Security Namespace Reference

Network/connection security abstraction layer.




class  BlindPeerConnector
 A simple PeerConnector for SSL/TLS cache_peers. No SslBump capabilities. More...
class  CertError
class  EncryptorAnswer
class  TLSPlaintext
 TLS Record Layer's frame from RFC 5246 Section 6.2.1. More...
class  Sslv2Record
 draft-hickman-netscape-ssl-00. Section 4.1. SSL Record Header Format More...
class  Handshake
 TLS Handshake Protocol frame from RFC 5246 Section 7.4. More...
class  Alert
 TLS Alert protocol frame from RFC 5246 Section 7.2. More...
class  Extension
 TLS Hello Extension from RFC 5246 Section More...
class  TlsDetails
class  HandshakeParser
 Incremental TLS/SSL Handshake parser. More...
class  KeyData
 TLS certificate and private key details from squid.conf. More...
class  LockingPointer
class  NegotiationHistory
class  PeerConnector
class  PeerOptions
 TLS squid.conf settings for a remote server peer. More...
class  ServerOptions
 TLS squid.conf settings for a listening port. More...


typedef std::shared_ptr< SSL_CTX > ContextPointer
typedef CbDataList
< Security::CertError
 Holds a list of X.509 certificate errors. More...
Security::LockingPointer< X509,
X509_free_cpp, HardFun< int,
X509 *, X509_up_ref > > 
< X509_CRL, X509_CRL_free_cpp,
HardFun< int, X509_CRL
*, X509_CRL_up_ref > > 
typedef std::list
< Security::CertPointer
typedef std::list
< Security::CrlPointer
Security::LockingPointer< DH,
DH_free_cpp, HardFun< int, DH
*, DH_up_ref > > 
typedef int ErrorCode
 Squid defined error code (<0), an error code returned by X.509 API, or SSL_ERROR_NONE. More...
typedef std::unordered_set
< Security::ErrorCode
typedef long ParsedOptions
typedef std::unordered_set
< Extension::Type
 Extension types optimized for fast lookups. More...
typedef HardFun< bool, const
void *, nilFunction
typedef std::shared_ptr< SSL > SessionPointer
typedef std::unique_ptr
< SSL_SESSION, HardFun< void,
*,&SSL_SESSION_free > > 


enum  ContentType {
  ctChangeCipherSpec = 20,
  ctAlert = 21,
  ctHandshake = 22,
  ctApplicationData = 23
 TLS Record Layer's content types from RFC 5246 Section 6.2.1. More...
enum  HandshakeType {
  hskClientHello = 1,
  hskServerHello = 2,
  hskCertificate = 11,
  hskServerHelloDone = 14
 TLS Handshake protocol's handshake types from RFC 5246 Section 7.4. More...


std::ostream & operator<< (std::ostream &, const Security::EncryptorAnswer &)
 CtoCpp1 (X509_free, X509 *)
 CtoCpp1 (X509_CRL_free, X509_CRL *)
 CtoCpp1 (DH_free, DH *)
const char * ErrorString (const ErrorCode code)
static Extensions SupportedExtensions ()
 A helper function to create a set of all supported TLS extensions. More...
std::ostream & operator<< (std::ostream &os, Security::TlsDetails const &details)
bool nilFunction (const void *)
bool CreateClientSession (const Security::ContextPointer &, const Comm::ConnectionPointer &, const char *squidCtx)
bool CreateServerSession (const Security::ContextPointer &, const Comm::ConnectionPointer &, const char *squidCtx)
void SessionSendGoodbye (const Security::SessionPointer &)
 send the shutdown/bye notice for an active TLS session. More...
bool SessionIsResumed (const Security::SessionPointer &)
 whether the session is a resumed one More...
void MaybeGetSessionResumeData (const Security::SessionPointer &, Security::SessionStatePointer &data)
void SetSessionResumeData (const Security::SessionPointer &, const Security::SessionStatePointer &)
void SetSessionCacheCallbacks (Security::ContextPointer &)
 Setup the given TLS context with callbacks used to manage the session cache. More...
Security::ContextPointer GetFrom (Security::SessionPointer &s)
 Helper function to retrieve a (non-locked) ContextPointer from a SessionPointer. More...
Security::SessionPointer NewSessionObject (const Security::ContextPointer &)


static const uint64_t HelloRandomSize = 32
 The size of the TLS Random structure from RFC 5246 Section More...
PeerOptions ProxyOutgoingConfig
 configuration options for DIRECT server access More...

Typedef Documentation

Definition at line 57 of file forward.h.

Definition at line 80 of file forward.h.

typedef Security::LockingPointer<X509, X509_free_cpp, HardFun<int, X509 *, X509_up_ref> > Security::CertPointer

Definition at line 63 of file forward.h.

Definition at line 82 of file forward.h.

typedef std::shared_ptr<SSL_CTX> Security::ContextPointer

Definition at line 29 of file Context.h.

typedef Security::LockingPointer<X509_CRL, X509_CRL_free_cpp, HardFun<int, X509_CRL *, X509_CRL_up_ref> > Security::CrlPointer

Definition at line 72 of file forward.h.

typedef Security::LockingPointer<DH, DH_free_cpp, HardFun<int, DH *, DH_up_ref> > Security::DhePointer

Definition at line 86 of file forward.h.

Definition at line 91 of file forward.h.

typedef std::unordered_set<Security::ErrorCode> Security::Errors

set of Squid defined TLS error codes

using std::unordered_set ensures values are unique, with fast lookup

Definition at line 108 of file forward.h.

typedef std::unordered_set<Extension::Type> Security::Extensions

Definition at line 104 of file

typedef HardFun<bool, const void *, nilFunction> Security::NilFunctor

Definition at line 41 of file LockingPointer.h.

Definition at line 129 of file forward.h.

typedef std::shared_ptr<SSL> Security::SessionPointer

Definition at line 42 of file Session.h.

typedef std::unique_ptr<SSL_SESSION, HardFun<void, SSL_SESSION*, &SSL_SESSION_free> > Security::SessionStatePointer

Definition at line 44 of file Session.h.

Enumeration Type Documentation


Definition at line 28 of file


Definition at line 56 of file

Function Documentation

bool Security::CreateClientSession ( const Security::ContextPointer ctx,
const Comm::ConnectionPointer c,
const char *  squidCtx 

Creates TLS Client connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO). On errors, emits DBG_IMPORTANT with details and returns false.

Definition at line 185 of file

References Security::Io::BIO_TO_SERVER, and CreateSession().

Referenced by Security::PeerConnector::initialize().

bool Security::CreateServerSession ( const Security::ContextPointer ctx,
const Comm::ConnectionPointer c,
const char *  squidCtx 

Creates TLS Server connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO). On errors, emits DBG_IMPORTANT with details and returns false.

Definition at line 191 of file

References Security::Io::BIO_TO_CLIENT, and CreateSession().

Referenced by httpsCreate().

Security::CtoCpp1 ( X509_free  ,
X509 *   
Security::CtoCpp1 ( X509_CRL_free  ,
X509_CRL *   
Security::CtoCpp1 ( DH_free  ,
DH *   
Security::ContextPointer Security::GetFrom ( Security::SessionPointer s)
void Security::MaybeGetSessionResumeData ( const Security::SessionPointer s,
Security::SessionStatePointer data 

When the session is not a resumed session, retrieve the details needed to resume a later connection and store them in 'data'. This may result in 'data' becoming a nil Pointer if no details exist or an error occurs.

When the session is already a resumed session, do nothing and leave 'data' unhanged. XXX: is this latter behaviour always correct?

Definition at line 223 of file

References debugs, ErrorString(), and SessionIsResumed().

Referenced by Security::BlindPeerConnector::noteNegotiationDone(), and Ssl::IcapPeerConnector::noteNegotiationDone().

Security::SessionPointer Security::NewSessionObject ( const Security::ContextPointer ctx)
use the PeerOptions/ServerOptions API methods instead. Wraps SessionPointer value creation to reduce risk of a nasty hack in ssl/

Definition at line 97 of file

References debugs, and p.

Referenced by CreateSession(), and Ssl::verifySslCertificate().

bool Security::nilFunction ( const void *  )

Definition at line 40 of file LockingPointer.h.

std::ostream & Security::operator<< ( std::ostream &  os,
const Security::EncryptorAnswer answer 
std::ostream& Security::operator<< ( std::ostream &  os,
Security::TlsDetails const &  details 

Definition at line 50 of file Handshake.h.

References Security::TlsDetails::print().

bool Security::SessionIsResumed ( const Security::SessionPointer s)

Definition at line 210 of file

References debugs.

Referenced by clientNegotiateSSL(), and MaybeGetSessionResumeData().

void Security::SessionSendGoodbye ( const Security::SessionPointer s)

Definition at line 197 of file

References debugs.

Referenced by commStartTlsClose().

void Security::SetSessionCacheCallbacks ( Security::ContextPointer ctx)
void Security::SetSessionResumeData ( const Security::SessionPointer s,
const Security::SessionStatePointer data 

Set the data for resuming a previous session. Needs to be done before using the SessionPointer for a handshake.

Definition at line 244 of file

References DBG_CRITICAL, debugs, and ErrorString().

Referenced by Security::BlindPeerConnector::initialize(), and Ssl::IcapPeerConnector::initialize().

static Security::Extensions Security::SupportedExtensions ( )

Definition at line 582 of file

Referenced by Security::Extension::supported().

Variable Documentation

const uint64_t Security::HelloRandomSize = 32
Security::PeerOptions Security::ProxyOutgoingConfig






Web Site Translations