Ssl Namespace Reference

Classes

class  Bio
 BIO source and sink node, handling socket I/O and monitoring SSL state. More...
 
class  CertificateDb
 
class  CertificateProperties
 
class  CertificateStorageAction
 
class  CertValidationHelper
 
class  CertValidationMsg
 
class  CertValidationRequest
 
class  CertValidationResponse
 
class  ClientBio
 
class  Config
 
class  CrtdMessage
 
class  ErrorDetailEntry
 
class  ErrorDetailFile
 manages error detail templates More...
 
class  ErrorDetailsList
 
class  ErrorDetailsManager
 
class  GeneratorRequest
 A pending Ssl::Helper request, combining the original and collapsed queries. More...
 
class  GeneratorRequestor
 Initiator of an Ssl::Helper query. More...
 
class  GlobalContextStorage
 Class for storing/manipulating LocalContextStorage per local listening address/port. More...
 
class  Helper
 
class  IcapPeerConnector
 A simple PeerConnector for Secure ICAP services. No SslBump capabilities. More...
 
class  Lock
 maintains an exclusive blocking file-based lock More...
 
class  Locker
 an exception-safe way to obtain and release a lock More...
 
class  PeekingPeerConnector
 A PeerConnector for HTTP origin servers. Capable of SslBumping. More...
 
class  ServerBio
 
class  ServerBump
 
class  VerifyCallbackParameters
 

Typedefs

using LocalContextStorage = ClpMap< SBuf, Security::ContextPointer, MemoryUsedByContext >
 
typedef std::unique_ptr< STACK_OF(X509), sk_X509_free_wrapper > X509_STACK_Pointer
 
typedef std::unique_ptr< BIGNUM, HardFun< void, BIGNUM *, &BN_free > > BIGNUM_Pointer
 
typedef std::unique_ptr< BIO, HardFun< void, BIO *, &BIO_vfree > > BIO_Pointer
 
typedef std::unique_ptr< ASN1_INTEGER, HardFun< void, ASN1_INTEGER *, &ASN1_INTEGER_free > > ASN1_INT_Pointer
 
typedef std::unique_ptr< ASN1_OCTET_STRING, HardFun< void, ASN1_OCTET_STRING *, &ASN1_OCTET_STRING_free > > ASN1_OCTET_STRING_Pointer
 
typedef std::unique_ptr< TXT_DB, HardFun< void, TXT_DB *, &TXT_DB_free > > TXT_DB_Pointer
 
typedef std::unique_ptr< X509_NAME, HardFun< void, X509_NAME *, &X509_NAME_free > > X509_NAME_Pointer
 
using EVP_PKEY_CTX_Pointer = std::unique_ptr< EVP_PKEY_CTX, HardFun< void, EVP_PKEY_CTX *, &EVP_PKEY_CTX_free > >
 
typedef std::unique_ptr< X509_REQ, HardFun< void, X509_REQ *, &X509_REQ_free > > X509_REQ_Pointer
 
typedef std::unique_ptr< AUTHORITY_KEYID, HardFun< void, AUTHORITY_KEYID *, &AUTHORITY_KEYID_free > > AUTHORITY_KEYID_Pointer
 
typedef std::unique_ptr< STACK_OF(GENERAL_NAME), sk_GENERAL_NAME_free_wrapper > GENERAL_NAME_STACK_Pointer
 
typedef std::unique_ptr< GENERAL_NAME, HardFun< void, GENERAL_NAME *, &GENERAL_NAME_free > > GENERAL_NAME_Pointer
 
typedef std::unique_ptr< X509_EXTENSION, HardFun< void, X509_EXTENSION *, &X509_EXTENSION_free > > X509_EXTENSION_Pointer
 
typedef std::unique_ptr< X509_STORE_CTX, HardFun< void, X509_STORE_CTX *, &X509_STORE_CTX_free > > X509_STORE_CTX_Pointer
 
using UniqueCString = std::unique_ptr< char, HardFun< void, char *, &OPENSSL_free_for_c_strings > >
 
typedef std::unordered_map< SBuf, GeneratorRequest * > GeneratorRequests
 Ssl::Helper query:GeneratorRequest map. More...
 
using BumpStep = XactionStep
 
typedef RefCount< CertValidationResponseCertValidationResponsePointer
 
typedef char const * GETX509ATTRIBUTE(X509 *, const char *)
 
typedef SBuf GETX509PEM(X509 *)
 
typedef std::multimap< SBuf, X509 * > CertsIndexedList
 certificates indexed by issuer name More...
 

Enumerations

enum  CertSignAlgorithm {
  algSignTrusted = 0 ,
  algSignUntrusted ,
  algSignSelf ,
  algSignEnd
}
 
enum  CertAdaptAlgorithm {
  algSetValidAfter = 0 ,
  algSetValidBefore ,
  algSetCommonName ,
  algSetEnd
}
 
enum  BumpMode {
  bumpNone = 0 ,
  bumpClientFirst ,
  bumpServerFirst ,
  bumpPeek ,
  bumpStare ,
  bumpBump ,
  bumpSplice ,
  bumpTerminate ,
  bumpEnd
}
 

Functions

uint64_t MemoryUsedByContext (const Security::ContextPointer &)
 
bool ParseErrorString (const char *name, Security::Errors &)
 
Security::ErrorCode GetErrorCode (const char *name)
 The Security::ErrorCode code of the error described by "name". More...
 
const char * GetErrorName (const Security::ErrorCode code, const bool prefixRawCode=false)
 
std::optional< SBufGetErrorDescr (Security::ErrorCode)
 
bool ErrorIsOptional (const char *name)
 
void errorDetailInitialize ()
 
void errorDetailClean ()
 
 sk_dtor_wrapper (sk_X509, STACK_OF(X509) *, X509_free)
 
 sk_dtor_wrapper (sk_GENERAL_NAME, STACK_OF(GENERAL_NAME) *, GENERAL_NAME_free)
 
void OPENSSL_free_for_c_strings (char *const string)
 
void ForgetErrors ()
 Clear any errors accumulated by OpenSSL in its global storage. More...
 
std::ostream & ReportAndForgetErrors (std::ostream &)
 
bool writeCertAndPrivateKeyToMemory (Security::CertPointer const &cert, Security::PrivateKeyPointer const &pkey, std::string &bufferToWrite)
 
bool appendCertToMemory (Security::CertPointer const &cert, std::string &bufferToWrite)
 
bool readCertAndPrivateKeyFromMemory (Security::CertPointer &cert, Security::PrivateKeyPointer &pkey, char const *bufferToRead)
 
BIO_Pointer ReadOnlyBioTiedTo (const char *)
 
void ReadPrivateKeyFromFile (char const *keyFilename, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback)
 
bool OpenCertsFileForReading (BIO_Pointer &bio, const char *filename)
 
Security::CertPointer ReadCertificate (const BIO_Pointer &)
 
Security::CertPointer ReadOptionalCertificate (const BIO_Pointer &)
 
bool ReadPrivateKey (BIO_Pointer &bio, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback)
 
bool OpenCertsFileForWriting (BIO_Pointer &bio, const char *filename)
 
bool WriteX509Certificate (BIO_Pointer &bio, const Security::CertPointer &cert)
 
bool WritePrivateKey (BIO_Pointer &bio, const Security::PrivateKeyPointer &pkey)
 
UniqueCString OneLineSummary (X509_NAME &)
 a RAII wrapper for the memory-allocating flavor of X509_NAME_oneline() More...
 
const char * certSignAlgorithm (int sg)
 
CertSignAlgorithm certSignAlgorithmId (const char *sg)
 
const char * sslCertAdaptAlgoritm (int alg)
 
std::string & OnDiskCertificateDbKey (const CertificateProperties &)
 
bool generateSslCertificate (Security::CertPointer &cert, Security::PrivateKeyPointer &pkey, CertificateProperties const &properties)
 
bool sslDateIsInTheFuture (char const *date)
 
bool certificateMatchesProperties (X509 *peer_cert, CertificateProperties const &properties)
 
const char * CommonHostName (X509 *x509)
 
const char * getOrganization (X509 *x509)
 
bool CertificatesCmp (const Security::CertPointer &cert1, const Security::CertPointer &cert2)
 
const ASN1_BIT_STRING * X509_get_signature (const Security::CertPointer &)
 
static void HandleGeneratorReply (void *data, const ::Helper::Reply &reply)
 receives helper response More...
 
int AskPasswordCb (char *buf, int size, int rwflag, void *userdata)
 
void Initialize ()
 
bool InitServerContext (Security::ContextPointer &, AnyP::PortCfg &)
 initialize a TLS server context with OpenSSL specific settings More...
 
bool InitClientContext (Security::ContextPointer &, Security::PeerOptions &, Security::ParsedPortFlags)
 initialize a TLS client context with OpenSSL specific settings More...
 
void ConfigurePeerVerification (Security::ContextPointer &, const Security::ParsedPortFlags)
 set the certificate verify callback for a context More...
 
void DisablePeerVerification (Security::ContextPointer &)
 
void MaybeSetupRsaCallback (Security::ContextPointer &)
 if required, setup callback for generating ephemeral RSA keys More...
 
const char * bumpMode (int bm)
 
bool loadCerts (const char *certsFile, Ssl::CertsIndexedList &list)
 
bool loadSquidUntrusted (const char *path)
 
void unloadSquidUntrusted ()
 
void SSL_add_untrusted_cert (SSL *ssl, X509 *cert)
 
const char * findIssuerUri (X509 *cert)
 finds certificate issuer URI in the Authority Info Access extension More...
 
Security::CertPointer findIssuerCertificate (X509 *cert, const STACK_OF(X509) *serverCertificates, const Security::ContextPointer &context)
 
bool missingChainCertificatesUrls (std::queue< SBuf > &URIs, const STACK_OF(X509) &serverCertificates, const Security::ContextPointer &context)
 
bool generateUntrustedCert (Security::CertPointer &untrustedCert, Security::PrivateKeyPointer &untrustedPkey, Security::CertPointer const &cert, Security::PrivateKeyPointer const &pkey)
 
Security::ContextPointer GenerateSslContext (CertificateProperties const &, Security::ServerOptions &, bool trusted)
 
bool verifySslCertificate (const Security::ContextPointer &, CertificateProperties const &)
 
Security::ContextPointer GenerateSslContextUsingPkeyAndCertFromMemory (const char *data, Security::ServerOptions &, bool trusted)
 
Security::ContextPointer createSSLContext (Security::CertPointer &x509, Security::PrivateKeyPointer &pkey, Security::ServerOptions &)
 Create SSL context and apply ssl certificate and private key to it. More...
 
void chainCertificatesToSSLContext (Security::ContextPointer &, Security::ServerOptions &)
 
void configureUnconfiguredSslContext (Security::ContextPointer &, Ssl::CertSignAlgorithm signAlgorithm, AnyP::PortCfg &)
 
bool configureSSL (SSL *ssl, CertificateProperties const &properties, AnyP::PortCfg &port)
 
bool configureSSLUsingPkeyAndCertFromMemory (SSL *ssl, const char *data, AnyP::PortCfg &port)
 
void useSquidUntrusted (SSL_CTX *sslContext)
 
int matchX509CommonNames (X509 *peer_cert, void *check_data, int(*check_func)(void *check_data, ASN1_STRING *cn_data))
 
bool checkX509ServerValidity (X509 *cert, const char *server)
 
int asn1timeToString (ASN1_TIME *tm, char *buf, int len)
 
void setClientSNI (SSL *ssl, const char *fqdn)
 
void InRamCertificateDbKey (const Ssl::CertificateProperties &certProperties, SBuf &key)
 
BIO * BIO_new_SBuf (SBuf *buf)
 
bool VerifyConnCertificates (Security::Connection &, const Ssl::X509_STACK_Pointer &extraCerts)
 

Variables

Config TheConfig
 
GlobalContextStorage TheGlobalContextStorage
 Global cache for store all SSL server certificates. More...
 
const char * CertSignAlgorithmStr []
 
const char * CertAdaptAlgorithmStr []
 
GETX509ATTRIBUTE GetX509UserAttribute
 
GETX509ATTRIBUTE GetX509CAAttribute
 
GETX509PEM GetX509PEM
 
GETX509ATTRIBUTE GetX509Fingerprint
 
const EVP_MD * DefaultSignHash = nullptr
 
std::vector< const char * > BumpModeStr
 

Typedef Documentation

◆ ASN1_INT_Pointer

typedef std::unique_ptr<ASN1_INTEGER, HardFun<void, ASN1_INTEGER*, &ASN1_INTEGER_free> > Ssl::ASN1_INT_Pointer

Definition at line 56 of file gadgets.h.

◆ ASN1_OCTET_STRING_Pointer

typedef std::unique_ptr<ASN1_OCTET_STRING, HardFun<void, ASN1_OCTET_STRING*, &ASN1_OCTET_STRING_free> > Ssl::ASN1_OCTET_STRING_Pointer

Definition at line 58 of file gadgets.h.

◆ AUTHORITY_KEYID_Pointer

typedef std::unique_ptr<AUTHORITY_KEYID, HardFun<void, AUTHORITY_KEYID*, &AUTHORITY_KEYID_free> > Ssl::AUTHORITY_KEYID_Pointer

Definition at line 68 of file gadgets.h.

◆ BIGNUM_Pointer

typedef std::unique_ptr<BIGNUM, HardFun<void, BIGNUM*, &BN_free> > Ssl::BIGNUM_Pointer

Definition at line 52 of file gadgets.h.

◆ BIO_Pointer

typedef std::unique_ptr<BIO, HardFun<void, BIO*, &BIO_vfree> > Ssl::BIO_Pointer

Definition at line 54 of file gadgets.h.

◆ BumpStep

using Ssl::BumpStep = typedef XactionStep

Definition at line 28 of file ServerBump.h.

◆ CertsIndexedList

typedef std::multimap< SBuf, X509 * > Ssl::CertsIndexedList

Definition at line 144 of file support.h.

◆ CertValidationResponsePointer

◆ EVP_PKEY_CTX_Pointer

using Ssl::EVP_PKEY_CTX_Pointer = typedef std::unique_ptr<EVP_PKEY_CTX, HardFun<void, EVP_PKEY_CTX*, &EVP_PKEY_CTX_free> >

Definition at line 64 of file gadgets.h.

◆ GENERAL_NAME_Pointer

typedef std::unique_ptr<GENERAL_NAME, HardFun<void, GENERAL_NAME*, &GENERAL_NAME_free> > Ssl::GENERAL_NAME_Pointer

Definition at line 73 of file gadgets.h.

◆ GENERAL_NAME_STACK_Pointer

typedef std::unique_ptr<STACK_OF(GENERAL_NAME), sk_GENERAL_NAME_free_wrapper> Ssl::GENERAL_NAME_STACK_Pointer

Definition at line 71 of file gadgets.h.

◆ GeneratorRequests

typedef std::unordered_map<SBuf, GeneratorRequest*> Ssl::GeneratorRequests

Definition at line 57 of file helper.cc.

◆ GETX509PEM

typedef SBuf Ssl::GETX509PEM(X509 *)

Definition at line 106 of file support.h.

◆ LocalContextStorage

◆ TXT_DB_Pointer

typedef std::unique_ptr<TXT_DB, HardFun<void, TXT_DB*, &TXT_DB_free> > Ssl::TXT_DB_Pointer

Definition at line 60 of file gadgets.h.

◆ UniqueCString

using Ssl::UniqueCString = typedef std::unique_ptr<char, HardFun<void, char *, &OPENSSL_free_for_c_strings> >

Definition at line 81 of file gadgets.h.

◆ X509_EXTENSION_Pointer

typedef std::unique_ptr<X509_EXTENSION, HardFun<void, X509_EXTENSION*, &X509_EXTENSION_free> > Ssl::X509_EXTENSION_Pointer

Definition at line 75 of file gadgets.h.

◆ X509_NAME_Pointer

typedef std::unique_ptr<X509_NAME, HardFun<void, X509_NAME*, &X509_NAME_free> > Ssl::X509_NAME_Pointer

Definition at line 62 of file gadgets.h.

◆ X509_REQ_Pointer

typedef std::unique_ptr<X509_REQ, HardFun<void, X509_REQ*, &X509_REQ_free> > Ssl::X509_REQ_Pointer

Definition at line 66 of file gadgets.h.

◆ X509_STACK_Pointer

typedef std::unique_ptr<STACK_OF(X509), sk_X509_free_wrapper> Ssl::X509_STACK_Pointer

Definition at line 50 of file gadgets.h.

◆ X509_STORE_CTX_Pointer

typedef std::unique_ptr<X509_STORE_CTX, HardFun<void, X509_STORE_CTX *, &X509_STORE_CTX_free> > Ssl::X509_STORE_CTX_Pointer

Definition at line 77 of file gadgets.h.

Function Documentation

◆ AskPasswordCb()

int Ssl::AskPasswordCb ( char *  buf,
int  size,
int  rwflag,
void *  userdata 
)

callback for receiving password to access password secured PEM files XXX: Requires SSL_CTX_set_default_passwd_cb_userdata()!

Definition at line 64 of file support.cc.

References Config, size, and SquidConfig::ssl_password.

Referenced by Security::KeyData::loadX509PrivateKeyFromFile(), and ssl_ask_password().

◆ ConfigurePeerVerification()

◆ DisablePeerVerification()

void Ssl::DisablePeerVerification ( Security::ContextPointer ctx)

Definition at line 432 of file support.cc.

References DBG_PARSE_NOTE, and debugs.

Referenced by Security::ServerOptions::updateContextClientCa().

◆ errorDetailClean()

void Ssl::errorDetailClean ( )

Definition at line 24 of file ErrorDetailManager.cc.

References Ssl::ErrorDetailsManager::Shutdown().

Referenced by errorClean().

◆ errorDetailInitialize()

void Ssl::errorDetailInitialize ( )

Definition at line 19 of file ErrorDetailManager.cc.

References Ssl::ErrorDetailsManager::GetInstance().

◆ ErrorIsOptional()

bool Ssl::ErrorIsOptional ( const char *  name)
Returns
true if the TLS error is optional and may not be supported by current squid version

Definition at line 149 of file ErrorDetail.cc.

References OptionalSslErrors.

Referenced by Ssl::ErrorDetailFile::parse().

◆ findIssuerCertificate()

Security::CertPointer Ssl::findIssuerCertificate ( X509 *  cert,
const STACK_OF(X509) *  serverCertificates,
const Security::ContextPointer context 
)

Searches serverCertificates and local databases for the cert issuer.

Parameters
contextwhere to retrieve the configured CA's db; may be nil
Returns
the found issuer certificate or nil

Definition at line 1207 of file support.cc.

References findCertIssuerFast(), findIssuerInCaDb(), Must, sk_x509_findIssuer(), and SquidUntrustedCerts.

Referenced by Security::PeerConnector::certDownloadingDone(), completeIssuers(), and missingChainCertificatesUrls().

◆ findIssuerUri()

const char * Ssl::findIssuerUri ( X509 *  cert)

◆ ForgetErrors()

◆ GetErrorCode()

Security::ErrorCode Ssl::GetErrorCode ( const char *  name)
inline

◆ GetErrorDescr()

std::optional< SBuf > Ssl::GetErrorDescr ( Security::ErrorCode  value)

a short description of the given TLS error known to Squid (or, if the error is unknown, nothing)

Definition at line 159 of file ErrorDetail.cc.

Referenced by ssl_verify_cb().

◆ GetErrorName()

const char * Ssl::GetErrorName ( const Security::ErrorCode  code,
const bool  prefixRawCode = false 
)
inline
Returns
string representation of a known TLS error (or a raw error code)
Parameters
prefixRawCodewhether to prefix raw codes with "SSL_ERR="

Definition at line 38 of file ErrorDetail.h.

References code, and Security::ErrorNameFromCode().

Referenced by Format::Format::assemble(), Ssl::CertValidationMsg::composeRequest(), and ACLSslErrorData::dump().

◆ HandleGeneratorReply()

static void Ssl::HandleGeneratorReply ( void *  data,
const ::Helper::Reply reply 
)
static

Definition at line 153 of file helper.cc.

References assert, cbdata::data, debugs, and TheGeneratorRequests.

Referenced by Ssl::Helper::Submit().

◆ InitClientContext()

◆ Initialize()

◆ InitServerContext()

bool Ssl::InitServerContext ( Security::ContextPointer ctx,
AnyP::PortCfg  
)

Definition at line 701 of file support.cc.

◆ MaybeSetupRsaCallback()

void Ssl::MaybeSetupRsaCallback ( Security::ContextPointer ctx)

Definition at line 171 of file support.cc.

References debugs.

Referenced by InitClientContext(), and Security::ServerOptions::updateContextConfig().

◆ MemoryUsedByContext()

uint64_t Ssl::MemoryUsedByContext ( const Security::ContextPointer )
inline

Definition at line 48 of file context_storage.h.

◆ missingChainCertificatesUrls()

bool Ssl::missingChainCertificatesUrls ( std::queue< SBuf > &  URIs,
const STACK_OF(X509) &  serverCertificates,
const Security::ContextPointer context 
)

Fill URIs queue with the uris of missing certificates from serverCertificate chain if this information provided by Authority Info Access.

Returns
whether at least one URI is known, including previously known ones

Definition at line 1233 of file support.cc.

References debugs, findIssuerCertificate(), and findIssuerUri().

Referenced by Security::PeerConnector::computeMissingCertificateUrls().

◆ OneLineSummary()

Ssl::UniqueCString Ssl::OneLineSummary ( X509_NAME &  name)

◆ OPENSSL_free_for_c_strings()

void Ssl::OPENSSL_free_for_c_strings ( char *const  string)
inline

Definition at line 80 of file gadgets.h.

◆ ParseErrorString()

bool Ssl::ParseErrorString ( const char *  name,
Security::Errors errors 
)

Converts user-friendly error "name" into an Security::ErrorCode and adds it to the provided container (using emplace). This function can handle numeric error numbers as well as names.

Definition at line 111 of file ErrorDetail.cc.

References assert, fatalf(), GetErrorCode(), loadSslErrorShortcutsMap(), SQUID_TLS_ERR_END, SQUID_TLS_ERR_OFFSET, TheSslErrorShortcuts, and xisdigit.

Referenced by ACLSslErrorData::parse().

◆ ReadCertificate()

Security::CertPointer Ssl::ReadCertificate ( const BIO_Pointer bio)

Reads and returns a certificate using the given OpenSSL BIO. Never returns a nil pointer.

Definition at line 758 of file gadgets.cc.

References Here, and ReadOptionalCertificate().

Referenced by Security::KeyData::loadCertificates(), Ssl::CrtdMessage::parseRequest(), readCertAndPrivateKeyFromMemory(), Ssl::CertificateDb::ReadEntry(), and Ssl::CertValidationMsg::tryParsingResponse().

◆ ReadOnlyBioTiedTo()

Ssl::BIO_Pointer Ssl::ReadOnlyBioTiedTo ( const char *  bufferToRead)

Creates and returns a BIO for reading from the given c-string. The returned BIO lifetime must not exceed that of the given c-string!

Definition at line 170 of file gadgets.cc.

References Security::ForgetErrors(), Here, and ThrowErrors().

Referenced by Ssl::CrtdMessage::parseRequest(), and Ssl::CertValidationMsg::tryParsingResponse().

◆ ReadOptionalCertificate()

Security::CertPointer Ssl::ReadOptionalCertificate ( const BIO_Pointer bio)

Reads and returns a certificate using the given OpenSSL BIO.

Returns
a nil pointer if the given BIO is empty or exhausted

Definition at line 733 of file gadgets.cc.

References Assure, ForgetErrors(), Here, and ThrowErrors().

Referenced by Security::KeyData::loadCertificates(), loadCerts(), ReadCertificate(), and Ssl::CertificateDb::ReadEntry().

◆ ReportAndForgetErrors()

std::ostream & Ssl::ReportAndForgetErrors ( std::ostream &  os)

Manipulator to report errors accumulated by OpenSSL in its global storage. Each error is reported on a dedicated Debug::Extra line. Nothing is reported if there are no errors. Also clears all reported errors.

Definition at line 34 of file gadgets.cc.

References asHex(), and Debug::Extra().

Referenced by ForgetErrors(), Security::IssuedBy(), Security::IssuerName(), Security::ServerOptions::loadDhParams(), Security::SubjectName(), ThrowErrors(), and Security::ServerOptions::updateContextEecdh().

◆ sk_dtor_wrapper() [1/2]

Ssl::sk_dtor_wrapper ( sk_GENERAL_NAME  ,
STACK_OF(GENERAL_NAME) *  ,
GENERAL_NAME_free   
)

◆ sk_dtor_wrapper() [2/2]

Ssl::sk_dtor_wrapper ( sk_X509  ,
STACK_OF(X509) *  ,
X509_free   
)

std::unique_ptr typedefs for common SSL objects

◆ SSL_add_untrusted_cert()

void Ssl::SSL_add_untrusted_cert ( SSL *  ssl,
X509 *  cert 
)

Add the certificate cert to ssl object untrusted certificates. Squid uses an attached to SSL object list of untrusted certificates, with certificates which can be used to complete incomplete chains sent by the SSL server.

◆ VerifyConnCertificates()

bool Ssl::VerifyConnCertificates ( Security::Connection sconn,
const Ssl::X509_STACK_Pointer extraCerts 
)

Validates the given TLS connection server certificate chain in conjunction with a (possibly empty) set of "extra" intermediate certs. Also consults sslproxy_foreign_intermediate_certs. This is a C++/Squid-friendly wrapper of OpenSSL "verification callback function" (OpenSSL_vcb_disambiguation). OpenSSL has a similar wrapper, ssl_verify_cert_chain(), but that wrapper is not a part of the public OpenSSL API.

Definition at line 441 of file support.cc.

References debugs, SSL_get0_param(), and VerifyCtxCertificates().

Referenced by Security::PeerConnector::resumeNegotiation().

◆ X509_get_signature()

const ASN1_BIT_STRING * Ssl::X509_get_signature ( const Security::CertPointer cert)

wrapper for OpenSSL X509_get0_signature() which takes care of portability issues with older OpenSSL versions

Definition at line 1005 of file gadgets.cc.

References Security::LockingPointer< T, UnLocker, Locker >::get(), and X509_get0_signature().

Referenced by InRamCertificateDbKey(), and printX509Signature().

Variable Documentation

◆ DefaultSignHash

const EVP_MD * Ssl::DefaultSignHash = nullptr
extern

Definition at line 44 of file support.cc.

Referenced by ConnStateData::buildSslCertGenerationParams(), and Initialize().

◆ TheConfig

◆ TheGlobalContextStorage

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors