A PeerConnector for HTTP origin servers. Capable of SslBumping. More...
#include <PeekingPeerConnector.h>
Public Types | |
| typedef CbcPointer< PeerConnector > | Pointer |
Public Member Functions | |
| PeekingPeerConnector (HttpRequestPointer &aRequest, const Comm::ConnectionPointer &aServerConn, const Comm::ConnectionPointer &aClientConn, AsyncCall::Pointer &aCallback, const AccessLogEntryPointer &alp, time_t timeout=0) | |
| virtual bool | initialize (Security::SessionPointer &) |
| virtual Security::ContextPointer | getTlsContext () |
| virtual void | noteWantWrite () |
| virtual void | noteNegotiationError (const Security::ErrorDetailPointer &) |
| Called when the SSL_connect function aborts with an SSL negotiation error. More... | |
| virtual void | noteNegotiationDone (ErrorState *error) |
| void | handleServerCertificate () |
| void | checkForPeekAndSplice () |
| void | checkForPeekAndSpliceDone (Acl::Answer) |
| Callback function for ssl_bump acl check in step3 SSL bump step. More... | |
| void | checkForPeekAndSpliceMatched (const Ssl::BumpMode finalMode) |
| Handles the final bumping decision. More... | |
| Ssl::BumpMode | checkForPeekAndSpliceGuess () const |
| Guesses the final bumping decision when no ssl_bump rules match. More... | |
| void | serverCertificateVerified () |
| void | startTunneling () |
| Abruptly stops TLS negotiation and starts tunneling. More... | |
| bool | canBeCalled (AsyncCall &call) const |
| whether we can be called More... | |
| void | callStart (AsyncCall &call) |
| virtual void | callEnd () |
| called right after the called job method More... | |
| virtual void | callException (const std::exception &e) |
| called when the job throws during an async call More... | |
| void | handleStopRequest () |
| process external request to terminate now (i.e. during this async call) More... | |
| virtual void * | toCbdata ()=0 |
Static Public Member Functions | |
| static void | cbCheckForPeekAndSpliceDone (Acl::Answer, void *data) |
| A wrapper function for checkForPeekAndSpliceDone for use with acl. More... | |
| static void | Start (const Pointer &job) |
Public Attributes | |
| bool | noteFwdPconnUse |
| hack: whether the connection requires fwdPconnPool->noteUses() More... | |
| const InstanceId< AsyncJob > | id |
| job identifier More... | |
Protected Member Functions | |
| virtual void | start () |
| Preps connection and SSL state. Calls negotiate(). More... | |
| virtual bool | doneAll () const |
| whether positive goal has been reached More... | |
| virtual void | swanSong () |
| virtual const char * | status () const |
| internal cleanup; do not call directly More... | |
| virtual void | fillChecklist (ACLFilledChecklist &) const |
| configure the given checklist (to reflect the current transaction state) More... | |
| void | commTimeoutHandler (const CommTimeoutCbParams &) |
| The connection read timeout callback handler. More... | |
| void | commCloseHandler (const CommCloseCbParams ¶ms) |
| The comm_close callback handler. More... | |
| void | negotiate () |
| bool | sslFinalized () |
| void | handleNegotiationResult (const Security::IoResult &) |
| Called after each negotiation step to handle the result. More... | |
| void | noteWantRead () |
| bool | isSuspended () const |
| Whether TLS negotiation has been paused and not yet resumed. More... | |
| void | suspendNegotiation (const Security::IoResult &lastError) |
| void | resumeNegotiation () |
| Resumes TLS negotiation paused by suspendNegotiation() More... | |
| void | handleMissingCertificates (const Security::IoResult &lastError) |
| Either initiates fetching of missing certificates or bails with an error. More... | |
| void | startCertDownloading (SBuf &url) |
| Start downloading procedure for the given URL. More... | |
| void | certDownloadingDone (SBuf &object, int status) |
| Called by Downloader after a certificate object downloaded. More... | |
| Comm::ConnectionPointer const & | serverConnection () const |
| mimics FwdState to minimize changes to FwdState::initiate/negotiateSsl More... | |
| void | bail (ErrorState *error) |
| sends the given error to the initiator More... | |
| void | sendSuccess () |
| sends the encrypted connection to the initiator More... | |
| void | callBack () |
| a bail(), sendSuccess() helper: sends results to the initiator More... | |
| void | disconnect () |
| a bail(), sendSuccess() helper: stops monitoring the connection More... | |
| void | countFailingConnection () |
| updates connection usage history before the connection is closed More... | |
| void | bypassCertValidator () |
| If called the certificates validator will not used. More... | |
| void | recordNegotiationDetails () |
| EncryptorAnswer & | answer () |
| convenience method to get to the answer fields More... | |
| void | deleteThis (const char *aReason) |
| void | mustStop (const char *aReason) |
| bool | done () const |
| the job is destroyed in callEnd() when done() More... | |
Protected Attributes | |
| HttpRequestPointer | request |
| peer connection trigger or cause More... | |
| Comm::ConnectionPointer | serverConn |
| TCP connection to the peer. More... | |
| AccessLogEntryPointer | al |
| info for the future access.log entry More... | |
| AsyncCall::Pointer | callback |
| we call this with the results More... | |
| const char * | stopReason |
| reason for forcing done() to be true More... | |
| const char * | typeName |
| kid (leaf) class name, for debugging More... | |
| AsyncCall::Pointer | inCall |
| the asynchronous call being handled, if any More... | |
| bool | started_ = false |
| Start() has finished successfully. More... | |
| bool | swanSang_ = false |
| swanSong() was called More... | |
Private Member Functions | |
| CBDATA_CLASS (PeekingPeerConnector) | |
| void | tunnelInsteadOfNegotiating () |
| Inform caller class that the SSL negotiation aborted. More... | |
| unsigned int | certDownloadNestingLevel () const |
| the number of concurrent PeerConnector jobs waiting for us More... | |
| void | sslCrtvdHandleReply (Ssl::CertValidationResponsePointer) |
| Process response from cert validator helper. More... | |
| Security::CertErrors * | sslCrtvdCheckForErrors (Ssl::CertValidationResponse const &, ErrorDetailPointer &) |
| Check SSL errors returned from cert validator against sslproxy_cert_error access list. More... | |
| bool | computeMissingCertificateUrls (const Connection &) |
| finds URLs of (some) missing intermediate certificates or returns false More... | |
| void | negotiateSsl () |
| Comm::SetSelect() callback. Direct calls tickle/resume negotiations. More... | |
Static Private Member Functions | |
| static void | NegotiateSsl (int fd, void *data) |
| A wrapper for Comm::SetSelect() notifications. More... | |
Private Attributes | |
| Comm::ConnectionPointer | clientConn |
| TCP connection to the client. More... | |
| AsyncCall::Pointer | closeHandler |
| we call this when the connection closed More... | |
| bool | splice |
| whether we are going to splice or not More... | |
| bool | serverCertificateHandled |
| whether handleServerCertificate() succeeded More... | |
| Security::KeyLogger | keyLogger |
| managers logging of the being-established TLS connection secrets More... | |
| time_t | negotiationTimeout |
| the SSL connection timeout to use More... | |
| time_t | startTime |
| when the peer connector negotiation started More... | |
| bool | useCertValidator_ |
| std::queue< SBuf > | urlsOfMissingCerts |
| The list of URLs where missing certificates should be downloaded. More... | |
| unsigned int | certsDownloads |
| the number of downloaded missing certificates More... | |
| Ssl::X509_STACK_Pointer | downloadedCerts |
| successfully downloaded intermediate certificates (omitted by the peer) More... | |
| Security::IoResultPointer | suspendedError_ |
| outcome of the last (failed and) suspended negotiation attempt (or nil) More... | |
| JobWait< Downloader > | certDownloadWait |
| waits for the missing certificate to be downloaded More... | |
Static Private Attributes | |
| static const unsigned int | MaxCertsDownloads = 10 |
| The maximum number of missing certificates a single PeerConnector may download. More... | |
| static const unsigned int | MaxNestedDownloads = 3 |
| The maximum number of inter-dependent Downloader jobs a worker may initiate. More... | |
Detailed Description
Definition at line 20 of file PeekingPeerConnector.h.
Member Typedef Documentation
◆ Pointer
|
inherited |
Definition at line 53 of file PeerConnector.h.
Constructor & Destructor Documentation
◆ PeekingPeerConnector()
| Ssl::PeekingPeerConnector::PeekingPeerConnector | ( | HttpRequestPointer & | aRequest, |
| const Comm::ConnectionPointer & | aServerConn, | ||
| const Comm::ConnectionPointer & | aClientConn, | ||
| AsyncCall::Pointer & | aCallback, | ||
| const AccessLogEntryPointer & | alp, | ||
| time_t | timeout = 0 |
||
| ) |
Definition at line 28 of file PeekingPeerConnector.cc.
References HttpRequest::clientConnectionManager, Must, Security::PeerConnector::request, and CbcPointer< Cbc >::valid().
Member Function Documentation
◆ answer()
|
protectedinherited |
Definition at line 495 of file PeerConnector.cc.
References assert.
◆ bail()
|
protectedinherited |
Definition at line 504 of file PeerConnector.cc.
◆ bypassCertValidator()
|
inlineprotectedinherited |
Definition at line 166 of file PeerConnector.h.
References Security::PeerConnector::useCertValidator_.
◆ callBack()
|
protectedinherited |
Definition at line 556 of file PeerConnector.cc.
References conn, debugs, NULL, and ScheduleCallHere.
◆ callEnd()
|
virtualinherited |
called right after the called job method
Reimplemented in Adaptation::Icap::Xaction.
Definition at line 137 of file AsyncJob.cc.
References assert, AsyncCall::debugLevel, debugs, AsyncCall::debugSection, AsyncJob::done(), AsyncJob::inCall, NULL, AsyncJob::started_, AsyncJob::status(), AsyncJob::swanSang_, AsyncJob::swanSong(), and AsyncJob::typeName.
Referenced by Adaptation::Icap::Xaction::callEnd(), and AsyncJob::deleteThis().
◆ callException()
|
virtualinherited |
Reimplemented in Ftp::Server, Ipc::Inquirer, Ipc::Forwarder, Adaptation::Icap::Xaction, Adaptation::Icap::ServiceRep, Adaptation::Icap::ModXact, ClientHttpRequest, and ConnStateData.
Definition at line 128 of file AsyncJob.cc.
References cbdataReferenceValid(), debugs, Must, AsyncJob::mustStop(), and CbdataParent::toCbdata().
Referenced by ConnStateData::callException(), Adaptation::Icap::Xaction::callException(), Ipc::Forwarder::callException(), Ipc::Inquirer::callException(), and Ftp::Server::callException().
◆ callStart()
|
inherited |
called just before the called method
Definition at line 115 of file AsyncJob.cc.
References cbdataReferenceValid(), AsyncCall::debugLevel, debugs, AsyncCall::debugSection, AsyncJob::inCall, Must, AsyncJob::status(), CbdataParent::toCbdata(), and AsyncJob::typeName.
◆ canBeCalled()
|
inherited |
Definition at line 102 of file AsyncJob.cc.
References AsyncCall::cancel(), debugs, AsyncJob::inCall, and NULL.
◆ cbCheckForPeekAndSpliceDone()
|
static |
Definition at line 51 of file PeekingPeerConnector.cc.
References CallJobHere1.
Referenced by checkForPeekAndSplice().
◆ CBDATA_CLASS()
|
private |
◆ certDownloadingDone()
Definition at line 649 of file PeerConnector.cc.
References debugs, fd_table, Ssl::findIssuerCertificate(), Ssl::findIssuerUri(), Comm::IsConnOpen(), SBuf::length(), Must, NULL, and SBuf::rawContent().
Referenced by Security::PeerConnector::startCertDownloading().
◆ certDownloadNestingLevel()
|
privateinherited |
Definition at line 623 of file PeerConnector.cc.
References request().
◆ checkForPeekAndSplice()
| void Ssl::PeekingPeerConnector::checkForPeekAndSplice | ( | ) |
Initiates the ssl_bump acl check in step3 SSL bump step to decide about bumping, splicing or terminating the connection.
Definition at line 68 of file PeekingPeerConnector.cc.
References ACCESS_ALLOWED, ACLFilledChecklist::al, ACLChecklist::banAction(), BIO_get_data(), Ssl::bumpBump, Ssl::bumpClientFirst, Ssl::bumpNone, Ssl::bumpPeek, Ssl::bumpServerFirst, Ssl::bumpSplice, Ssl::bumpStare, Ssl::ServerBio::canBump(), Ssl::ServerBio::canSplice(), cbCheckForPeekAndSpliceDone(), fd_table, ACLChecklist::nonBlockingCheck(), NULL, request(), and ACLFilledChecklist::syncAle().
◆ checkForPeekAndSpliceDone()
| void Ssl::PeekingPeerConnector::checkForPeekAndSpliceDone | ( | Acl::Answer | aclAnswer | ) |
Definition at line 59 of file PeekingPeerConnector.cc.
References Acl::Answer::allowed(), and Acl::Answer::kind.
◆ checkForPeekAndSpliceGuess()
| Ssl::BumpMode Ssl::PeekingPeerConnector::checkForPeekAndSpliceGuess | ( | ) | const |
Definition at line 129 of file PeekingPeerConnector.cc.
References Ssl::bumpBump, Ssl::bumpSplice, Ssl::bumpStare, debugs, and request().
◆ checkForPeekAndSpliceMatched()
| void Ssl::PeekingPeerConnector::checkForPeekAndSpliceMatched | ( | const Ssl::BumpMode | finalMode | ) |
Definition at line 93 of file PeekingPeerConnector.cc.
References action(), BIO_get_data(), Ssl::bumpBump, Ssl::bumpSplice, Ssl::bumpTerminate, debugs, ERR_SECURE_CONNECT_FAIL, fd_table, Ssl::ServerBio::holdWrite(), Must, Security::PeerConnector::noteWantWrite(), Ssl::ServerBio::recordInput(), request(), and Http::scForbidden.
◆ commCloseHandler()
|
protectedinherited |
Definition at line 109 of file PeerConnector.cc.
References CommCommonCbParams::data, debugs, ERR_SECURE_CONNECT_FAIL, CommCommonCbParams::fd, MakeNamedErrorDetail(), request(), and Http::scServiceUnavailable.
Referenced by Security::PeerConnector::PeerConnector().
◆ commTimeoutHandler()
|
protectedinherited |
Definition at line 127 of file PeerConnector.cc.
References debugs, ERR_SECURE_CONNECT_FAIL, MakeNamedErrorDetail(), request(), and Http::scGatewayTimeout.
Referenced by Security::PeerConnector::noteWantRead().
◆ computeMissingCertificateUrls()
|
privateinherited |
Definition at line 733 of file PeerConnector.cc.
References assert, debugs, and Ssl::missingChainCertificatesUrls().
◆ countFailingConnection()
|
protectedinherited |
Definition at line 528 of file PeerConnector.cc.
References assert, fd_table, fwdPconnPool, PconnPool::noteUses(), and peerConnectFailed().
◆ deleteThis()
|
protectedinherited |
Definition at line 50 of file AsyncJob.cc.
References asyncCall(), AsyncJob::callEnd(), debugs, AsyncJob::inCall, JobMemFun(), Must, NULL, AsyncJob::stopReason, and AsyncJob::typeName.
Referenced by ConnStateData::connStateClosed().
◆ disconnect()
|
protectedinherited |
Definition at line 539 of file PeerConnector.cc.
References comm_remove_close_handler(), commUnsetConnTimeout(), and Comm::IsConnOpen().
◆ done()
|
protectedinherited |
Definition at line 91 of file AsyncJob.cc.
References AsyncJob::doneAll(), NULL, and AsyncJob::stopReason.
Referenced by AsyncJob::callEnd(), HappyConnOpener::checkForNewConnection(), Downloader::downloadFinished(), and HappyConnOpener::maybeOpenPrimeConnection().
◆ doneAll()
|
protectedvirtualinherited |
Reimplemented from AsyncJob.
Definition at line 63 of file PeerConnector.cc.
References AsyncJob::doneAll().
◆ fillChecklist()
|
protectedvirtualinherited |
Implements Acl::ChecklistFiller.
Reimplemented in Ssl::IcapPeerConnector.
Definition at line 91 of file PeerConnector.cc.
References ACLFilledChecklist::al, fd_table, request(), Security::LockingPointer< T, UnLocker, Locker >::resetWithoutLocking(), ACLFilledChecklist::serverCert, and ACLFilledChecklist::syncAle().
Referenced by Ssl::IcapPeerConnector::fillChecklist().
◆ getTlsContext()
|
virtual |
Must implemented by the kid classes to return the TLS context object to use for building the encryption context objects.
Implements Security::PeerConnector.
Definition at line 146 of file PeekingPeerConnector.cc.
References Config, SquidConfig::ssl_client, and SquidConfig::sslContext.
◆ handleMissingCertificates()
|
protectedinherited |
Definition at line 707 of file PeerConnector.cc.
References assert, Ssl::VerifyCallbackParameters::At(), Ssl::VerifyCallbackParameters::callerHandlesMissingCertificates, fd_table, Comm::IsConnOpen(), and Must.
◆ handleNegotiationResult()
|
protectedinherited |
Definition at line 254 of file PeerConnector.cc.
References Security::IoResult::category, debugs, Security::IoResult::errorDescription, Security::IoResult::errorDetail, Security::IoResult::ioError, Security::IoResult::ioSuccess, Security::IoResult::ioWantRead, and Security::IoResult::ioWantWrite.
◆ handleServerCertificate()
| void Ssl::PeekingPeerConnector::handleServerCertificate | ( | ) |
Updates associated client connection manager members if the server certificate was received from the server.
Definition at line 373 of file PeekingPeerConnector.cc.
◆ handleStopRequest()
|
inlineinherited |
Definition at line 71 of file AsyncJob.h.
References AsyncJob::mustStop().
◆ initialize()
|
virtual |
- Returns
- true on successful TLS session initialization
Reimplemented from Security::PeerConnector.
Definition at line 152 of file PeekingPeerConnector.cc.
References applyTlsDetailsToSSL(), BIO_get_data(), Ssl::bumpPeek, Ssl::bumpStare, fd_table, Security::PeerConnector::initialize(), Comm::IsConnOpen(), Ssl::ServerBio::mode(), Must, NULL, AnyP::PROTO_NONE, Security::ProxyOutgoingConfig, Ssl::Bio::rBufData(), Ssl::ServerBio::recordInput(), request(), Ssl::ServerBio::setClientFeatures(), Ssl::setClientSNI(), ssl_ex_index_server, ssl_ex_index_ssl_peeked_cert, Security::PeerOptions::updateSessionOptions(), and _request::url.
◆ isSuspended()
|
inlineprotectedinherited |
Definition at line 111 of file PeerConnector.h.
References Security::PeerConnector::suspendedError_.
◆ mustStop()
|
protectedinherited |
Definition at line 70 of file AsyncJob.cc.
References debugs, AsyncJob::inCall, Must, NULL, AsyncJob::stopReason, and AsyncJob::typeName.
Referenced by HttpStateData::abortAll(), AsyncJob::callException(), HttpStateData::continueAfterParsingHeader(), HttpStateData::drop1xx(), HttpStateData::handleMoreRequestBodyAvailable(), AsyncJob::handleStopRequest(), HttpStateData::httpStateConnClosed(), HttpStateData::httpTimeout(), HttpStateData::proceedAfter1xx(), ConnStateData::proxyProtocolError(), HttpStateData::readReply(), HttpStateData::start(), and HttpStateData::wroteLast().
◆ negotiate()
|
protectedinherited |
Performs a single secure connection negotiation step. It is called multiple times until the negotiation finishes or aborts.
Definition at line 208 of file PeerConnector.cc.
References Ssl::VerifyCallbackParameters::At(), Security::Connect(), DBG_IMPORTANT, debugs, fd_table, Security::IoResult::ioSuccess, Comm::IsConnOpen(), and Must.
◆ negotiateSsl()
|
privateinherited |
Definition at line 447 of file PeerConnector.cc.
References CallJobHere.
◆ NegotiateSsl()
|
staticprivateinherited |
Definition at line 437 of file PeerConnector.cc.
◆ noteNegotiationDone()
|
virtual |
Called when the SSL negotiation to the server completed and the certificates validated using the cert validator.
- Parameters
-
error if not NULL the SSL negotiation was aborted with an error
Reimplemented from Security::PeerConnector.
Definition at line 227 of file PeekingPeerConnector.cc.
References Ssl::CommonHostName(), debugs, ERR_GATEWAY_FAILURE, error(), fd_table, Here, Comm::IsConnOpen(), request(), Http::scInternalServerError, and _request::url.
◆ noteNegotiationError()
|
virtual |
Reimplemented from Security::PeerConnector.
Definition at line 311 of file PeekingPeerConnector.cc.
References BIO_get_data(), Ssl::ServerBio::bumpMode(), Ssl::bumpPeek, Ssl::bumpSplice, Ssl::bumpStare, debugs, Ssl::ServerBio::encryptedCertificates(), fd_table, Ssl::ServerBio::holdWrite(), Security::PeerConnector::noteNegotiationError(), Ssl::ServerBio::resumingSession(), and ssl_ex_index_ssl_error_detail.
◆ noteWantRead()
|
protectedinherited |
Called when the openSSL SSL_connect fnction request more data from the remote SSL server. Sets the read timeout and sets the Squid COMM_SELECT_READ handler.
Definition at line 454 of file PeerConnector.cc.
References COMM_SELECT_READ, commSetConnTimeout(), Security::PeerConnector::commTimeoutHandler(), debugs, Comm::IsConnOpen(), JobCallback, Comm::MortalReadTimeout(), Must, and Comm::SetSelect().
◆ noteWantWrite()
|
virtual |
Called when the openSSL SSL_connect function needs to write data to the remote SSL server. Sets the Squid COMM_SELECT_WRITE handler.
Reimplemented from Security::PeerConnector.
Definition at line 294 of file PeekingPeerConnector.cc.
References BIO_get_data(), Ssl::ServerBio::bumpMode(), Ssl::bumpPeek, Ssl::bumpStare, debugs, fd_table, Ssl::ServerBio::holdWrite(), and Security::PeerConnector::noteWantWrite().
◆ recordNegotiationDetails()
|
protectedinherited |
Called after negotiation finishes to record connection details for logging
Definition at line 188 of file PeerConnector.cc.
References BIO_get_data(), fd_table, Comm::IsConnOpen(), Must, and Ssl::ServerBio::receivedHelloDetails().
◆ resumeNegotiation()
|
protectedinherited |
Definition at line 762 of file PeerConnector.cc.
References fd_table, Must, SQUID_TLS_ERR_CONNECT, and Ssl::VerifyConnCertificates().
◆ sendSuccess()
|
protectedinherited |
Definition at line 519 of file PeerConnector.cc.
References assert, and Comm::IsConnOpen().
◆ serverCertificateVerified()
| void Ssl::PeekingPeerConnector::serverCertificateVerified | ( | ) |
Runs after the server certificate verified to update client connection manager members
Definition at line 395 of file PeekingPeerConnector.cc.
References Ssl::CommonHostName(), debugs, fd_table, Security::LockingPointer< T, UnLocker, Locker >::get(), request(), Security::LockingPointer< T, UnLocker, Locker >::resetAndLock(), and Security::LockingPointer< T, UnLocker, Locker >::resetWithoutLocking().
◆ serverConnection()
|
inlineprotectedinherited |
Definition at line 148 of file PeerConnector.h.
References Security::PeerConnector::serverConn.
Referenced by Security::BlindPeerConnector::getTlsContext().
◆ sslCrtvdCheckForErrors()
|
privateinherited |
Checks errors in the cert. validator response against sslproxy_cert_error. The first honored error, if any, is returned via errDetails parameter. The method returns all seen errors except SSL_ERROR_NONE as Security::CertErrors.
Definition at line 379 of file PeerConnector.cc.
References acl_access, Acl::Answer::allowed(), assert, SquidConfig::cert_error, Config, dash_str, debugs, Ssl::CertValidationResponse::errors, ACLChecklist::fastCheck(), fd_table, Comm::IsConnOpen(), Must, NULL, CbDataList< C >::push_back_unique(), request(), SquidConfig::ssl_client, and ACLFilledChecklist::sslErrors.
◆ sslCrtvdHandleReply()
|
privateinherited |
Definition at line 328 of file PeerConnector.cc.
References debugs, ErrorState::detailError(), Debug::Enabled(), ERR_GATEWAY_FAILURE, ERR_SECURE_CONNECT_FAIL, Helper::Error, fd_table, Comm::IsConnOpen(), Must, NULL, Helper::Okay, RawPointer(), request(), Http::scInternalServerError, Http::scServiceUnavailable, server, ssl_ex_index_server, and ssl_ex_index_ssl_errors.
Referenced by Security::PeerConnector::sslFinalized().
◆ sslFinalized()
|
protectedinherited |
Called after negotiation has finished. Cleans up TLS/SSL state. Returns false if we are now waiting for the certs validation job. Otherwise, returns true, regardless of negotiation success/failure.
Definition at line 283 of file PeerConnector.cc.
References asyncCall(), DBG_IMPORTANT, debugs, Ssl::CertValidationRequest::domainName, ERR_GATEWAY_FAILURE, Ssl::CertValidationRequest::errors, fd_table, Comm::IsConnOpen(), Must, NULL, request(), Http::scInternalServerError, Ssl::CertValidationRequest::ssl, ssl_ex_index_server, ssl_ex_index_ssl_errors, Security::PeerConnector::sslCrtvdHandleReply(), Ssl::CertValidationHelper::Submit(), and Ssl::TheConfig.
◆ start()
|
protectedvirtualinherited |
Reimplemented from AsyncJob.
Definition at line 70 of file PeerConnector.cc.
References assert, debugs, ERR_CONNECT_FAIL, fd_table, Comm::IsConnOpen(), request(), Http::scBadGateway, and AsyncJob::start().
◆ Start()
|
staticinherited |
Promises to start the configured job (eventually). The job is deemed to be running asynchronously beyond this point, so the caller should only access the job object via AsyncCalls rather than directly.
swanSong() is only called for jobs for which this method has returned successfully (i.e. without throwing).
Definition at line 24 of file AsyncJob.cc.
References CallJobHere, AsyncJob::start(), and AsyncJob::started_.
Referenced by Ftp::Server::AcceptCtrlConnection(), clientListenerConnectionOpened(), Ipc::Coordinator::handleCacheMgrRequest(), Ipc::Coordinator::handleSnmpRequest(), httpAccept(), httpsAccept(), httpStart(), idnsInitVC(), Ftp::Gateway::listenForDataChannel(), Ftp::Server::listenForDataConnection(), Log::TcpLogger::Open(), peerProbeConnect(), Mgr::FunAction::respond(), Mgr::InfoAction::respond(), Ipc::SendMessage(), Mgr::Inquirer::sendResponse(), snmpConstructReponse(), SquidMain(), CacheManager::start(), Adaptation::AccessCheck::Start(), Rock::Rebuild::Start(), JobWaitBase::start_(), BodyPipe::startAutoConsumptionIfNeeded(), Ftp::StartGateway(), Ftp::StartRelay(), PeerPoolMgrsRr::syncConfig(), and Rock::SwapDir::updateHeaders().
◆ startCertDownloading()
|
protectedinherited |
Definition at line 636 of file PeerConnector.cc.
References asyncCall(), and Security::PeerConnector::certDownloadingDone().
◆ startTunneling()
| void Ssl::PeekingPeerConnector::startTunneling | ( | ) |
Definition at line 274 of file PeekingPeerConnector.cc.
References BIO_get_data(), debugs, fd_table, request(), and switchToTunnel().
◆ status()
|
protectedvirtualinherited |
for debugging, starts with space
Reimplemented from AsyncJob.
Definition at line 583 of file PeerConnector.cc.
References MemBuf::append(), Packable::appendf(), MemBuf::content(), Comm::IsConnOpen(), NULL, MemBuf::reset(), and MemBuf::terminate().
◆ suspendNegotiation()
|
protectedinherited |
Suspends TLS negotiation to download the missing certificates
- Parameters
-
lastError an error to handle when resuming negotiations
Definition at line 752 of file PeerConnector.cc.
◆ swanSong()
|
protectedvirtualinherited |
Reimplemented from AsyncJob.
Definition at line 568 of file PeerConnector.cc.
References assert, ERR_GATEWAY_FAILURE, request(), Http::scInternalServerError, and AsyncJob::swanSong().
◆ toCbdata()
|
pure virtualinherited |
Implemented in HttpStateData, ClientHttpRequest, and BodySink.
Referenced by AsyncJob::callException(), and AsyncJob::callStart().
◆ tunnelInsteadOfNegotiating()
|
private |
Member Data Documentation
◆ al
|
protectedinherited |
Definition at line 177 of file PeerConnector.h.
◆ callback
|
protectedinherited |
Definition at line 178 of file PeerConnector.h.
Referenced by Security::PeerConnector::PeerConnector().
◆ certDownloadWait
|
privateinherited |
Definition at line 223 of file PeerConnector.h.
◆ certsDownloads
|
privateinherited |
Definition at line 213 of file PeerConnector.h.
◆ clientConn
|
private |
Definition at line 69 of file PeekingPeerConnector.h.
◆ closeHandler
|
private |
Definition at line 70 of file PeekingPeerConnector.h.
◆ downloadedCerts
|
privateinherited |
Definition at line 217 of file PeerConnector.h.
◆ id
|
inherited |
Definition at line 73 of file AsyncJob.h.
◆ inCall
|
protectedinherited |
Definition at line 81 of file AsyncJob.h.
Referenced by AsyncJob::callEnd(), AsyncJob::callStart(), AsyncJob::canBeCalled(), AsyncJob::deleteThis(), and AsyncJob::mustStop().
◆ keyLogger
|
privateinherited |
Definition at line 205 of file PeerConnector.h.
◆ MaxCertsDownloads
|
staticprivateinherited |
Definition at line 199 of file PeerConnector.h.
◆ MaxNestedDownloads
|
staticprivateinherited |
Definition at line 202 of file PeerConnector.h.
◆ negotiationTimeout
|
privateinherited |
Definition at line 208 of file PeerConnector.h.
◆ noteFwdPconnUse
|
inherited |
Definition at line 72 of file PeerConnector.h.
Referenced by FwdState::secureConnectionToPeer().
◆ request
|
protectedinherited |
Definition at line 175 of file PeerConnector.h.
Referenced by Security::BlindPeerConnector::BlindPeerConnector(), and PeekingPeerConnector().
◆ serverCertificateHandled
|
private |
Definition at line 72 of file PeekingPeerConnector.h.
◆ serverConn
|
protectedinherited |
Definition at line 176 of file PeerConnector.h.
Referenced by Security::PeerConnector::PeerConnector(), and Security::PeerConnector::serverConnection().
◆ splice
|
private |
Definition at line 71 of file PeekingPeerConnector.h.
◆ started_
|
protectedinherited |
Definition at line 83 of file AsyncJob.h.
Referenced by AsyncJob::~AsyncJob(), AsyncJob::callEnd(), and AsyncJob::Start().
◆ startTime
|
privateinherited |
Definition at line 209 of file PeerConnector.h.
◆ stopReason
|
protectedinherited |
Definition at line 79 of file AsyncJob.h.
Referenced by AsyncJob::deleteThis(), AsyncJob::done(), AsyncJob::mustStop(), AsyncJob::status(), and HappyConnOpener::status().
◆ suspendedError_
|
privateinherited |
Definition at line 221 of file PeerConnector.h.
Referenced by Security::PeerConnector::isSuspended().
◆ swanSang_
|
protectedinherited |
Definition at line 84 of file AsyncJob.h.
Referenced by AsyncJob::~AsyncJob(), and AsyncJob::callEnd().
◆ typeName
|
protectedinherited |
Definition at line 80 of file AsyncJob.h.
Referenced by AsyncJob::AsyncJob(), Adaptation::Icap::Xaction::Xaction(), AsyncJob::~AsyncJob(), AsyncJob::callEnd(), AsyncJob::callStart(), AsyncJob::deleteThis(), and AsyncJob::mustStop().
◆ urlsOfMissingCerts
|
privateinherited |
Definition at line 212 of file PeerConnector.h.
◆ useCertValidator_
|
privateinherited |
whether the certificate validator should bypassed
Definition at line 210 of file PeerConnector.h.
Referenced by Security::PeerConnector::bypassCertValidator().
The documentation for this class was generated from the following files:
- src/ssl/PeekingPeerConnector.h
- src/ssl/PeekingPeerConnector.cc