Security Namespace Reference

Network/connection security abstraction layer.

Namespaces

 Io
 

Classes

class  Alert
 TLS Alert protocol frame from RFC 5246 Section 7.2. More...
 
class  BlindPeerConnector
 A simple PeerConnector for SSL/TLS cache_peers. No SslBump capabilities. More...
 
class  CertError
 
class  EncryptorAnswer
 
class  Extension
 TLS Hello Extension from RFC 5246 Section 7.4.1.4. More...
 
class  Handshake
 TLS Handshake Protocol frame from RFC 5246 Section 7.4. More...
 
class  HandshakeParser
 Incremental TLS/SSL Handshake parser. More...
 
class  KeyData
 TLS certificate and private key details from squid.conf. More...
 
class  LockingPointer
 
class  NegotiationHistory
 
class  PeerConnector
 
class  PeerOptions
 TLS squid.conf settings for a remote server peer. More...
 
class  ServerOptions
 TLS squid.conf settings for a listening port. More...
 
class  Sslv2Record
 draft-hickman-netscape-ssl-00. Section 4.1. SSL Record Header Format More...
 
class  TlsDetails
 
class  TLSPlaintext
 TLS Record Layer's frame from RFC 5246 Section 6.2.1. More...
 

Typedefs

typedef std::shared_ptr< SSL_CTX > ContextPointer
 
typedef CbDataList< Security::CertErrorCertErrors
 Holds a list of X.509 certificate errors. More...
 
typedef Security::LockingPointer< X509, X509_free_cpp, HardFun< int, X509 *, X509_up_ref > > CertPointer
 
typedef Security::LockingPointer< X509_CRL, X509_CRL_free_cpp, HardFun< int, X509_CRL *, X509_CRL_up_ref > > CrlPointer
 
typedef std::list< Security::CertPointerCertList
 
typedef std::list< Security::CrlPointerCertRevokeList
 
typedef Security::LockingPointer< DH, DH_free_cpp, HardFun< int, DH *, DH_up_ref > > DhePointer
 
typedef int ErrorCode
 Squid defined error code (<0), an error code returned by X.509 API, or SSL_ERROR_NONE. More...
 
typedef std::unordered_set< Security::ErrorCodeErrors
 
typedef long ParsedOptions
 
typedef std::unordered_set< Extension::TypeExtensions
 Extension types optimized for fast lookups. More...
 
typedef HardFun< bool, const void *, nilFunctionNilFunctor
 
typedef std::shared_ptr< SSL > SessionPointer
 
typedef std::unique_ptr< SSL_SESSION, HardFun< void, SSL_SESSION *, &SSL_SESSION_free > > SessionStatePointer
 

Enumerations

enum  ContentType {
  ctChangeCipherSpec = 20,
  ctAlert = 21,
  ctHandshake = 22,
  ctApplicationData = 23
}
 TLS Record Layer's content types from RFC 5246 Section 6.2.1. More...
 
enum  HandshakeType {
  hskClientHello = 1,
  hskServerHello = 2,
  hskCertificate = 11,
  hskServerHelloDone = 14
}
 TLS Handshake protocol's handshake types from RFC 5246 Section 7.4. More...
 

Functions

std::ostream & operator<< (std::ostream &, const Security::EncryptorAnswer &)
 
 CtoCpp1 (X509_free, X509 *)
 
 CtoCpp1 (X509_CRL_free, X509_CRL *)
 
 CtoCpp1 (DH_free, DH *)
 
const char * ErrorString (const ErrorCode code)
 
static Extensions SupportedExtensions ()
 A helper function to create a set of all supported TLS extensions. More...
 
std::ostream & operator<< (std::ostream &os, Security::TlsDetails const &details)
 
bool nilFunction (const void *)
 
bool CreateClientSession (const Security::ContextPointer &, const Comm::ConnectionPointer &, const char *squidCtx)
 
bool CreateServerSession (const Security::ContextPointer &, const Comm::ConnectionPointer &, const char *squidCtx)
 
void SessionSendGoodbye (const Security::SessionPointer &)
 send the shutdown/bye notice for an active TLS session. More...
 
bool SessionIsResumed (const Security::SessionPointer &)
 whether the session is a resumed one More...
 
void MaybeGetSessionResumeData (const Security::SessionPointer &, Security::SessionStatePointer &data)
 
void SetSessionResumeData (const Security::SessionPointer &, const Security::SessionStatePointer &)
 
void SetSessionCacheCallbacks (Security::ContextPointer &)
 Setup the given TLS context with callbacks used to manage the session cache. More...
 
Security::ContextPointer GetFrom (Security::SessionPointer &s)
 Helper function to retrieve a (non-locked) ContextPointer from a SessionPointer. More...
 
Security::SessionPointer NewSessionObject (const Security::ContextPointer &)
 

Variables

static const uint64_t HelloRandomSize = 32
 The size of the TLS Random structure from RFC 5246 Section 7.4.1.2. More...
 
PeerOptions ProxyOutgoingConfig
 configuration options for DIRECT server access More...
 

Typedef Documentation

◆ CertErrors

Definition at line 57 of file forward.h.

◆ CertList

Definition at line 80 of file forward.h.

◆ CertPointer

typedef Security::LockingPointer<X509, X509_free_cpp, HardFun<int, X509 *, X509_up_ref> > Security::CertPointer

Definition at line 63 of file forward.h.

◆ CertRevokeList

Definition at line 82 of file forward.h.

◆ ContextPointer

typedef std::shared_ptr<SSL_CTX> Security::ContextPointer

Definition at line 29 of file Context.h.

◆ CrlPointer

typedef Security::LockingPointer<X509_CRL, X509_CRL_free_cpp, HardFun<int, X509_CRL *, X509_CRL_up_ref> > Security::CrlPointer

Definition at line 72 of file forward.h.

◆ DhePointer

typedef Security::LockingPointer<DH, DH_free_cpp, HardFun<int, DH *, DH_up_ref> > Security::DhePointer

Definition at line 86 of file forward.h.

◆ ErrorCode

Definition at line 91 of file forward.h.

◆ Errors

typedef std::unordered_set<Security::ErrorCode> Security::Errors

set of Squid defined TLS error codes

Note
using std::unordered_set ensures values are unique, with fast lookup

Definition at line 108 of file forward.h.

◆ Extensions

typedef std::unordered_set<Extension::Type> Security::Extensions

Definition at line 104 of file Handshake.cc.

◆ NilFunctor

typedef HardFun<bool, const void *, nilFunction> Security::NilFunctor

Definition at line 41 of file LockingPointer.h.

◆ ParsedOptions

Definition at line 129 of file forward.h.

◆ SessionPointer

typedef std::shared_ptr<SSL> Security::SessionPointer

Definition at line 42 of file Session.h.

◆ SessionStatePointer

typedef std::unique_ptr<SSL_SESSION, HardFun<void, SSL_SESSION*, &SSL_SESSION_free> > Security::SessionStatePointer

Definition at line 44 of file Session.h.

Enumeration Type Documentation

◆ ContentType

Enumerator
ctChangeCipherSpec 
ctAlert 
ctHandshake 
ctApplicationData 

Definition at line 28 of file Handshake.cc.

◆ HandshakeType

Enumerator
hskClientHello 
hskServerHello 
hskCertificate 
hskServerHelloDone 

Definition at line 56 of file Handshake.cc.

Function Documentation

◆ CreateClientSession()

bool Security::CreateClientSession ( const Security::ContextPointer ctx,
const Comm::ConnectionPointer c,
const char *  squidCtx 
)

Creates TLS Client connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO). On errors, emits DBG_IMPORTANT with details and returns false.

Definition at line 185 of file Session.cc.

References Security::Io::BIO_TO_SERVER, and CreateSession().

Referenced by Security::PeerConnector::initialize().

◆ CreateServerSession()

bool Security::CreateServerSession ( const Security::ContextPointer ctx,
const Comm::ConnectionPointer c,
const char *  squidCtx 
)

Creates TLS Server connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO). On errors, emits DBG_IMPORTANT with details and returns false.

Definition at line 191 of file Session.cc.

References Security::Io::BIO_TO_CLIENT, and CreateSession().

Referenced by httpsCreate().

◆ CtoCpp1() [1/3]

Security::CtoCpp1 ( X509_free  ,
X509 *   
)

◆ CtoCpp1() [2/3]

Security::CtoCpp1 ( X509_CRL_free  ,
X509_CRL *   
)

◆ CtoCpp1() [3/3]

Security::CtoCpp1 ( DH_free  ,
DH *   
)

◆ ErrorString()

◆ GetFrom()

Security::ContextPointer Security::GetFrom ( Security::SessionPointer s)
inline

Definition at line 88 of file Session.h.

References NewSessionObject().

Referenced by ConnStateData::getSslContextStart(), and ConnStateData::sslCrtdHandleReply().

◆ MaybeGetSessionResumeData()

void Security::MaybeGetSessionResumeData ( const Security::SessionPointer s,
Security::SessionStatePointer data 
)

When the session is not a resumed session, retrieve the details needed to resume a later connection and store them in 'data'. This may result in 'data' becoming a nil Pointer if no details exist or an error occurs.

When the session is already a resumed session, do nothing and leave 'data' unhanged. XXX: is this latter behaviour always correct?

Definition at line 223 of file Session.cc.

References debugs, ErrorString(), and SessionIsResumed().

Referenced by Security::BlindPeerConnector::noteNegotiationDone(), and Ssl::IcapPeerConnector::noteNegotiationDone().

◆ NewSessionObject()

Security::SessionPointer Security::NewSessionObject ( const Security::ContextPointer ctx)
Deprecated:
use the PeerOptions/ServerOptions API methods instead. Wraps SessionPointer value creation to reduce risk of a nasty hack in ssl/support.cc.

Definition at line 97 of file Session.cc.

References debugs, and p.

Referenced by CreateSession(), GetFrom(), and Ssl::verifySslCertificate().

◆ nilFunction()

bool Security::nilFunction ( const void *  )
inline

Definition at line 40 of file LockingPointer.h.

◆ operator<<() [1/2]

std::ostream & Security::operator<< ( std::ostream &  os,
const Security::EncryptorAnswer answer 
)

◆ operator<<() [2/2]

std::ostream& Security::operator<< ( std::ostream &  os,
Security::TlsDetails const &  details 
)
inline

Definition at line 50 of file Handshake.h.

References Security::TlsDetails::print().

◆ SessionIsResumed()

bool Security::SessionIsResumed ( const Security::SessionPointer s)

Definition at line 210 of file Session.cc.

References debugs.

Referenced by clientNegotiateSSL(), and MaybeGetSessionResumeData().

◆ SessionSendGoodbye()

void Security::SessionSendGoodbye ( const Security::SessionPointer s)

Definition at line 197 of file Session.cc.

References debugs.

Referenced by commCallCloseHandlers(), and commStartTlsClose().

◆ SetSessionCacheCallbacks()

void Security::SetSessionCacheCallbacks ( Security::ContextPointer ctx)

◆ SetSessionResumeData()

void Security::SetSessionResumeData ( const Security::SessionPointer s,
const Security::SessionStatePointer data 
)

Set the data for resuming a previous session. Needs to be done before using the SessionPointer for a handshake.

Definition at line 244 of file Session.cc.

References DBG_CRITICAL, debugs, and ErrorString().

Referenced by Security::BlindPeerConnector::initialize(), and Ssl::IcapPeerConnector::initialize().

◆ SupportedExtensions()

static Security::Extensions Security::SupportedExtensions ( )
static

Definition at line 582 of file Handshake.cc.

Referenced by Security::Extension::supported().

Variable Documentation

◆ HelloRandomSize

const uint64_t Security::HelloRandomSize = 32
static

◆ ProxyOutgoingConfig

Security::PeerOptions Security::ProxyOutgoingConfig

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors