forward.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2018 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SRC_SECURITY_FORWARD_H
10 #define SQUID_SRC_SECURITY_FORWARD_H
11 
12 #include "base/CbDataList.h"
13 #include "security/Context.h"
14 #include "security/Session.h"
15 
16 #if USE_GNUTLS && HAVE_GNUTLS_ABSTRACT_H
17 #include <gnutls/abstract.h>
18 #endif
19 #include <list>
20 #if USE_OPENSSL
21 #include "compat/openssl.h"
22 #if HAVE_OPENSSL_BN_H
23 #include <openssl/bn.h>
24 #endif
25 #if HAVE_OPENSSL_ERR_H
26 #include <openssl/err.h>
27 #endif
28 #if HAVE_OPENSSL_RSA_H
29 #include <openssl/rsa.h>
30 #endif
31 #endif /* USE_OPENSSL */
32 #include <unordered_set>
33 
34 #if USE_OPENSSL
35 // Macro to be used to define the C++ wrapper functor of the sk_*_pop_free
36 // OpenSSL family of functions. The C++ functor is suffixed with the _free_wrapper
37 // extension
38 #define sk_dtor_wrapper(sk_object, argument_type, freefunction) \
39  struct sk_object ## _free_wrapper { \
40  void operator()(argument_type a) { sk_object ## _pop_free(a, freefunction); } \
41  }
42 #endif /* USE_OPENSSL */
43 
44 /* flags a SSL connection can be configured with */
45 #define SSL_FLAG_NO_DEFAULT_CA (1<<0)
46 #define SSL_FLAG_DELAYED_AUTH (1<<1)
47 #define SSL_FLAG_DONT_VERIFY_PEER (1<<2)
48 #define SSL_FLAG_DONT_VERIFY_DOMAIN (1<<3)
49 #define SSL_FLAG_NO_SESSION_REUSE (1<<4)
50 #define SSL_FLAG_VERIFY_CRL (1<<5)
51 #define SSL_FLAG_VERIFY_CRL_ALL (1<<6)
52 
54 namespace Security
55 {
56 
57 class CertError;
60 
61 #if USE_OPENSSL
62 CtoCpp1(X509_free, X509 *);
64 #elif USE_GNUTLS
65 typedef std::shared_ptr<struct gnutls_x509_crt_int> CertPointer;
66 #else
67 typedef std::shared_ptr<void> CertPointer;
68 #endif
69 
70 #if USE_OPENSSL
71 CtoCpp1(X509_CRL_free, X509_CRL *);
73 #elif USE_GNUTLS
74 CtoCpp1(gnutls_x509_crl_deinit, gnutls_x509_crl_t);
76 #else
77 typedef void *CrlPointer;
78 #endif
79 
80 typedef std::list<Security::CertPointer> CertList;
81 
82 typedef std::list<Security::CrlPointer> CertRevokeList;
83 
84 #if USE_OPENSSL
85 CtoCpp1(DH_free, DH *);
87 #else
88 typedef void *DhePointer;
89 #endif
90 
92 
94 typedef int ErrorCode;
95 
96 inline const char *ErrorString(const ErrorCode code) {
97 #if USE_OPENSSL
98  return ERR_error_string(code, nullptr);
99 #elif USE_GNUTLS
100  return gnutls_strerror(code);
101 #else
102  return "[no TLS library]";
103 #endif
104 }
105 
108 typedef std::unordered_set<Security::ErrorCode> Errors;
109 
110 namespace Io
111 {
112 enum Type {
113 #if USE_OPENSSL
116 #elif USE_GNUTLS
117  // NP: this is odd looking but correct.
118  // 'to-client' means we are a server, and vice versa.
119  BIO_TO_CLIENT = GNUTLS_SERVER,
120  BIO_TO_SERVER = GNUTLS_CLIENT
121 #else
122  BIO_TO_CLIENT = 6000,
123  BIO_TO_SERVER
124 #endif
125 };
126 
127 } // namespace Io
128 
129 class KeyData;
130 
131 #if USE_OPENSSL
132 typedef long ParsedOptions;
133 #elif USE_GNUTLS
134 typedef std::shared_ptr<struct gnutls_priority_st> ParsedOptions;
135 #else
136 class ParsedOptions {}; // we never parse/use TLS options in this case
137 #endif
138 
139 class PeerConnector;
140 class PeerOptions;
141 
142 #if USE_OPENSSL
143 CtoCpp1(EVP_PKEY_free, EVP_PKEY *)
144 typedef Security::LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, HardFun<int, EVP_PKEY *, EVP_PKEY_up_ref> > PrivateKeyPointer;
145 #elif USE_GNUTLS
146 typedef std::shared_ptr<struct gnutls_x509_privkey_int> PrivateKeyPointer;
147 #else
148 typedef std::shared_ptr<void> PrivateKeyPointer;
149 #endif
150 
151 class ServerOptions;
152 
153 } // namespace Security
154 
155 #endif /* SQUID_SRC_SECURITY_FORWARD_H */
156 
std::list< Security::CertPointer > CertList
Definition: forward.h:80
long ParsedOptions
Definition: forward.h:129
CtoCpp1(X509_free, X509 *)
CbDataList< Security::CertError > CertErrors
Holds a list of X.509 certificate errors.
Definition: forward.h:57
std::list< Security::CrlPointer > CertRevokeList
Definition: forward.h:82
int ErrorCode
Squid defined error code (&lt;0), an error code returned by X.509 API, or SSL_ERROR_NONE.
Definition: forward.h:91
Definition: cf_gen.cc:115
Security::LockingPointer< X509_CRL, X509_CRL_free_cpp, HardFun< int, X509_CRL *, X509_CRL_up_ref > > CrlPointer
Definition: forward.h:72
unsigned char code
Definition: html_quote.c:20
TLS certificate and private key details from squid.conf.
Definition: KeyData.h:20
Security::LockingPointer< DH, DH_free_cpp, HardFun< int, DH *, DH_up_ref > > DhePointer
Definition: forward.h:86
std::unordered_set< Security::ErrorCode > Errors
Definition: forward.h:108
const char * ErrorString(const ErrorCode code)
Definition: forward.h:96
Security::LockingPointer< X509, X509_free_cpp, HardFun< int, X509 *, X509_up_ref > > CertPointer
Definition: forward.h:63

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors