#include <bio.h>
Public Member Functions | |
| ServerBio (const int anFd) | |
| virtual void | stateChanged (const SSL *ssl, int where, int ret) |
| The ServerBio version of the Ssl::Bio::stateChanged method. More... | |
| virtual int | write (const char *buf, int size, BIO *table) |
| virtual int | read (char *buf, int size, BIO *table) |
| virtual void | flush (BIO *table) |
| void | setClientFeatures (Security::TlsDetails::Pointer const &details, SBuf const &hello) |
| Sets the random number to use in client SSL HELLO message. More... | |
| bool | resumingSession () |
| bool | holdWrite () const |
| The write hold state. More... | |
| void | holdWrite (bool h) |
| Enables or disables the write hold state. More... | |
| bool | holdRead () const |
| The read hold state. More... | |
| void | holdRead (bool h) |
| Enables or disables the read hold state. More... | |
| void | recordInput (bool r) |
| Enables or disables the input data recording, for internal analysis. More... | |
| bool | canSplice () |
| Whether we can splice or not the SSL stream. More... | |
| bool | canBump () |
| Whether we can bump or not the SSL stream. More... | |
| void | mode (Ssl::BumpMode m) |
| The bumping mode. More... | |
| Ssl::BumpMode | bumpMode () |
| return the bumping mode More... | |
| bool | gotHello () const |
| bool | gotHelloFailed () const |
| Return true if the Server Hello parsing failed. More... | |
| const Security::CertList & | serverCertificatesIfAny () |
| const Security::TlsDetails::Pointer & | receivedHelloDetails () const |
| int | fd () const |
| The SSL socket descriptor. More... | |
| const SBuf & | rBufData () |
| The buffered input data. More... | |
Static Public Member Functions | |
| static BIO * | Create (const int fd, Security::Io::Type type) |
| static void | Link (SSL *ssl, BIO *bio) |
| Tells ssl connection to use BIO and monitor state via stateChanged() More... | |
Protected Attributes | |
| const int | fd_ |
| the SSL socket we are reading and writing More... | |
| SBuf | rbuf |
| Used to buffer input data. More... | |
Private Member Functions | |
| int | readAndGive (char *buf, const int size, BIO *table) |
| Read and give everything to OpenSSL. More... | |
| int | readAndParse (char *buf, const int size, BIO *table) |
| int | readAndBuffer (BIO *table) |
| int | giveBuffered (char *buf, const int size) |
Private Attributes | |
| Security::TlsDetails::Pointer | clientTlsDetails |
| SSL client features extracted from ClientHello message or SSL object. More... | |
| SBuf | clientSentHello |
| TLS client hello message, used to adapt our tls Hello message to the server. More... | |
| SBuf | helloMsg |
| Used to buffer output data. More... | |
| mb_size_t | helloMsgSize |
| bool | helloBuild |
| True if the client hello message sent to the server. More... | |
| bool | allowSplice |
| True if the SSL stream can be spliced. More... | |
| bool | allowBump |
| True if the SSL stream can be bumped. More... | |
| bool | holdWrite_ |
| The write hold state of the bio. More... | |
| bool | holdRead_ |
| The read hold state of the bio. More... | |
| bool | record_ |
| If true the input data recorded to rbuf for internal use. More... | |
| bool | parsedHandshake |
| whether we are done parsing TLS Hello More... | |
| bool | parseError |
| error while parsing server hello message More... | |
| Ssl::BumpMode | bumpMode_ |
| size_t | rbufConsumePos |
| The size of data stored in rbuf which passed to the openSSL. More... | |
| Security::HandshakeParser | parser_ |
| The TLS/SSL messages parser. More... | |
Detailed Description
BIO node to handle socket IO for squid server side If bumping is enabled, analyses the SSL hello message sent by squid OpenSSL subsystem (step3 bumping step) against bumping mode:
- Peek mode: Send client hello message instead of the openSSL generated hello message and normaly denies bumping and allow only splice or terminate the SSL connection
- Stare mode: Sends the openSSL generated hello message and normaly denies splicing and allow bump or terminate the SSL connection If SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK is enabled also checks if the openSSL library features are compatible with the features reported in web client SSL hello message and if it is, overwrites the openSSL SSL object members to replace hello message with web client hello message. This is may allow bumping in peek mode and splicing in stare mode after the server hello message received.
Constructor & Destructor Documentation
◆ ServerBio()
Member Function Documentation
◆ bumpMode()
|
inline |
◆ canBump()
◆ canSplice()
◆ Create()
|
staticinherited |
Creates a low-level BIO table, creates a high-level Ssl::Bio object for a given socket, and then links the two together via BIO_C_SET_FD.
Definition at line 62 of file bio.cc.
References NULL, squid_bio_create(), squid_bio_ctrl(), squid_bio_destroy(), squid_bio_puts(), squid_bio_read(), squid_bio_write(), and SquidMethods.
Referenced by CreateSession(), and Ssl::Bio::fd().
◆ fd()
|
inlineinherited |
Definition at line 49 of file bio.h.
References Ssl::Bio::Create(), Ssl::Bio::fd_, Ssl::Bio::Link(), Ssl::Bio::stateChanged(), and type.
Referenced by squid_bio_ctrl().
◆ flush()
|
virtual |
The ServerBio version of the Ssl::Bio::flush method. Flushes any buffered data
Reimplemented from Ssl::Bio.
Definition at line 543 of file bio.cc.
References SBuf::consume(), helloMsg, SBuf::isEmpty(), SBuf::length(), SBuf::rawContent(), and Ssl::Bio::write().
◆ giveBuffered()
give previously buffered bytes to OpenSSL returns the number of bytes given
Definition at line 347 of file bio.cc.
References debugs, SBuf::length(), SBuf::rawContent(), Ssl::Bio::rbuf, rbufConsumePos, and size.
Referenced by readAndGive(), and readAndParse().
◆ gotHello()
|
inline |
◆ gotHelloFailed()
◆ holdRead() [1/2]
|
inline |
Definition at line 151 of file bio.h.
Referenced by Security::PeerConnector::noteWantRead().
◆ holdRead() [2/2]
◆ holdWrite() [1/2]
◆ holdWrite() [2/2]
◆ Link()
|
staticinherited |
Definition at line 88 of file bio.cc.
References squid_ssl_info().
Referenced by CreateSession(), and Ssl::Bio::fd().
◆ mode()
|
inline |
◆ rBufData()
|
inlineinherited |
Definition at line 61 of file bio.h.
References Ssl::Bio::rbuf.
Referenced by Ssl::PeekingPeerConnector::initialize(), and switchToTunnel().
◆ read()
The ServerBio version of the Ssl::Bio::read method If the record flag is set then append the data to the rbuf member
Reimplemented from Ssl::Bio.
Definition at line 271 of file bio.cc.
References parsedHandshake, readAndGive(), and readAndParse().
◆ readAndBuffer()
|
private |
Reads more data into the read buffer. Returns either the number of bytes read or, on errors (including "try again" errors), a negative number.
Definition at line 333 of file bio.cc.
References SBuf::rawAppendFinish(), SBuf::rawAppendStart(), Ssl::Bio::rbuf, and Ssl::Bio::read().
Referenced by readAndGive(), and readAndParse().
◆ readAndGive()
Definition at line 281 of file bio.cc.
References giveBuffered(), SBuf::length(), Ssl::Bio::rbuf, rbufConsumePos, Ssl::Bio::read(), readAndBuffer(), and record_.
Referenced by read().
◆ readAndParse()
Read and give everything to our parser. When/if parsing is finished (successfully or not), start giving to OpenSSL.
Definition at line 301 of file bio.cc.
References debugs, Ssl::Bio::fd_, giveBuffered(), holdRead_, parsedHandshake, parseError, Security::HandshakeParser::parseHello(), parser_, Ssl::Bio::rbuf, and readAndBuffer().
Referenced by read().
◆ receivedHelloDetails()
|
inline |
◆ recordInput()
◆ resumingSession()
| bool Ssl::ServerBio::resumingSession | ( | ) |
Definition at line 552 of file bio.cc.
References parser_, and Security::HandshakeParser::resumingSession.
◆ serverCertificatesIfAny()
|
inline |
- Returns
- the server certificates list if received and parsed correctly
Definition at line 171 of file bio.h.
Referenced by Security::PeerConnector::checkForMissingCertificates().
◆ setClientFeatures()
| void Ssl::ServerBio::setClientFeatures | ( | Security::TlsDetails::Pointer const & | details, |
| SBuf const & | hello | ||
| ) |
Definition at line 264 of file bio.cc.
References clientSentHello, and clientTlsDetails.
◆ stateChanged()
Reimplemented from Ssl::Bio.
Definition at line 258 of file bio.cc.
References Ssl::Bio::stateChanged().
◆ write()
The ServerBio version of the Ssl::Bio::write method If a clientRandom number is set then rewrites the raw hello message "client random" field with the provided random number. It may buffer the output packets.
Reimplemented from Ssl::Bio.
Definition at line 467 of file bio.cc.
References adjustSSL(), allowBump, allowSplice, SBuf::append(), assert, bumpMode_, Ssl::bumpPeek, Ssl::bumpStare, clientSentHello, clientTlsDetails, SBuf::consume(), debugs, Ssl::Bio::fd_, fd_table, helloBuild, helloMsg, helloMsgSize, holdWrite_, SBuf::isEmpty(), SBuf::length(), Must, SBuf::rawContent(), size, and Ssl::Bio::write().
Member Data Documentation
◆ allowBump
◆ allowSplice
|
private |
◆ bumpMode_
|
private |
◆ clientSentHello
|
private |
Definition at line 185 of file bio.h.
Referenced by setClientFeatures(), and write().
◆ clientTlsDetails
|
private |
Definition at line 183 of file bio.h.
Referenced by setClientFeatures(), and write().
◆ fd_
|
protectedinherited |
Definition at line 63 of file bio.h.
Referenced by Ssl::Bio::Bio(), Ssl::Bio::fd(), Ssl::Bio::read(), Ssl::ClientBio::read(), readAndParse(), Ssl::Bio::stateChanged(), Ssl::ClientBio::stateChanged(), Ssl::Bio::write(), Ssl::ClientBio::write(), write(), and Ssl::Bio::~Bio().
◆ helloBuild
|
private |
◆ helloMsg
|
private |
◆ helloMsgSize
|
private |
◆ holdRead_
|
private |
Definition at line 192 of file bio.h.
Referenced by readAndParse().
◆ holdWrite_
|
private |
◆ parsedHandshake
|
private |
Definition at line 194 of file bio.h.
Referenced by read(), and readAndParse().
◆ parseError
|
private |
Definition at line 195 of file bio.h.
Referenced by readAndParse().
◆ parser_
|
private |
Definition at line 200 of file bio.h.
Referenced by readAndParse(), and resumingSession().
◆ rbuf
|
protectedinherited |
Definition at line 64 of file bio.h.
Referenced by giveBuffered(), Ssl::Bio::rBufData(), Ssl::ClientBio::read(), readAndBuffer(), readAndGive(), readAndParse(), and Ssl::ClientBio::setReadBufData().
◆ rbufConsumePos
|
private |
Definition at line 199 of file bio.h.
Referenced by giveBuffered(), and readAndGive().
◆ record_
|
private |
Definition at line 193 of file bio.h.
Referenced by readAndGive().
The documentation for this class was generated from the following files: