecap::XactionRep::adaptationAborted(), Adaptation::AccessCheck::callBack(), AsyncJob::callException(), Security::PeerConnector::connectionClosed(), HttpStateData::continueAfterParsingHeader(), Ftp::Client::ctrlClosed(), Adaptation::Iterator::handleAdaptationBlock(), Adaptation::Iterator::handleAdaptationError(), Log::TcpLogger::handleClosure(), Adaptation::Icap::Xaction::handleCommClosed(), Http::Tunneler::handleConnectionClosure(), Mgr::Forwarder::handleError(), Ipc::Forwarder::handleError(), Ipc::Forwarder::handleException(), Ipc::Inquirer::handleException(), HttpStateData::handleMoreRequestBodyAvailable(), Ipc::Inquirer::handleRemoteAck(), Ipc::Forwarder::handleTimeout(), HttpStateData::httpStateConnClosed(), HttpStateData::httpTimeout(), Comm::ConnOpener::noteAbort(), Adaptation::Icap::ModXact::noteBodyConsumerAborted(), Snmp::Forwarder::noteCommClosed(), Snmp::Inquirer::noteCommClosed(), Mgr::Inquirer::noteCommClosed(), Mgr::Forwarder::noteCommClosed(), Mgr::StoreToCommWriter::noteCommClosed(), Adaptation::Icap::Xaction::noteCommRead(), Rock::HeaderUpdater::noteDoneReading(), Adaptation::Iterator::noteInitiatorAborted(), Adaptation::Icap::Xaction::noteInitiatorAborted(), Adaptation::Ecap::XactionRep::noteInitiatorAborted(), HttpStateData::readReply(), Comm::ConnOpener::sendAnswer(), Rock::Rebuild::start(), Security::PeerConnector::start(), HttpStateData::start(), Ipc::UdsSender::timedout(), and HttpStateData::wroteLast().

◆ negotiate()

void Security::PeerConnector::negotiate ( )
protectedinherited

◆ noteNegotiationDone()

◆ noteNegotiationError()

void Ssl::PeekingPeerConnector::noteNegotiationError ( const int  result,
const int  ssl_error,
const int  ssl_lib_error 
)
virtual

Called when the SSL_connect function aborts with an SSL negotiation error

Parameters
resultthe SSL_connect return code
ssl_errorthe error code returned from the SSL_get_error function
ssl_lib_errorthe error returned from the ERR_Get_Error function

Reimplemented from Security::PeerConnector.

Definition at line 272 of file PeekingPeerConnector.cc.

References BIO_get_data(), Ssl::bumpPeek, Ssl::bumpSplice, Ssl::bumpStare, Security::PeerConnector::bypassCertValidator(), checkForPeekAndSplice(), checkForPeekAndSpliceMatched(), debugs, Security::ErrorString(), Comm::Connection::fd, fd_table, Security::PeerConnector::noteNegotiationError(), resumingSession, Security::PeerConnector::serverConnection(), and ssl_ex_index_ssl_error_detail.

Referenced by PeekingPeerConnector().

◆ noteWantRead()

◆ noteWantWrite()

void Ssl::PeekingPeerConnector::noteWantWrite ( )
virtual

Called when the openSSL SSL_connect function needs to write data to the remote SSL server. Sets the Squid COMM_SELECT_WRITE handler.

Reimplemented from Security::PeerConnector.

Definition at line 255 of file PeekingPeerConnector.cc.

References BIO_get_data(), Ssl::bumpPeek, Ssl::bumpStare, checkForPeekAndSplice(), debugs, Comm::Connection::fd, fd_table, Security::PeerConnector::noteWantWrite(), and Security::PeerConnector::serverConnection().

Referenced by PeekingPeerConnector().

◆ prepareSocket()

bool Security::PeerConnector::prepareSocket ( )
protectedinherited

Sets up TCP socket-related notification callbacks if things go wrong. If socket already closed return false, else install the comm_close handler to monitor the socket.

Definition at line 87 of file PeerConnector.cc.

References Security::PeerConnector::closeHandler, comm_add_close_handler(), Security::PeerConnector::commCloseHandler(), Security::PeerConnector::connectionClosed(), debugs, fd_table, Comm::IsConnOpen(), JobCallback, and Security::PeerConnector::serverConnection().

Referenced by Security::PeerConnector::start(), and Security::PeerConnector::CbDialer::~CbDialer().

◆ recordNegotiationDetails()

◆ serverCertificateVerified()

◆ serverConnection()

◆ sslFinalized()

◆ Start()

◆ start()

void Security::PeerConnector::start ( )
protectedvirtualinherited

◆ startCertDownloading()

◆ status()

const char * Security::PeerConnector::status ( ) const
protectedvirtualinherited

◆ swanSong()

◆ toCbdata()

virtual void* CbdataParent::toCbdata ( )
pure virtualinherited

◆ tunnelInsteadOfNegotiating()

void Ssl::PeekingPeerConnector::tunnelInsteadOfNegotiating ( )
private

Member Data Documentation

◆ al

◆ callback

◆ clientConn

Comm::ConnectionPointer Ssl::PeekingPeerConnector::clientConn
private

◆ closeHandler

AsyncCall::Pointer Ssl::PeekingPeerConnector::closeHandler
private

Definition at line 76 of file PeekingPeerConnector.h.

◆ id

const InstanceId<AsyncJob> AsyncJob::id
protectedinherited

Definition at line 72 of file AsyncJob.h.

◆ inCall

◆ request

◆ resumingSession

bool Ssl::PeekingPeerConnector::resumingSession
private

Definition at line 78 of file PeekingPeerConnector.h.

Referenced by noteNegotiationError().

◆ serverCertificateHandled

bool Ssl::PeekingPeerConnector::serverCertificateHandled
private

Definition at line 79 of file PeekingPeerConnector.h.

Referenced by handleServerCertificate().

◆ serverConn

◆ splice

bool Ssl::PeekingPeerConnector::splice
private

Definition at line 77 of file PeekingPeerConnector.h.

Referenced by checkForPeekAndSpliceMatched(), and noteNegotiationDone().

◆ stopReason

const char* AsyncJob::stopReason
protectedinherited

◆ typeName


The documentation for this class was generated from the following files:

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors