A PeerConnector for HTTP origin servers. Capable of SslBumping. More...
#include <PeekingPeerConnector.h>
Public Types | |
| typedef CbcPointer< PeerConnector > | Pointer |
Public Member Functions | |
| PeekingPeerConnector (HttpRequestPointer &aRequest, const Comm::ConnectionPointer &aServerConn, const Comm::ConnectionPointer &aClientConn, const AsyncCallback< Security::EncryptorAnswer > &aCallback, const AccessLogEntryPointer &alp, time_t timeout=0) | |
| bool | initialize (Security::SessionPointer &) override |
| Security::ContextPointer | getTlsContext () override |
| void | noteWantWrite () override |
| void | noteNegotiationError (const Security::ErrorDetailPointer &) override |
| Called when the SSL_connect function aborts with an SSL negotiation error. More... | |
| void | noteNegotiationDone (ErrorState *error) override |
| void | handleServerCertificate () |
| void | checkForPeekAndSplice () |
| void | checkForPeekAndSpliceDone (Acl::Answer) |
| Callback function for ssl_bump acl check in step3 SSL bump step. More... | |
| void | checkForPeekAndSpliceMatched (const Ssl::BumpMode finalMode) |
| Handles the final bumping decision. More... | |
| Ssl::BumpMode | checkForPeekAndSpliceGuess () const |
| Guesses the final bumping decision when no ssl_bump rules match. More... | |
| void | serverCertificateVerified () |
| void | startTunneling () |
| Abruptly stops TLS negotiation and starts tunneling. More... | |
| bool | canBeCalled (AsyncCall &call) const |
| whether we can be called More... | |
| void | callStart (AsyncCall &call) |
| virtual void | callEnd () |
| called right after the called job method More... | |
| virtual void | callException (const std::exception &e) |
| called when the job throws during an async call More... | |
| void | handleStopRequest () |
| process external request to terminate now (i.e. during this async call) More... | |
| virtual void * | toCbdata ()=0 |
Static Public Member Functions | |
| static void | cbCheckForPeekAndSpliceDone (Acl::Answer, void *data) |
| A wrapper function for checkForPeekAndSpliceDone for use with acl. More... | |
| static void | Start (const Pointer &job) |
Public Attributes | |
| bool | noteFwdPconnUse |
| hack: whether the connection requires fwdPconnPool->noteUses() More... | |
| const InstanceId< AsyncJob > | id |
| job identifier More... | |
Protected Member Functions | |
| void | start () override |
| Preps connection and SSL state. Calls negotiate(). More... | |
| bool | doneAll () const override |
| whether positive goal has been reached More... | |
| void | swanSong () override |
| const char * | status () const override |
| internal cleanup; do not call directly More... | |
| void | fillChecklist (ACLFilledChecklist &) const override |
| configure the given checklist (to reflect the current transaction state) More... | |
| void | commTimeoutHandler (const CommTimeoutCbParams &) |
| The connection read timeout callback handler. More... | |
| void | commCloseHandler (const CommCloseCbParams ¶ms) |
| The comm_close callback handler. More... | |
| void | negotiate () |
| bool | sslFinalized () |
| void | handleNegotiationResult (const Security::IoResult &) |
| Called after each negotiation step to handle the result. More... | |
| void | noteWantRead () |
| bool | isSuspended () const |
| Whether TLS negotiation has been paused and not yet resumed. More... | |
| void | suspendNegotiation (const Security::IoResult &lastError) |
| void | resumeNegotiation () |
| Resumes TLS negotiation paused by suspendNegotiation() More... | |
| void | handleMissingCertificates (const Security::IoResult &lastError) |
| Either initiates fetching of missing certificates or bails with an error. More... | |
| void | startCertDownloading (SBuf &url) |
| Start downloading procedure for the given URL. More... | |
| void | certDownloadingDone (DownloaderAnswer &) |
| Called by Downloader after a certificate object downloaded. More... | |
| Comm::ConnectionPointer const & | serverConnection () const |
| mimics FwdState to minimize changes to FwdState::initiate/negotiateSsl More... | |
| void | bail (ErrorState *error) |
| sends the given error to the initiator More... | |
| void | sendSuccess () |
| sends the encrypted connection to the initiator More... | |
| void | callBack () |
| a bail(), sendSuccess() helper: sends results to the initiator More... | |
| void | disconnect () |
| a bail(), sendSuccess() helper: stops monitoring the connection More... | |
| void | countFailingConnection (const ErrorState *) |
| updates connection usage history before the connection is closed More... | |
| void | bypassCertValidator () |
| If called the certificates validator will not used. More... | |
| void | recordNegotiationDetails () |
| EncryptorAnswer & | answer () |
| convenience method to get to the answer fields More... | |
| void | deleteThis (const char *aReason) |
| void | mustStop (const char *aReason) |
| bool | done () const |
| the job is destroyed in callEnd() when done() More... | |
Protected Attributes | |
| HttpRequestPointer | request |
| peer connection trigger or cause More... | |
| Comm::ConnectionPointer | serverConn |
| TCP connection to the peer. More... | |
| AccessLogEntryPointer | al |
| info for the future access.log entry More... | |
| AsyncCallback< EncryptorAnswer > | callback |
| answer destination More... | |
| const char * | stopReason |
| reason for forcing done() to be true More... | |
| const char * | typeName |
| kid (leaf) class name, for debugging More... | |
| AsyncCall::Pointer | inCall |
| the asynchronous call being handled, if any More... | |
| bool | started_ = false |
| Start() has finished successfully. More... | |
| bool | swanSang_ = false |
| swanSong() was called More... | |
Private Member Functions | |
| CBDATA_CHILD (PeekingPeerConnector) | |
| void | tunnelInsteadOfNegotiating () |
| Inform caller class that the SSL negotiation aborted. More... | |
| CBDATA_INTERMEDIATE () | |
| unsigned int | certDownloadNestingLevel () const |
| the number of concurrent PeerConnector jobs waiting for us More... | |
| void | sslCrtvdHandleReply (Ssl::CertValidationResponsePointer &) |
| Process response from cert validator helper. More... | |
| Security::CertErrors * | sslCrtvdCheckForErrors (Ssl::CertValidationResponse const &, ErrorDetailPointer &) |
| Check SSL errors returned from cert validator against sslproxy_cert_error access list. More... | |
| bool | computeMissingCertificateUrls (const Connection &) |
| finds URLs of (some) missing intermediate certificates or returns false More... | |
| void | negotiateSsl () |
| Comm::SetSelect() callback. Direct calls tickle/resume negotiations. More... | |
| virtual void | finalizedInCbdataChild ()=0 |
| hack: ensure CBDATA_CHILD() after a toCbdata()-defining CBDATA_INTERMEDIATE() More... | |
Static Private Member Functions | |
| static void | NegotiateSsl (int fd, void *data) |
| A wrapper for Comm::SetSelect() notifications. More... | |
Private Attributes | |
| Comm::ConnectionPointer | clientConn |
| TCP connection to the client. More... | |
| AsyncCall::Pointer | closeHandler |
| we call this when the connection closed More... | |
| bool | splice |
| whether we are going to splice or not More... | |
| bool | serverCertificateHandled |
| whether handleServerCertificate() succeeded More... | |
| Security::KeyLogger | keyLogger |
| managers logging of the being-established TLS connection secrets More... | |
| time_t | negotiationTimeout |
| the SSL connection timeout to use More... | |
| time_t | startTime |
| when the peer connector negotiation started More... | |
| bool | useCertValidator_ |
| std::queue< SBuf > | urlsOfMissingCerts |
| The list of URLs where missing certificates should be downloaded. More... | |
| unsigned int | certsDownloads |
| the number of downloaded missing certificates More... | |
| Ssl::X509_STACK_Pointer | downloadedCerts |
| successfully downloaded intermediate certificates (omitted by the peer) More... | |
| Security::IoResultPointer | suspendedError_ |
| outcome of the last (failed and) suspended negotiation attempt (or nil) More... | |
| JobWait< Downloader > | certDownloadWait |
| waits for the missing certificate to be downloaded More... | |
Static Private Attributes | |
| static const unsigned int | MaxCertsDownloads = 10 |
| The maximum number of missing certificates a single PeerConnector may download. More... | |
| static const unsigned int | MaxNestedDownloads = 3 |
| The maximum number of inter-dependent Downloader jobs a worker may initiate. More... | |
Detailed Description
Definition at line 20 of file PeekingPeerConnector.h.
Member Typedef Documentation
◆ Pointer
|
inherited |
Definition at line 53 of file PeerConnector.h.
Constructor & Destructor Documentation
◆ PeekingPeerConnector()
| Ssl::PeekingPeerConnector::PeekingPeerConnector | ( | HttpRequestPointer & | aRequest, |
| const Comm::ConnectionPointer & | aServerConn, | ||
| const Comm::ConnectionPointer & | aClientConn, | ||
| const AsyncCallback< Security::EncryptorAnswer > & | aCallback, | ||
| const AccessLogEntryPointer & | alp, | ||
| time_t | timeout = 0 |
||
| ) |
Definition at line 28 of file PeekingPeerConnector.cc.
References HttpRequest::clientConnectionManager, Must, Security::PeerConnector::request, tlsBump3, and CbcPointer< Cbc >::valid().
Member Function Documentation
◆ answer()
|
protectedinherited |
Definition at line 499 of file PeerConnector.cc.
References assert.
◆ bail()
|
protectedinherited |
Definition at line 506 of file PeerConnector.cc.
◆ bypassCertValidator()
|
inlineprotectedinherited |
Definition at line 156 of file PeerConnector.h.
References Security::PeerConnector::useCertValidator_.
◆ callBack()
|
protectedinherited |
Definition at line 557 of file PeerConnector.cc.
References Assure, conn, debugs, and ScheduleCallHere.
◆ callEnd()
|
virtualinherited |
called right after the called job method
Reimplemented in Adaptation::Icap::Xaction.
Definition at line 137 of file AsyncJob.cc.
References assert, AsyncCall::debugLevel, debugs, AsyncCall::debugSection, AsyncJob::done(), AsyncJob::inCall, AsyncJob::started_, AsyncJob::status(), AsyncJob::swanSang_, AsyncJob::swanSong(), and AsyncJob::typeName.
Referenced by Adaptation::Icap::Xaction::callEnd(), and AsyncJob::deleteThis().
◆ callException()
|
virtualinherited |
Reimplemented in ConnStateData, ClientHttpRequest, Adaptation::Icap::ModXact, Adaptation::Icap::ServiceRep, Adaptation::Icap::Xaction, Ipc::Forwarder, Ipc::Inquirer, and Ftp::Server.
Definition at line 128 of file AsyncJob.cc.
References cbdataReferenceValid(), debugs, Must, AsyncJob::mustStop(), and CbdataParent::toCbdata().
Referenced by ConnStateData::callException(), Adaptation::Icap::Xaction::callException(), Ipc::Forwarder::callException(), Ipc::Inquirer::callException(), and Ftp::Server::callException().
◆ callStart()
|
inherited |
called just before the called method
Definition at line 115 of file AsyncJob.cc.
References cbdataReferenceValid(), AsyncCall::debugLevel, debugs, AsyncCall::debugSection, AsyncJob::inCall, Must, AsyncJob::status(), CbdataParent::toCbdata(), and AsyncJob::typeName.
◆ canBeCalled()
|
inherited |
Definition at line 102 of file AsyncJob.cc.
References AsyncCall::cancel(), debugs, and AsyncJob::inCall.
◆ cbCheckForPeekAndSpliceDone()
|
static |
Definition at line 51 of file PeekingPeerConnector.cc.
References CallJobHere1.
Referenced by checkForPeekAndSplice().
◆ CBDATA_CHILD()
|
private |
◆ CBDATA_INTERMEDIATE()
|
privateinherited |
◆ certDownloadingDone()
|
protectedinherited |
Definition at line 626 of file PeerConnector.cc.
References debugs, fd_table, Ssl::findIssuerCertificate(), Ssl::findIssuerUri(), Comm::IsConnOpen(), SBuf::length(), Must, DownloaderAnswer::outcome, SBuf::rawContent(), and DownloaderAnswer::resource.
Referenced by Security::PeerConnector::startCertDownloading().
◆ certDownloadNestingLevel()
|
privateinherited |
Definition at line 603 of file PeerConnector.cc.
◆ checkForPeekAndSplice()
| void Ssl::PeekingPeerConnector::checkForPeekAndSplice | ( | ) |
Initiates the ssl_bump acl check in step3 SSL bump step to decide about bumping, splicing or terminating the connection.
Definition at line 68 of file PeekingPeerConnector.cc.
References ACCESS_ALLOWED, ACLFilledChecklist::al, ACLChecklist::banAction(), BIO_get_data(), Ssl::bumpBump, Ssl::bumpClientFirst, Ssl::bumpNone, Ssl::bumpPeek, Ssl::bumpServerFirst, Ssl::bumpSplice, Ssl::bumpStare, Ssl::ServerBio::canBump(), Ssl::ServerBio::canSplice(), cbCheckForPeekAndSpliceDone(), Config, fd_table, ACLChecklist::nonBlockingCheck(), SquidConfig::ssl_bump, and ACLFilledChecklist::syncAle().
◆ checkForPeekAndSpliceDone()
| void Ssl::PeekingPeerConnector::checkForPeekAndSpliceDone | ( | Acl::Answer | aclAnswer | ) |
Definition at line 59 of file PeekingPeerConnector.cc.
References Acl::Answer::allowed(), and Acl::Answer::kind.
◆ checkForPeekAndSpliceGuess()
| Ssl::BumpMode Ssl::PeekingPeerConnector::checkForPeekAndSpliceGuess | ( | ) | const |
Definition at line 129 of file PeekingPeerConnector.cc.
References Ssl::bumpBump, Ssl::bumpSplice, Ssl::bumpStare, and debugs.
◆ checkForPeekAndSpliceMatched()
| void Ssl::PeekingPeerConnector::checkForPeekAndSpliceMatched | ( | const Ssl::BumpMode | finalMode | ) |
Definition at line 93 of file PeekingPeerConnector.cc.
References action(), BIO_get_data(), Ssl::bumpBump, Ssl::bumpSplice, Ssl::bumpTerminate, debugs, ERR_SECURE_CONNECT_FAIL, fd_table, Ssl::ServerBio::holdWrite(), Must, Security::PeerConnector::noteWantWrite(), Ssl::ServerBio::recordInput(), and Http::scForbidden.
◆ commCloseHandler()
|
protectedinherited |
Definition at line 107 of file PeerConnector.cc.
References CommCommonCbParams::data, debugs, ERR_SECURE_CONNECT_FAIL, CommCommonCbParams::fd, MakeNamedErrorDetail(), and Http::scServiceUnavailable.
Referenced by Security::PeerConnector::PeerConnector().
◆ commTimeoutHandler()
|
protectedinherited |
Definition at line 127 of file PeerConnector.cc.
References debugs, ERR_SECURE_CONNECT_FAIL, MakeNamedErrorDetail(), and Http::scGatewayTimeout.
Referenced by Security::PeerConnector::noteWantRead().
◆ computeMissingCertificateUrls()
|
privateinherited |
Definition at line 708 of file PeerConnector.cc.
References assert, debugs, and Ssl::missingChainCertificatesUrls().
◆ countFailingConnection()
|
protectedinherited |
Definition at line 530 of file PeerConnector.cc.
References assert, error(), fd_table, fwdPconnPool, NoteOutgoingConnectionFailure(), PconnPool::noteUses(), and Http::scNone.
◆ deleteThis()
|
protectedinherited |
Definition at line 50 of file AsyncJob.cc.
References asyncCall(), AsyncJob::callEnd(), debugs, AsyncJob::deleteThis(), AsyncJob::inCall, JobMemFun(), Must, AsyncJob::stopReason, and AsyncJob::typeName.
Referenced by ConnStateData::connStateClosed(), and AsyncJob::deleteThis().
◆ disconnect()
|
protectedinherited |
Definition at line 540 of file PeerConnector.cc.
References comm_remove_close_handler(), commUnsetConnTimeout(), and Comm::IsConnOpen().
◆ done()
|
protectedinherited |
Definition at line 91 of file AsyncJob.cc.
References AsyncJob::doneAll(), and AsyncJob::stopReason.
Referenced by AsyncJob::callEnd(), HappyConnOpener::checkForNewConnection(), Downloader::downloadFinished(), and HappyConnOpener::maybeOpenPrimeConnection().
◆ doneAll()
|
overrideprotectedvirtualinherited |
Reimplemented from AsyncJob.
Definition at line 61 of file PeerConnector.cc.
References AsyncJob::doneAll().
◆ fillChecklist()
|
overrideprotectedvirtualinherited |
Implements Acl::ChecklistFiller.
Definition at line 89 of file PeerConnector.cc.
References ACLFilledChecklist::al, fd_table, Security::LockingPointer< T, UnLocker, Locker >::resetWithoutLocking(), ACLFilledChecklist::serverCert, and ACLFilledChecklist::syncAle().
Referenced by Ssl::IcapPeerConnector::fillChecklist().
◆ finalizedInCbdataChild()
|
privatepure virtualinherited |
◆ getTlsContext()
|
overridevirtual |
Must implemented by the kid classes to return the TLS context object to use for building the encryption context objects.
Implements Security::PeerConnector.
Definition at line 146 of file PeekingPeerConnector.cc.
References Config, SquidConfig::ssl_client, and SquidConfig::sslContext.
◆ handleMissingCertificates()
|
protectedinherited |
Definition at line 682 of file PeerConnector.cc.
References assert, Ssl::VerifyCallbackParameters::At(), Ssl::VerifyCallbackParameters::callerHandlesMissingCertificates, fd_table, Comm::IsConnOpen(), and Must.
◆ handleNegotiationResult()
|
protectedinherited |
Definition at line 257 of file PeerConnector.cc.
References Security::IoResult::category, debugs, Security::IoResult::errorDescription, Security::IoResult::errorDetail, Debug::Extra(), Security::IoResult::ioError, Security::IoResult::ioSuccess, Security::IoResult::ioWantRead, Security::IoResult::ioWantWrite, and RawPointer().
◆ handleServerCertificate()
| void Ssl::PeekingPeerConnector::handleServerCertificate | ( | ) |
Updates associated client connection manager members if the server certificate was received from the server.
Definition at line 373 of file PeekingPeerConnector.cc.
References fd_table.
◆ handleStopRequest()
|
inlineinherited |
Definition at line 71 of file AsyncJob.h.
References AsyncJob::mustStop().
◆ initialize()
|
overridevirtual |
- Returns
- true on successful TLS session initialization
Reimplemented from Security::PeerConnector.
Definition at line 152 of file PeekingPeerConnector.cc.
References applyTlsDetailsToSSL(), BIO_get_data(), Ssl::bumpPeek, Ssl::bumpStare, SBuf::c_str(), Config, fd_table, Security::PeerConnector::initialize(), Comm::IsConnOpen(), Ssl::ServerBio::mode(), Must, SquidConfig::onoff, AnyP::PROTO_NONE, Security::ProxyOutgoingConfig, Ssl::Bio::rBufData(), Ssl::ServerBio::recordInput(), SquidConfig::redir_rewrites_host, Ssl::ServerBio::setClientFeatures(), Ssl::setClientSNI(), ssl_ex_index_server, ssl_ex_index_ssl_peeked_cert, and Security::PeerOptions::updateSessionOptions().
◆ isSuspended()
|
inlineprotectedinherited |
Definition at line 101 of file PeerConnector.h.
References Security::PeerConnector::suspendedError_.
◆ mustStop()
|
protectedinherited |
Definition at line 70 of file AsyncJob.cc.
References debugs, AsyncJob::inCall, Must, AsyncJob::stopReason, and AsyncJob::typeName.
Referenced by HttpStateData::abortAll(), AsyncJob::callException(), HttpStateData::continueAfterParsingHeader(), HttpStateData::drop1xx(), HttpStateData::handleMoreRequestBodyAvailable(), AsyncJob::handleStopRequest(), HttpStateData::httpStateConnClosed(), HttpStateData::httpTimeout(), HttpStateData::proceedAfter1xx(), ConnStateData::proxyProtocolError(), HttpStateData::readReply(), HttpStateData::start(), and HttpStateData::wroteLast().
◆ negotiate()
|
protectedinherited |
Performs a single secure connection negotiation step. It is called multiple times until the negotiation finishes or aborts.
Definition at line 211 of file PeerConnector.cc.
References Ssl::VerifyCallbackParameters::At(), Security::Connect(), DBG_IMPORTANT, debugs, fd_table, Security::IoResult::ioSuccess, Comm::IsConnOpen(), and Must.
◆ negotiateSsl()
|
privateinherited |
Definition at line 451 of file PeerConnector.cc.
References CallJobHere.
◆ NegotiateSsl()
|
staticprivateinherited |
Definition at line 441 of file PeerConnector.cc.
◆ noteNegotiationDone()
|
overridevirtual |
Called when the SSL negotiation to the server completed and the certificates validated using the cert validator.
- Parameters
-
error if not NULL the SSL negotiation was aborted with an error
Reimplemented from Security::PeerConnector.
Definition at line 227 of file PeekingPeerConnector.cc.
References Ssl::CommonHostName(), debugs, ERR_GATEWAY_FAILURE, error(), fd_table, Here, Comm::IsConnOpen(), and Http::scInternalServerError.
◆ noteNegotiationError()
|
overridevirtual |
Reimplemented from Security::PeerConnector.
Definition at line 311 of file PeekingPeerConnector.cc.
References BIO_get_data(), Ssl::ServerBio::bumpMode(), Ssl::bumpPeek, Ssl::bumpSplice, Ssl::bumpStare, debugs, Ssl::ServerBio::encryptedCertificates(), fd_table, Ssl::ServerBio::holdWrite(), Security::PeerConnector::noteNegotiationError(), Ssl::ServerBio::resumingSession(), and ssl_ex_index_ssl_error_detail.
◆ noteWantRead()
|
protectedinherited |
Called when the openSSL SSL_connect fnction request more data from the remote SSL server. Sets the read timeout and sets the Squid COMM_SELECT_READ handler.
Definition at line 458 of file PeerConnector.cc.
References COMM_SELECT_READ, commSetConnTimeout(), Security::PeerConnector::commTimeoutHandler(), debugs, Comm::IsConnOpen(), JobCallback, Comm::MortalReadTimeout(), Must, and Comm::SetSelect().
◆ noteWantWrite()
|
overridevirtual |
Called when the openSSL SSL_connect function needs to write data to the remote SSL server. Sets the Squid COMM_SELECT_WRITE handler.
Reimplemented from Security::PeerConnector.
Definition at line 294 of file PeekingPeerConnector.cc.
References BIO_get_data(), Ssl::ServerBio::bumpMode(), Ssl::bumpPeek, Ssl::bumpStare, debugs, fd_table, Ssl::ServerBio::holdWrite(), and Security::PeerConnector::noteWantWrite().
◆ recordNegotiationDetails()
|
protectedinherited |
Called after negotiation finishes to record connection details for logging
Definition at line 191 of file PeerConnector.cc.
References BIO_get_data(), fd_table, Comm::IsConnOpen(), Must, and Ssl::ServerBio::receivedHelloDetails().
◆ resumeNegotiation()
|
protectedinherited |
Definition at line 737 of file PeerConnector.cc.
References fd_table, Must, SQUID_TLS_ERR_CONNECT, and Ssl::VerifyConnCertificates().
◆ sendSuccess()
|
protectedinherited |
Definition at line 521 of file PeerConnector.cc.
References assert, and Comm::IsConnOpen().
◆ serverCertificateVerified()
| void Ssl::PeekingPeerConnector::serverCertificateVerified | ( | ) |
Runs after the server certificate verified to update client connection manager members
Definition at line 395 of file PeekingPeerConnector.cc.
References Ssl::CommonHostName(), debugs, fd_table, Security::LockingPointer< T, UnLocker, Locker >::get(), Security::LockingPointer< T, UnLocker, Locker >::resetAndLock(), and Security::LockingPointer< T, UnLocker, Locker >::resetWithoutLocking().
◆ serverConnection()
|
inlineprotectedinherited |
Definition at line 138 of file PeerConnector.h.
References Security::PeerConnector::serverConn.
Referenced by Security::BlindPeerConnector::getTlsContext().
◆ sslCrtvdCheckForErrors()
|
privateinherited |
Checks errors in the cert. validator response against sslproxy_cert_error. The first honored error, if any, is returned via errDetails parameter. The method returns all seen errors except SSL_ERROR_NONE as Security::CertErrors.
Definition at line 383 of file PeerConnector.cc.
References acl_access, Acl::Answer::allowed(), assert, SquidConfig::cert_error, Config, dash_str, debugs, Ssl::CertValidationResponse::errors, ACLChecklist::fastCheck(), fd_table, Comm::IsConnOpen(), Must, CbDataList< C >::push_back_unique(), and ACLFilledChecklist::sslErrors.
◆ sslCrtvdHandleReply()
|
privateinherited |
Definition at line 332 of file PeerConnector.cc.
References debugs, ErrorState::detailError(), Debug::Enabled(), ERR_GATEWAY_FAILURE, ERR_SECURE_CONNECT_FAIL, Helper::Error, fd_table, Comm::IsConnOpen(), Must, Helper::Okay, RawPointer(), Http::scInternalServerError, Http::scServiceUnavailable, server, ssl_ex_index_server, and ssl_ex_index_ssl_errors.
Referenced by Security::PeerConnector::sslFinalized().
◆ sslFinalized()
|
protectedinherited |
Called after negotiation has finished. Cleans up TLS/SSL state. Returns false if we are now waiting for the certs validation job. Otherwise, returns true, regardless of negotiation success/failure.
Definition at line 287 of file PeerConnector.cc.
References asyncCallback, DBG_IMPORTANT, debugs, Ssl::CertValidationRequest::domainName, ERR_GATEWAY_FAILURE, Ssl::CertValidationRequest::errors, fd_table, Comm::IsConnOpen(), Must, Http::scInternalServerError, Ssl::CertValidationRequest::ssl, ssl_ex_index_server, ssl_ex_index_ssl_errors, Security::PeerConnector::sslCrtvdHandleReply(), Ssl::CertValidationHelper::Submit(), and Ssl::TheConfig.
◆ start()
|
overrideprotectedvirtualinherited |
Reimplemented from AsyncJob.
Definition at line 68 of file PeerConnector.cc.
References assert, debugs, ERR_CONNECT_FAIL, fd_table, Comm::IsConnOpen(), Http::scBadGateway, and AsyncJob::start().
◆ Start()
|
staticinherited |
Promises to start the configured job (eventually). The job is deemed to be running asynchronously beyond this point, so the caller should only access the job object via AsyncCalls rather than directly.
swanSong() is only called for jobs for which this method has returned successfully (i.e. without throwing).
Definition at line 24 of file AsyncJob.cc.
References CallJobHere, AsyncJob::start(), and AsyncJob::started_.
Referenced by Ftp::Server::AcceptCtrlConnection(), clientListenerConnectionOpened(), Ipc::Coordinator::handleCacheMgrRequest(), Ipc::Coordinator::handleSnmpRequest(), httpAccept(), httpsAccept(), httpStart(), idnsInitVC(), Ftp::Gateway::listenForDataChannel(), Ftp::Server::listenForDataConnection(), Log::TcpLogger::Open(), peerProbeConnect(), Mgr::FunAction::respond(), Mgr::InfoAction::respond(), Ipc::SendMessage(), Mgr::Inquirer::sendResponse(), snmpConstructReponse(), SquidMain(), CacheManager::start(), Adaptation::AccessCheck::Start(), Rock::Rebuild::Start(), JobWaitBase::start_(), BodyPipe::startAutoConsumptionIfNeeded(), Ftp::StartGateway(), Ftp::StartRelay(), PeerPoolMgrsRr::syncConfig(), and Rock::SwapDir::updateHeaders().
◆ startCertDownloading()
|
protectedinherited |
Definition at line 616 of file PeerConnector.cc.
References asyncCallback, and Security::PeerConnector::certDownloadingDone().
◆ startTunneling()
| void Ssl::PeekingPeerConnector::startTunneling | ( | ) |
Definition at line 274 of file PeekingPeerConnector.cc.
References BIO_get_data(), debugs, fd_table, and switchToTunnel().
◆ status()
|
overrideprotectedvirtualinherited |
for debugging, starts with space
Reimplemented from AsyncJob.
Definition at line 580 of file PeerConnector.cc.
References MemBuf::append(), Packable::appendf(), MemBuf::content(), Comm::IsConnOpen(), MemBuf::reset(), and MemBuf::terminate().
◆ suspendNegotiation()
|
protectedinherited |
Suspends TLS negotiation to download the missing certificates
- Parameters
-
lastError an error to handle when resuming negotiations
Definition at line 727 of file PeerConnector.cc.
◆ swanSong()
|
overrideprotectedvirtualinherited |
Reimplemented from AsyncJob.
Definition at line 565 of file PeerConnector.cc.
References assert, ERR_GATEWAY_FAILURE, Http::scInternalServerError, and AsyncJob::swanSong().
◆ toCbdata()
|
pure virtualinherited |
Referenced by AsyncJob::callException(), and AsyncJob::callStart().
◆ tunnelInsteadOfNegotiating()
|
private |
Member Data Documentation
◆ al
|
protectedinherited |
Definition at line 167 of file PeerConnector.h.
◆ callback
|
protectedinherited |
Definition at line 170 of file PeerConnector.h.
◆ certDownloadWait
|
privateinherited |
Definition at line 216 of file PeerConnector.h.
◆ certsDownloads
|
privateinherited |
Definition at line 206 of file PeerConnector.h.
◆ clientConn
|
private |
Definition at line 69 of file PeekingPeerConnector.h.
◆ closeHandler
|
private |
Definition at line 70 of file PeekingPeerConnector.h.
◆ downloadedCerts
|
privateinherited |
Definition at line 210 of file PeerConnector.h.
◆ id
|
inherited |
Definition at line 73 of file AsyncJob.h.
◆ inCall
|
protectedinherited |
Definition at line 81 of file AsyncJob.h.
Referenced by AsyncJob::callEnd(), AsyncJob::callStart(), AsyncJob::canBeCalled(), AsyncJob::deleteThis(), and AsyncJob::mustStop().
◆ keyLogger
|
privateinherited |
Definition at line 198 of file PeerConnector.h.
◆ MaxCertsDownloads
|
staticprivateinherited |
Definition at line 192 of file PeerConnector.h.
◆ MaxNestedDownloads
|
staticprivateinherited |
Definition at line 195 of file PeerConnector.h.
◆ negotiationTimeout
|
privateinherited |
Definition at line 201 of file PeerConnector.h.
◆ noteFwdPconnUse
|
inherited |
Definition at line 62 of file PeerConnector.h.
Referenced by FwdState::secureConnectionToPeer().
◆ request
|
protectedinherited |
Definition at line 165 of file PeerConnector.h.
Referenced by Security::BlindPeerConnector::BlindPeerConnector(), and PeekingPeerConnector().
◆ serverCertificateHandled
|
private |
Definition at line 72 of file PeekingPeerConnector.h.
◆ serverConn
|
protectedinherited |
Definition at line 166 of file PeerConnector.h.
Referenced by Security::PeerConnector::PeerConnector(), and Security::PeerConnector::serverConnection().
◆ splice
|
private |
Definition at line 71 of file PeekingPeerConnector.h.
◆ started_
|
protectedinherited |
Definition at line 83 of file AsyncJob.h.
Referenced by AsyncJob::~AsyncJob(), AsyncJob::callEnd(), and AsyncJob::Start().
◆ startTime
|
privateinherited |
Definition at line 202 of file PeerConnector.h.
◆ stopReason
|
protectedinherited |
Definition at line 79 of file AsyncJob.h.
Referenced by AsyncJob::deleteThis(), AsyncJob::done(), AsyncJob::mustStop(), AsyncJob::status(), and HappyConnOpener::status().
◆ suspendedError_
|
privateinherited |
Definition at line 214 of file PeerConnector.h.
Referenced by Security::PeerConnector::isSuspended().
◆ swanSang_
|
protectedinherited |
Definition at line 84 of file AsyncJob.h.
Referenced by AsyncJob::~AsyncJob(), and AsyncJob::callEnd().
◆ typeName
|
protectedinherited |
Definition at line 80 of file AsyncJob.h.
Referenced by AsyncJob::AsyncJob(), Adaptation::Icap::Xaction::Xaction(), AsyncJob::~AsyncJob(), AsyncJob::callEnd(), AsyncJob::callStart(), AsyncJob::deleteThis(), and AsyncJob::mustStop().
◆ urlsOfMissingCerts
|
privateinherited |
Definition at line 205 of file PeerConnector.h.
◆ useCertValidator_
|
privateinherited |
whether the certificate validator should bypassed
Definition at line 203 of file PeerConnector.h.
Referenced by Security::PeerConnector::bypassCertValidator().
The documentation for this class was generated from the following files:
- src/ssl/PeekingPeerConnector.h
- src/ssl/PeekingPeerConnector.cc