These functions must not depend on Squid runtime code such as debug() because they are used by security_file_certgen helper. More...

Classes
class	Ssl::CertificateProperties

Enumerations
enum	Ssl::CertSignAlgorithm { Ssl::algSignTrusted = 0, Ssl::algSignUntrusted, Ssl::algSignSelf, Ssl::algSignEnd }

enum	Ssl::CertAdaptAlgorithm { Ssl::algSetValidAfter = 0, Ssl::algSetValidBefore, Ssl::algSetCommonName, Ssl::algSetEnd }

Functions
EVP_PKEY *	Ssl::createSslPrivateKey ()

bool	Ssl::writeCertAndPrivateKeyToMemory (Security::CertPointer const &cert, Security::PrivateKeyPointer const &pkey, std::string &bufferToWrite)

bool	Ssl::appendCertToMemory (Security::CertPointer const &cert, std::string &bufferToWrite)

bool	Ssl::readCertAndPrivateKeyFromMemory (Security::CertPointer &cert, Security::PrivateKeyPointer &pkey, char const *bufferToRead)

bool	Ssl::readCertFromMemory (Security::CertPointer &cert, char const *bufferToRead)

void	Ssl::ReadPrivateKeyFromFile (char const keyFilename, Security::PrivateKeyPointer &pkey, pem_password_cb passwd_callback)

bool	Ssl::OpenCertsFileForReading (BIO_Pointer &bio, const char *filename)

bool	Ssl::ReadX509Certificate (BIO_Pointer &bio, Security::CertPointer &cert)

bool	Ssl::ReadPrivateKey (BIO_Pointer &bio, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback)

bool	Ssl::OpenCertsFileForWriting (BIO_Pointer &bio, const char *filename)

bool	Ssl::WriteX509Certificate (BIO_Pointer &bio, const Security::CertPointer &cert)

bool	Ssl::WritePrivateKey (BIO_Pointer &bio, const Security::PrivateKeyPointer &pkey)

const char *	Ssl::certSignAlgorithm (int sg)

CertSignAlgorithm	Ssl::certSignAlgorithmId (const char *sg)

const char *	Ssl::sslCertAdaptAlgoritm (int alg)

std::string &	Ssl::OnDiskCertificateDbKey (const CertificateProperties &)

bool	Ssl::generateSslCertificate (Security::CertPointer &cert, Security::PrivateKeyPointer &pkey, CertificateProperties const &properties)

bool	Ssl::sslDateIsInTheFuture (char const *date)

bool	Ssl::certificateMatchesProperties (X509 *peer_cert, CertificateProperties const &properties)

Variables
const char *	Ssl::CertSignAlgorithmStr []

const char *	Ssl::CertAdaptAlgorithmStr []

Detailed Description

Enumeration Type Documentation

◆ CertAdaptAlgorithm

enum Ssl::CertAdaptAlgorithm

Supported certificate adaptation algorithms

Enumerator
algSetValidAfter
algSetValidBefore
algSetCommonName
algSetEnd

Definition at line 188 of file gadgets.h.

◆ CertSignAlgorithm

enum Ssl::CertSignAlgorithm

Supported certificate signing algorithms

Enumerator
algSignTrusted
algSignUntrusted
algSignSelf
algSignEnd

Definition at line 150 of file gadgets.h.

Function Documentation

◆ appendCertToMemory()

bool Ssl::appendCertToMemory	(	Security::CertPointer const &	cert,
		std::string &	bufferToWrite
	)

Append SSL certificate to bufferToWrite.

Definition at line 92 of file gadgets.cc.

References Security::LockingPointer< T, UnLocker, Locker >::get(), len, and NULL.

Referenced by Ssl::CrtdMessage::composeRequest().

◆ certificateMatchesProperties()

bool Ssl::certificateMatchesProperties	(	X509 *	peer_cert,
		CertificateProperties const &	properties
	)

Check if the major fields of a certificates matches the properties given by a CertficateProperties object

Returns: true if the certificates matches false otherwise.

Definition at line 812 of file gadgets.cc.

References Ssl::algSignSelf, asn1time_cmp(), assert, Ssl::CommonHostName(), Ssl::CertificateProperties::commonName, Security::LockingPointer< T, UnLocker, Locker >::get(), match(), Ssl::CertificateProperties::mimicCert, NULL, Ssl::CertificateProperties::setCommonName, Ssl::CertificateProperties::setValidAfter, Ssl::CertificateProperties::setValidBefore, Ssl::CertificateProperties::signAlgorithm, Ssl::CertificateProperties::signWithX509, STACK_OF(), X509_getm_notAfter, and X509_getm_notBefore.

◆ certSignAlgorithm()

const char* Ssl::certSignAlgorithm ( int sg )

inline

Return the short name of the signing algorithm "sg"

Definition at line 163 of file gadgets.h.

References Ssl::algSignEnd, Ssl::CertSignAlgorithmStr, and NULL.

Referenced by Ssl::CrtdMessage::composeRequest(), dump_sslproxy_cert_sign(), Ssl::InRamCertificateDbKey(), and Ssl::OnDiskCertificateDbKey().

◆ certSignAlgorithmId()

CertSignAlgorithm Ssl::certSignAlgorithmId ( const char * sg )

inline

Return the id of the signing algorithm "sg"

Definition at line 175 of file gadgets.h.

References Ssl::algSignEnd, Ssl::CertSignAlgorithmStr, and NULL.

Referenced by Ssl::CrtdMessage::parseRequest().

◆ createSslPrivateKey()

EVP_PKEY * Ssl::createSslPrivateKey ( )

Create 1024 bits rsa key.

Definition at line 12 of file gadgets.cc.

References NULL.

Referenced by generateFakeSslCertificate().

◆ generateSslCertificate()

bool Ssl::generateSslCertificate	(	Security::CertPointer &	cert,
		Security::PrivateKeyPointer &	pkey,
		Ssl::CertificateProperties const &	properties
	)

Decide on the kind of certificate and generate a CA- or self-signed one. The generated certificate will inherite properties from certToMimic Return generated certificate and private key in resultX509 and resultPkey variables.

Definition at line 675 of file gadgets.cc.

References createSerial(), and generateFakeSslCertificate().

Referenced by Ssl::configureSSL(), Ssl::GenerateSslContext(), Ssl::generateUntrustedCert(), and processNewRequest().

◆ OnDiskCertificateDbKey()

std::string & Ssl::OnDiskCertificateDbKey ( const CertificateProperties & properties )

Returns: certificate database key

Definition at line 232 of file gadgets.cc.

References Ssl::algSignEnd, Ssl::certSignAlgorithm(), Ssl::CertificateProperties::commonName, Security::LockingPointer< T, UnLocker, Locker >::get(), Ssl::CertificateProperties::mimicCert, NULL, printX509Signature(), Ssl::CertificateProperties::setCommonName, Ssl::CertificateProperties::setValidAfter, Ssl::CertificateProperties::setValidBefore, Ssl::CertificateProperties::signAlgorithm, and Ssl::CertificateProperties::signHash.

Referenced by processNewRequest().

◆ OpenCertsFileForReading()

bool Ssl::OpenCertsFileForReading	(	Ssl::BIO_Pointer &	bio,
		const char *	filename
	)

Initialize the bio with the file 'filename' opened for reading

Definition at line 686 of file gadgets.cc.

Referenced by Ssl::CertificateDb::ReadEntry(), and Ssl::ReadPrivateKeyFromFile().

◆ OpenCertsFileForWriting()

bool Ssl::OpenCertsFileForWriting	(	Ssl::BIO_Pointer &	bio,
		const char *	filename
	)

Initialize the bio with the file 'filename' opened for writing

Definition at line 730 of file gadgets.cc.

Referenced by Ssl::CertificateDb::WriteEntry().

◆ readCertAndPrivateKeyFromMemory()

bool Ssl::readCertAndPrivateKeyFromMemory	(	Security::CertPointer &	cert,
		Security::PrivateKeyPointer &	pkey,
		char const *	bufferToRead
	)

Write private key and SSL certificate to memory.

Definition at line 116 of file gadgets.cc.

References NULL, and Security::LockingPointer< T, UnLocker, Locker >::resetWithoutLocking().

Referenced by Ssl::configureSSLUsingPkeyAndCertFromMemory(), Ssl::GenerateSslContextUsingPkeyAndCertFromMemory(), and Ssl::CrtdMessage::parseRequest().

◆ readCertFromMemory()

bool Ssl::readCertFromMemory	(	Security::CertPointer &	cert,
		char const *	bufferToRead
	)

Read SSL certificate from memory.

Definition at line 134 of file gadgets.cc.

References NULL, and Security::LockingPointer< T, UnLocker, Locker >::resetWithoutLocking().

Referenced by Ssl::CrtdMessage::parseRequest(), and Ssl::CertValidationMsg::parseResponse().

◆ ReadPrivateKey()

bool Ssl::ReadPrivateKey	(	Ssl::BIO_Pointer &	bio,
		Security::PrivateKeyPointer &	pkey,
		pem_password_cb *	passwd_callback
	)

Read a private key from bio

Definition at line 708 of file gadgets.cc.

References assert, and NULL.

Referenced by Ssl::CertificateDb::ReadEntry(), and Ssl::ReadPrivateKeyFromFile().

◆ ReadPrivateKeyFromFile()

void Ssl::ReadPrivateKeyFromFile	(	char const *	keyFilename,
		Security::PrivateKeyPointer &	pkey,
		pem_password_cb *	passwd_callback
	)

Read private key from file.

Definition at line 719 of file gadgets.cc.

References Ssl::OpenCertsFileForReading(), and Ssl::ReadPrivateKey().

Referenced by Security::KeyData::loadX509PrivateKeyFromFile().

◆ ReadX509Certificate()

bool Ssl::ReadX509Certificate	(	Ssl::BIO_Pointer &	bio,
		Security::CertPointer &	cert
	)

Read a certificate from bio

Definition at line 697 of file gadgets.cc.

References assert, NULL, and Security::LockingPointer< T, UnLocker, Locker >::resetWithoutLocking().

Referenced by Ssl::CertificateDb::ReadEntry().

◆ sslCertAdaptAlgoritm()

const char* Ssl::sslCertAdaptAlgoritm ( int alg )

inline

Return the short name of the adaptation algorithm "alg"

Definition at line 200 of file gadgets.h.

References Ssl::algSetEnd, Ssl::CertAdaptAlgorithmStr, and NULL.

Referenced by dump_sslproxy_cert_adapt().

◆ sslDateIsInTheFuture()

bool Ssl::sslDateIsInTheFuture ( char const * date )

Verify date. Date format it ASN1_UTCTIME. if there is out of date error, return false.

Definition at line 760 of file gadgets.cc.

Referenced by Ssl::CertificateDb::deleteInvalidCertificate(), and Ssl::CertificateDb::pure_find().

◆ writeCertAndPrivateKeyToMemory()

bool Ssl::writeCertAndPrivateKeyToMemory	(	Security::CertPointer const &	cert,
		Security::PrivateKeyPointer const &	pkey,
		std::string &	bufferToWrite
	)

Write private key and SSL certificate to memory.

Definition at line 68 of file gadgets.cc.

References Security::LockingPointer< T, UnLocker, Locker >::get(), len, and NULL.

Referenced by Ssl::CrtdMessage::composeRequest(), and processNewRequest().

◆ WritePrivateKey()

bool Ssl::WritePrivateKey	(	Ssl::BIO_Pointer &	bio,
		const Security::PrivateKeyPointer &	pkey
	)

Write private key to BIO.

Definition at line 751 of file gadgets.cc.

References NULL.

Referenced by Ssl::CertificateDb::WriteEntry().

◆ WriteX509Certificate()

bool Ssl::WriteX509Certificate	(	Ssl::BIO_Pointer &	bio,
		const Security::CertPointer &	cert
	)

Write certificate to BIO.

Definition at line 741 of file gadgets.cc.

References Security::LockingPointer< T, UnLocker, Locker >::get().

Referenced by Ssl::CertificateDb::WriteEntry().

Variable Documentation

◆ CertAdaptAlgorithmStr

const char * Ssl::CertAdaptAlgorithmStr

Initial value:

= {
    "setValidAfter",
    "setValidBefore",
    "setCommonName",
    NULL
}

Short names for certificate adaptation algorithms

Definition at line 202 of file gadgets.cc.

Referenced by ConnStateData::buildSslCertGenerationParams(), parse_sslproxy_cert_adapt(), and Ssl::sslCertAdaptAlgoritm().

◆ CertSignAlgorithmStr

const char * Ssl::CertSignAlgorithmStr

Initial value:

= {
    "signTrusted",
    "signUntrusted",
    "signSelf",
    NULL
}

Short names for certificate signing algorithms

Definition at line 195 of file gadgets.cc.

Referenced by Ssl::certSignAlgorithm(), Ssl::certSignAlgorithmId(), and parse_sslproxy_cert_sign().

squid-cache.org

Optimising Web Delivery

Classes

Enumerations

Functions

Variables

Detailed Description

Enumeration Type Documentation

◆ CertAdaptAlgorithm

◆ CertSignAlgorithm

Function Documentation

◆ appendCertToMemory()

◆ certificateMatchesProperties()

◆ certSignAlgorithm()

◆ certSignAlgorithmId()

◆ createSslPrivateKey()

◆ generateSslCertificate()

◆ OnDiskCertificateDbKey()

◆ OpenCertsFileForReading()

◆ OpenCertsFileForWriting()

◆ readCertAndPrivateKeyFromMemory()

◆ readCertFromMemory()

◆ ReadPrivateKey()

◆ ReadPrivateKeyFromFile()

◆ ReadX509Certificate()

◆ sslCertAdaptAlgoritm()

◆ sslDateIsInTheFuture()

◆ writeCertAndPrivateKeyToMemory()

◆ WritePrivateKey()

◆ WriteX509Certificate()

Variable Documentation

◆ CertAdaptAlgorithmStr

◆ CertSignAlgorithmStr

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors