#include <bio.h>

Inheritance diagram for Ssl::ServerBio:
Collaboration diagram for Ssl::ServerBio:

Public Member Functions

 ServerBio (const int anFd)
virtual void stateChanged (const SSL *ssl, int where, int ret)
 The ServerBio version of the Ssl::Bio::stateChanged method. More...
virtual int write (const char *buf, int size, BIO *table)
virtual int read (char *buf, int size, BIO *table)
virtual void flush (BIO *table)
void setClientFeatures (Security::TlsDetails::Pointer const &details, SBuf const &hello)
 Sets the random number to use in client SSL HELLO message. More...
bool resumingSession ()
bool encryptedCertificates () const
bool holdWrite () const
 The write hold state. More...
void holdWrite (bool h)
 Enables or disables the write hold state. More...
bool holdRead () const
 The read hold state. More...
void holdRead (bool h)
 Enables or disables the read hold state. More...
void recordInput (bool r)
 Enables or disables the input data recording, for internal analysis. More...
bool canSplice ()
 Whether we can splice or not the SSL stream. More...
bool canBump ()
 Whether we can bump or not the SSL stream. More...
void mode (Ssl::BumpMode m)
 The bumping mode. More...
Ssl::BumpMode bumpMode ()
 return the bumping mode More...
bool gotHello () const
bool gotHelloFailed () const
 Return true if the Server Hello parsing failed. More...
const Security::CertListserverCertificatesIfAny ()
const Security::TlsDetails::PointerreceivedHelloDetails () const
int fd () const
 The SSL socket descriptor. More...
const SBufrBufData ()
 The buffered input data. More...

Static Public Member Functions

static BIO * Create (const int fd, Security::Io::Type type)
static void Link (SSL *ssl, BIO *bio)
 Tells ssl connection to use BIO and monitor state via stateChanged() More...

Protected Attributes

const int fd_
 the SSL socket we are reading and writing More...
SBuf rbuf
 Used to buffer input data. More...

Private Member Functions

int readAndGive (char *buf, const int size, BIO *table)
 Read and give everything to OpenSSL. More...
int readAndParse (char *buf, const int size, BIO *table)
int readAndBuffer (BIO *table)
int giveBuffered (char *buf, const int size)

Private Attributes

Security::TlsDetails::Pointer clientTlsDetails
 SSL client features extracted from ClientHello message or SSL object. More...
SBuf clientSentHello
 TLS client hello message, used to adapt our tls Hello message to the server. More...
SBuf helloMsg
 Used to buffer output data. More...
mb_size_t helloMsgSize
bool helloBuild
 True if the client hello message sent to the server. More...
bool allowSplice
 True if the SSL stream can be spliced. More...
bool allowBump
 True if the SSL stream can be bumped. More...
bool holdWrite_
 The write hold state of the bio. More...
bool holdRead_
 The read hold state of the bio. More...
bool record_
 If true the input data recorded to rbuf for internal use. More...
bool parsedHandshake
 whether we are done parsing TLS Hello More...
bool parseError
 error while parsing server hello message More...
Ssl::BumpMode bumpMode_
size_t rbufConsumePos
 The size of data stored in rbuf which passed to the openSSL. More...
Security::HandshakeParser parser_
 The TLS/SSL messages parser. More...

Detailed Description

BIO node to handle socket IO for squid server side If bumping is enabled, analyses the SSL hello message sent by squid OpenSSL subsystem (step3 bumping step) against bumping mode:

  • Peek mode: Send client hello message instead of the openSSL generated hello message and normally denies bumping and allow only splice or terminate the SSL connection
  • Stare mode: Sends the openSSL generated hello message and normally denies splicing and allow bump or terminate the SSL connection If SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK is enabled also checks if the openSSL library features are compatible with the features reported in web client SSL hello message and if it is, overwrites the openSSL SSL object members to replace hello message with web client hello message. This is may allow bumping in peek mode and splicing in stare mode after the server hello message received.

Definition at line 123 of file bio.h.

Constructor & Destructor Documentation

◆ ServerBio()

Ssl::ServerBio::ServerBio ( const int  anFd)

Definition at line 241 of file bio.cc.

Member Function Documentation

◆ bumpMode()

Ssl::BumpMode Ssl::ServerBio::bumpMode ( )

◆ canBump()

bool Ssl::ServerBio::canBump ( )

Definition at line 163 of file bio.h.

References allowBump.

Referenced by Ssl::PeekingPeerConnector::checkForPeekAndSplice().

◆ canSplice()

bool Ssl::ServerBio::canSplice ( )

Definition at line 161 of file bio.h.

References allowSplice.

Referenced by Ssl::PeekingPeerConnector::checkForPeekAndSplice().

◆ Create()

BIO * Ssl::Bio::Create ( const int  fd,
Security::Io::Type  type 

Creates a low-level BIO table, creates a high-level Ssl::Bio object for a given socket, and then links the two together via BIO_C_SET_FD.

Definition at line 62 of file bio.cc.

References Ssl::Bio::fd(), NULL, squid_bio_create(), squid_bio_ctrl(), squid_bio_destroy(), squid_bio_puts(), squid_bio_read(), squid_bio_write(), SquidMethods, and type.

Referenced by CreateSession().

◆ encryptedCertificates()

bool Ssl::ServerBio::encryptedCertificates ( ) const

whether the server encrypts its certificate (e.g., TLS v1.3)

Return values
falsethe server uses plain certs or its intent is unknown

Definition at line 559 of file bio.cc.

References Security::Tls1p3orLater().

Referenced by Ssl::PeekingPeerConnector::noteNegotiationError().

◆ fd()

int Ssl::Bio::fd ( ) const

◆ flush()

void Ssl::ServerBio::flush ( BIO *  table)

The ServerBio version of the Ssl::Bio::flush method. Flushes any buffered data

Reimplemented from Ssl::Bio.

Definition at line 544 of file bio.cc.

References Ssl::Bio::write().

◆ giveBuffered()

int Ssl::ServerBio::giveBuffered ( char *  buf,
const int  size 

give previously buffered bytes to OpenSSL returns the number of bytes given

Definition at line 348 of file bio.cc.

References buf, debugs, and size.

◆ gotHello()

bool Ssl::ServerBio::gotHello ( ) const
Return values
trueif the Server hello message received

Definition at line 169 of file bio.h.

References parsedHandshake, and parseError.

Referenced by Security::PeerConnector::noteWantRead().

◆ gotHelloFailed()

bool Ssl::ServerBio::gotHelloFailed ( ) const

Definition at line 172 of file bio.h.

References parsedHandshake, and parseError.

Referenced by Security::PeerConnector::noteWantRead().

◆ holdRead() [1/2]

bool Ssl::ServerBio::holdRead ( ) const

◆ holdRead() [2/2]

void Ssl::ServerBio::holdRead ( bool  h)

Definition at line 157 of file bio.h.

References holdRead_.

◆ holdWrite() [1/2]

bool Ssl::ServerBio::holdWrite ( ) const

◆ holdWrite() [2/2]

void Ssl::ServerBio::holdWrite ( bool  h)

Definition at line 153 of file bio.h.

References holdWrite_.

◆ Link()

void Ssl::Bio::Link ( SSL *  ssl,
BIO *  bio 

Definition at line 88 of file bio.cc.

References squid_ssl_info().

Referenced by CreateSession().

◆ mode()

void Ssl::ServerBio::mode ( Ssl::BumpMode  m)

Definition at line 165 of file bio.h.

References bumpMode_.

Referenced by Ssl::PeekingPeerConnector::initialize().

◆ rBufData()

const SBuf& Ssl::Bio::rBufData ( )

Definition at line 61 of file bio.h.

References Ssl::Bio::rbuf.

Referenced by Ssl::PeekingPeerConnector::initialize().

◆ read()

int Ssl::ServerBio::read ( char *  buf,
int  size,
BIO *  table 

The ServerBio version of the Ssl::Bio::read method If the record flag is set then append the data to the rbuf member

Reimplemented from Ssl::Bio.

Definition at line 272 of file bio.cc.

References buf, and size.

◆ readAndBuffer()

int Ssl::ServerBio::readAndBuffer ( BIO *  table)

Reads more data into the read buffer. Returns either the number of bytes read or, on errors (including "try again" errors), a negative number.

Definition at line 334 of file bio.cc.

References Ssl::Bio::read().

◆ readAndGive()

int Ssl::ServerBio::readAndGive ( char *  buf,
const int  size,
BIO *  table 

Definition at line 282 of file bio.cc.

References buf, Ssl::Bio::read(), and size.

◆ readAndParse()

int Ssl::ServerBio::readAndParse ( char *  buf,
const int  size,
BIO *  table 

Read and give everything to our parser. When/if parsing is finished (successfully or not), start giving to OpenSSL.

Definition at line 302 of file bio.cc.

References buf, debugs, and size.

◆ receivedHelloDetails()

const Security::TlsDetails::Pointer& Ssl::ServerBio::receivedHelloDetails ( ) const
the TLS Details advertised by TLS server.

Definition at line 178 of file bio.h.

References Security::HandshakeParser::details, and parser_.

Referenced by Security::PeerConnector::recordNegotiationDetails().

◆ recordInput()

void Ssl::ServerBio::recordInput ( bool  r)

◆ resumingSession()

bool Ssl::ServerBio::resumingSession ( )

Definition at line 553 of file bio.cc.

Referenced by Ssl::PeekingPeerConnector::noteNegotiationError().

◆ serverCertificatesIfAny()

const Security::CertList& Ssl::ServerBio::serverCertificatesIfAny ( )
the server certificates list if received and parsed correctly

Definition at line 175 of file bio.h.

References parser_, and Security::HandshakeParser::serverCertificates.

Referenced by Security::PeerConnector::certDownloadingDone(), and Security::PeerConnector::checkForMissingCertificates().

◆ setClientFeatures()

void Ssl::ServerBio::setClientFeatures ( Security::TlsDetails::Pointer const &  details,
SBuf const &  hello 

Definition at line 265 of file bio.cc.

Referenced by Ssl::PeekingPeerConnector::initialize().

◆ stateChanged()

void Ssl::ServerBio::stateChanged ( const SSL *  ssl,
int  where,
int  ret 

Reimplemented from Ssl::Bio.

Definition at line 259 of file bio.cc.

References Ssl::Bio::stateChanged().

◆ write()

int Ssl::ServerBio::write ( const char *  buf,
int  size,
BIO *  table 

The ServerBio version of the Ssl::Bio::write method If a clientRandom number is set then rewrites the raw hello message "client random" field with the provided random number. It may buffer the output packets.

Reimplemented from Ssl::Bio.

Definition at line 468 of file bio.cc.

References adjustSSL(), assert, buf, Ssl::bumpPeek, Ssl::bumpStare, debugs, fd_table, Must, size, and Ssl::Bio::write().

Member Data Documentation

◆ allowBump

bool Ssl::ServerBio::allowBump

Definition at line 194 of file bio.h.

Referenced by canBump().

◆ allowSplice

bool Ssl::ServerBio::allowSplice

Definition at line 193 of file bio.h.

Referenced by canSplice().

◆ bumpMode_

Ssl::BumpMode Ssl::ServerBio::bumpMode_

Definition at line 200 of file bio.h.

Referenced by bumpMode(), and mode().

◆ clientSentHello

SBuf Ssl::ServerBio::clientSentHello

Definition at line 189 of file bio.h.

◆ clientTlsDetails

Security::TlsDetails::Pointer Ssl::ServerBio::clientTlsDetails

Definition at line 187 of file bio.h.

◆ fd_

const int Ssl::Bio::fd_

Definition at line 63 of file bio.h.

Referenced by Ssl::Bio::Bio(), and Ssl::Bio::fd().

◆ helloBuild

bool Ssl::ServerBio::helloBuild

Definition at line 192 of file bio.h.

◆ helloMsg

SBuf Ssl::ServerBio::helloMsg

Definition at line 190 of file bio.h.

◆ helloMsgSize

mb_size_t Ssl::ServerBio::helloMsgSize

Definition at line 191 of file bio.h.

◆ holdRead_

bool Ssl::ServerBio::holdRead_

Definition at line 196 of file bio.h.

Referenced by holdRead().

◆ holdWrite_

bool Ssl::ServerBio::holdWrite_

Definition at line 195 of file bio.h.

Referenced by holdWrite().

◆ parsedHandshake

bool Ssl::ServerBio::parsedHandshake

Definition at line 198 of file bio.h.

Referenced by gotHello(), and gotHelloFailed().

◆ parseError

bool Ssl::ServerBio::parseError

Definition at line 199 of file bio.h.

Referenced by gotHello(), and gotHelloFailed().

◆ parser_

Security::HandshakeParser Ssl::ServerBio::parser_

Definition at line 204 of file bio.h.

Referenced by receivedHelloDetails(), and serverCertificatesIfAny().

◆ rbuf

SBuf Ssl::Bio::rbuf

Definition at line 64 of file bio.h.

Referenced by Ssl::Bio::rBufData(), and Ssl::ClientBio::setReadBufData().

◆ rbufConsumePos

size_t Ssl::ServerBio::rbufConsumePos

Definition at line 203 of file bio.h.

◆ record_

bool Ssl::ServerBio::record_

Definition at line 197 of file bio.h.

Referenced by recordInput().

The documentation for this class was generated from the following files:






Web Site Translations