Network/connection security abstraction layer.
Namespaces | |
Io | |
Classes | |
class | Alert |
TLS Alert protocol frame from RFC 5246 Section 7.2. More... | |
class | BlindPeerConnector |
A simple PeerConnector for SSL/TLS cache_peers. No SslBump capabilities. More... | |
class | CertError |
class | EncryptorAnswer |
class | Extension |
TLS Hello Extension from RFC 5246 Section 7.4.1.4. More... | |
class | Handshake |
TLS Handshake Protocol frame from RFC 5246 Section 7.4. More... | |
class | HandshakeParser |
Incremental TLS/SSL Handshake parser. More... | |
class | KeyData |
TLS certificate and private key details from squid.conf. More... | |
class | LockingPointer |
class | NegotiationHistory |
class | PeerConnector |
class | PeerOptions |
TLS squid.conf settings for a remote server peer. More... | |
class | ServerOptions |
TLS squid.conf settings for a listening port. More... | |
class | Sslv2Record |
draft-hickman-netscape-ssl-00. Section 4.1. SSL Record Header Format More... | |
class | TlsDetails |
class | TLSPlaintext |
TLS Record Layer's frame from RFC 5246 Section 6.2.1. More... | |
Typedefs | |
typedef std::shared_ptr< SSL_CTX > | ContextPointer |
typedef CbDataList< Security::CertError > | CertErrors |
Holds a list of X.509 certificate errors. More... | |
typedef Security::LockingPointer< X509, X509_free_cpp, HardFun< int, X509 *, X509_up_ref > > | CertPointer |
typedef Security::LockingPointer< X509_CRL, X509_CRL_free_cpp, HardFun< int, X509_CRL *, X509_CRL_up_ref > > | CrlPointer |
typedef std::list< Security::CertPointer > | CertList |
typedef std::list< Security::CrlPointer > | CertRevokeList |
typedef Security::LockingPointer< DH, DH_free_cpp, HardFun< int, DH *, DH_up_ref > > | DhePointer |
typedef int | ErrorCode |
Squid defined error code (<0), an error code returned by X.509 API, or SSL_ERROR_NONE. More... | |
typedef std::unordered_set< Security::ErrorCode > | Errors |
typedef long | ParsedOptions |
typedef std::unordered_set< Extension::Type > | Extensions |
Extension types optimized for fast lookups. More... | |
typedef HardFun< bool, const void *, nilFunction > | NilFunctor |
typedef std::shared_ptr< SSL > | SessionPointer |
typedef std::unique_ptr< SSL_SESSION, HardFun< void, SSL_SESSION *, &SSL_SESSION_free > > | SessionStatePointer |
Enumerations | |
enum | ContentType { ctChangeCipherSpec = 20, ctAlert = 21, ctHandshake = 22, ctApplicationData = 23 } |
TLS Record Layer's content types from RFC 5246 Section 6.2.1. More... | |
enum | HandshakeType { hskClientHello = 1, hskServerHello = 2, hskCertificate = 11, hskServerHelloDone = 14 } |
TLS Handshake protocol's handshake types from RFC 5246 Section 7.4. More... | |
Functions | |
std::ostream & | operator<< (std::ostream &, const Security::EncryptorAnswer &) |
CtoCpp1 (X509_free, X509 *) | |
CtoCpp1 (X509_CRL_free, X509_CRL *) | |
CtoCpp1 (DH_free, DH *) | |
const char * | ErrorString (const ErrorCode code) |
static Extensions | SupportedExtensions () |
A helper function to create a set of all supported TLS extensions. More... | |
std::ostream & | operator<< (std::ostream &os, Security::TlsDetails const &details) |
bool | nilFunction (const void *) |
bool | CreateClientSession (const Security::ContextPointer &, const Comm::ConnectionPointer &, const char *squidCtx) |
bool | CreateServerSession (const Security::ContextPointer &, const Comm::ConnectionPointer &, Security::PeerOptions &, const char *squidCtx) |
void | SessionSendGoodbye (const Security::SessionPointer &) |
send the shutdown/bye notice for an active TLS session. More... | |
bool | SessionIsResumed (const Security::SessionPointer &) |
whether the session is a resumed one More... | |
void | MaybeGetSessionResumeData (const Security::SessionPointer &, Security::SessionStatePointer &data) |
void | SetSessionResumeData (const Security::SessionPointer &, const Security::SessionStatePointer &) |
void | SetSessionCacheCallbacks (Security::ContextPointer &) |
Setup the given TLS context with callbacks used to manage the session cache. More... | |
Security::ContextPointer | GetFrom (Security::SessionPointer &s) |
Helper function to retrieve a (non-locked) ContextPointer from a SessionPointer. More... | |
Security::SessionPointer | NewSessionObject (const Security::ContextPointer &) |
Variables | |
static const uint64_t | HelloRandomSize = 32 |
The size of the TLS Random structure from RFC 5246 Section 7.4.1.2. More... | |
PeerOptions | ProxyOutgoingConfig |
configuration options for DIRECT server access More... | |
Typedef Documentation
◆ CertErrors
◆ CertList
typedef std::list<Security::CertPointer> Security::CertList |
◆ CertPointer
typedef Security::LockingPointer<X509, X509_free_cpp, HardFun<int, X509 *, X509_up_ref> > Security::CertPointer |
◆ CertRevokeList
typedef std::list<Security::CrlPointer> Security::CertRevokeList |
◆ ContextPointer
typedef std::shared_ptr<SSL_CTX> Security::ContextPointer |
◆ CrlPointer
typedef Security::LockingPointer<X509_CRL, X509_CRL_free_cpp, HardFun<int, X509_CRL *, X509_CRL_up_ref> > Security::CrlPointer |
◆ DhePointer
typedef Security::LockingPointer<DH, DH_free_cpp, HardFun<int, DH *, DH_up_ref> > Security::DhePointer |
◆ ErrorCode
typedef int Security::ErrorCode |
◆ Errors
typedef std::unordered_set<Security::ErrorCode> Security::Errors |
◆ Extensions
typedef std::unordered_set<Extension::Type> Security::Extensions |
Definition at line 104 of file Handshake.cc.
◆ NilFunctor
typedef HardFun<bool, const void *, nilFunction> Security::NilFunctor |
Definition at line 41 of file LockingPointer.h.
◆ ParsedOptions
typedef long Security::ParsedOptions |
◆ SessionPointer
typedef std::shared_ptr<SSL> Security::SessionPointer |
◆ SessionStatePointer
typedef std::unique_ptr<SSL_SESSION, HardFun<void, SSL_SESSION*, &SSL_SESSION_free> > Security::SessionStatePointer |
Enumeration Type Documentation
◆ ContentType
Enumerator | |
---|---|
ctChangeCipherSpec | |
ctAlert | |
ctHandshake | |
ctApplicationData |
Definition at line 28 of file Handshake.cc.
◆ HandshakeType
Enumerator | |
---|---|
hskClientHello | |
hskServerHello | |
hskCertificate | |
hskServerHelloDone |
Definition at line 56 of file Handshake.cc.
Function Documentation
◆ CreateClientSession()
bool Security::CreateClientSession | ( | const Security::ContextPointer & | ctx, |
const Comm::ConnectionPointer & | c, | ||
const char * | squidCtx | ||
) |
Creates TLS Client connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO). On errors, emits DBG_IMPORTANT with details and returns false.
Definition at line 184 of file Session.cc.
References Security::Io::BIO_TO_SERVER, CreateSession(), Comm::Connection::getPeer(), and ProxyOutgoingConfig.
Referenced by Security::PeerConnector::initialize().
◆ CreateServerSession()
bool Security::CreateServerSession | ( | const Security::ContextPointer & | ctx, |
const Comm::ConnectionPointer & | c, | ||
Security::PeerOptions & | o, | ||
const char * | squidCtx | ||
) |
Creates TLS Server connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO). On errors, emits DBG_IMPORTANT with details and returns false.
Definition at line 194 of file Session.cc.
References Security::Io::BIO_TO_CLIENT, and CreateSession().
Referenced by httpsCreate().
◆ CtoCpp1() [1/3]
Security::CtoCpp1 | ( | X509_free | , |
X509 * | |||
) |
◆ CtoCpp1() [2/3]
Security::CtoCpp1 | ( | X509_CRL_free | , |
X509_CRL * | |||
) |
◆ CtoCpp1() [3/3]
Security::CtoCpp1 | ( | DH_free | , |
DH * | |||
) |
◆ ErrorString()
|
inline |
Definition at line 96 of file forward.h.
Referenced by Ssl::chainCertificatesToSSLContext(), Security::PeerOptions::createBlankContext(), Security::ServerOptions::createBlankContext(), CreateSession(), Security::ServerOptions::createStaticServerContext(), Ssl::ErrorDetail::err_lib_error(), Ssl::InitClientContext(), Ssl::Initialize(), issuerExistInCaDb(), loadSystemTrustedCa(), Security::KeyData::loadX509CertFromFile(), Security::KeyData::loadX509ChainFromFile(), MaybeGetSessionResumeData(), Ssl::PeekingPeerConnector::noteNegotiationError(), Security::PeerConnector::noteNegotiationError(), Security::PeerOptions::parseOptions(), Ssl::setClientSNI(), SetSessionResumeData(), tlsAttemptHandshake(), Security::PeerOptions::updateContextCa(), Security::ServerOptions::updateContextClientCa(), Security::ServerOptions::updateContextConfig(), Security::ServerOptions::updateContextEecdh(), Security::PeerOptions::updateContextTrust(), and Security::PeerOptions::updateSessionOptions().
◆ GetFrom()
|
inline |
Definition at line 90 of file Session.h.
References NewSessionObject().
Referenced by ConnStateData::getSslContextStart(), and ConnStateData::sslCrtdHandleReply().
◆ MaybeGetSessionResumeData()
void Security::MaybeGetSessionResumeData | ( | const Security::SessionPointer & | s, |
Security::SessionStatePointer & | data | ||
) |
When the session is not a resumed session, retrieve the details needed to resume a later connection and store them in 'data'. This may result in 'data' becoming a nil Pointer if no details exist or an error occurs.
When the session is already a resumed session, do nothing and leave 'data' unhanged. XXX: is this latter behaviour always correct?
Definition at line 226 of file Session.cc.
References debugs, ErrorString(), and SessionIsResumed().
Referenced by Security::BlindPeerConnector::noteNegotiationDone(), and Ssl::IcapPeerConnector::noteNegotiationDone().
◆ NewSessionObject()
Security::SessionPointer Security::NewSessionObject | ( | const Security::ContextPointer & | ctx | ) |
- Deprecated:
- use the PeerOptions/ServerOptions API methods instead. Wraps SessionPointer value creation to reduce risk of a nasty hack in ssl/support.cc.
Definition at line 97 of file Session.cc.
Referenced by CreateSession(), GetFrom(), and Ssl::verifySslCertificate().
◆ nilFunction()
|
inline |
Definition at line 40 of file LockingPointer.h.
◆ operator<<() [1/2]
std::ostream & Security::operator<< | ( | std::ostream & | os, |
const Security::EncryptorAnswer & | answer | ||
) |
Definition at line 20 of file EncryptorAnswer.cc.
References Security::EncryptorAnswer::conn, and Security::EncryptorAnswer::error.
◆ operator<<() [2/2]
|
inline |
Definition at line 50 of file Handshake.h.
References Security::TlsDetails::print().
◆ SessionIsResumed()
bool Security::SessionIsResumed | ( | const Security::SessionPointer & | s | ) |
Definition at line 213 of file Session.cc.
References debugs.
Referenced by clientNegotiateSSL(), and MaybeGetSessionResumeData().
◆ SessionSendGoodbye()
void Security::SessionSendGoodbye | ( | const Security::SessionPointer & | s | ) |
Definition at line 200 of file Session.cc.
References debugs.
Referenced by commCallCloseHandlers(), and commStartTlsClose().
◆ SetSessionCacheCallbacks()
void Security::SetSessionCacheCallbacks | ( | Security::ContextPointer & | ctx | ) |
Definition at line 376 of file Session.cc.
References get_session_cb(), remove_session_cb(), and store_session_cb().
Referenced by initializeSessionCache(), and Security::ServerOptions::updateContextConfig().
◆ SetSessionResumeData()
void Security::SetSessionResumeData | ( | const Security::SessionPointer & | s, |
const Security::SessionStatePointer & | data | ||
) |
Set the data for resuming a previous session. Needs to be done before using the SessionPointer for a handshake.
Definition at line 247 of file Session.cc.
References DBG_CRITICAL, debugs, and ErrorString().
Referenced by Security::BlindPeerConnector::initialize(), and Ssl::IcapPeerConnector::initialize().
◆ SupportedExtensions()
|
static |
Definition at line 583 of file Handshake.cc.
Referenced by Security::Extension::supported().
Variable Documentation
◆ HelloRandomSize
|
static |
Definition at line 86 of file Handshake.cc.
Referenced by Security::HandshakeParser::parseClientHelloHandshakeMessage(), and Security::HandshakeParser::parseServerHelloHandshakeMessage().
◆ ProxyOutgoingConfig
Security::PeerOptions Security::ProxyOutgoingConfig |
Definition at line 22 of file PeerOptions.cc.
Referenced by configDoConfigure(), CreateClientSession(), Ssl::PeekingPeerConnector::initialize(), and parse_obsolete().