forward.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SRC_SECURITY_FORWARD_H
10 #define SQUID_SRC_SECURITY_FORWARD_H
11 
12 #include "base/CbDataList.h"
13 #include "security/Context.h"
14 #include "security/Session.h"
15 
16 #if USE_GNUTLS && HAVE_GNUTLS_X509_H
17 #include <gnutls/x509.h>
18 #endif
19 #include <list>
20 #if USE_OPENSSL && HAVE_OPENSSL_ERR_H
21 #include <openssl/err.h>
22 #endif
23 #include <unordered_set>
24 
25 #if USE_OPENSSL
26 // Macro to be used to define the C++ wrapper functor of the sk_*_pop_free
27 // OpenSSL family of functions. The C++ functor is suffixed with the _free_wrapper
28 // extension
29 #define sk_dtor_wrapper(sk_object, argument_type, freefunction) \
30  struct sk_object ## _free_wrapper { \
31  void operator()(argument_type a) { sk_object ## _pop_free(a, freefunction); } \
32  }
33 
34 #if !HAVE_LIBCRYPTO_X509_UP_REF // OpenSSL 1.1 API
35 #if defined(CRYPTO_LOCK_X509) // OpenSSL 1.0 API
36 inline int X509_up_ref(X509 *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_X509); return 0;}
37 #else
38 #error missing both OpenSSL API features X509_up_ref (v1.1) and CRYPTO_LOCK_X509 (v1.0)
39 #endif /* CRYPTO_LOCK_X509 */
40 #endif /* X509_up_ref */
41 
42 #if !HAVE_LIBCRYPTO_X509_CRL_UP_REF // OpenSSL 1.1 API
43 #if defined(CRYPTO_LOCK_X509_CRL) // OpenSSL 1.0 API
44 inline int X509_CRL_up_ref(X509_CRL *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_X509_CRL); return 0;}
45 #else
46 #error missing both OpenSSL API features X509_up_ref (v1.1) and CRYPTO_LOCK_X509 (v1.0)
47 #endif /* CRYPTO_LOCK_X509_CRL */
48 #endif /* X509_CRL_up_ref */
49 #if !HAVE_LIBCRYPTO_DH_UP_REF // OpenSSL 1.1 API
50 #if defined(CRYPTO_LOCK_DH) // OpenSSL 1.0 API
51 inline int DH_up_ref(DH *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_DH); return 0;}
52 #else
53 
54 #error missing both OpenSSL API features DH_up_ref (v1.1) and CRYPTO_LOCK_DH (v1.0)
55 #endif /* OpenSSL 1.0 CRYPTO_LOCK_X509_CRL */
56 #endif /* OpenSSL 1.1 DH_up_ref */
57 
58 #if !HAVE_LIBCRYPTO_EVP_PKEY_UP_REF
59 #if defined(CRYPTO_LOCK_EVP_PKEY) // OpenSSL 1.0
60 inline int EVP_PKEY_up_ref(EVP_PKEY *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_EVP_PKEY); return 0;}
61 #endif
62 #else
63 #error missing both OpenSSL API features EVP_PKEY_up_ref (v1.1) and CRYPTO_LOCK_EVP_PKEY (v1.0)
64 #endif
65 
66 #endif /* USE_OPENSSL */
67 
68 /* flags a SSL connection can be configured with */
69 #define SSL_FLAG_NO_DEFAULT_CA (1<<0)
70 #define SSL_FLAG_DELAYED_AUTH (1<<1)
71 #define SSL_FLAG_DONT_VERIFY_PEER (1<<2)
72 #define SSL_FLAG_DONT_VERIFY_DOMAIN (1<<3)
73 #define SSL_FLAG_NO_SESSION_REUSE (1<<4)
74 #define SSL_FLAG_VERIFY_CRL (1<<5)
75 #define SSL_FLAG_VERIFY_CRL_ALL (1<<6)
76 
78 namespace Security
79 {
80 
81 class CertError;
84 
85 #if USE_OPENSSL
86 CtoCpp1(X509_free, X509 *)
87 typedef Security::LockingPointer<X509, X509_free_cpp, HardFun<int, X509 *, X509_up_ref> > CertPointer;
88 #elif USE_GNUTLS
89 CtoCpp1(gnutls_x509_crt_deinit, gnutls_x509_crt_t)
90 typedef Security::LockingPointer<struct gnutls_x509_crt_int, gnutls_x509_crt_deinit> CertPointer;
91 #else
92 typedef void * CertPointer;
93 #endif
94 
95 #if USE_OPENSSL
96 CtoCpp1(X509_CRL_free, X509_CRL *)
97 typedef Security::LockingPointer<X509_CRL, X509_CRL_free_cpp, HardFun<int, X509_CRL *, X509_CRL_up_ref> > CrlPointer;
98 #elif USE_GNUTLS
99 CtoCpp1(gnutls_x509_crl_deinit, gnutls_x509_crl_t)
100 typedef Security::LockingPointer<struct gnutls_x509_crl_int, gnutls_x509_crl_deinit> CrlPointer;
101 #else
102 typedef void *CrlPointer;
103 #endif
104 
105 typedef std::list<Security::CertPointer> CertList;
106 
107 typedef std::list<Security::CrlPointer> CertRevokeList;
108 
109 #if USE_OPENSSL
110 CtoCpp1(DH_free, DH *);
112 #else
113 typedef void *DhePointer;
114 #endif
115 
117 
119 typedef int ErrorCode;
120 
121 inline const char *ErrorString(const ErrorCode code) {
122 #if USE_OPENSSL
123  return ERR_error_string(code, nullptr);
124 #elif USE_GNUTLS
125  return gnutls_strerror(code);
126 #else
127  return "[no TLS library]";
128 #endif
129 }
130 
133 typedef std::unordered_set<Security::ErrorCode> Errors;
134 
135 namespace Io
136 {
137 enum Type {
138 #if USE_OPENSSL
141 #elif USE_GNUTLS
142  // NP: this is odd looking but correct.
143  // 'to-client' means we are a server, and vice versa.
144  BIO_TO_CLIENT = GNUTLS_SERVER,
145  BIO_TO_SERVER = GNUTLS_CLIENT
146 #else
147  BIO_TO_CLIENT = 6000,
148  BIO_TO_SERVER
149 #endif
150 };
151 
152 } // namespace Io
153 
154 class KeyData;
155 
156 #if USE_OPENSSL
157 typedef long ParsedOptions;
158 #elif USE_GNUTLS
159 typedef std::shared_ptr<struct gnutls_priority_st> ParsedOptions;
160 #else
161 class ParsedOptions {}; // we never parse/use TLS options in this case
162 #endif
163 
164 class PeerConnector;
165 class PeerOptions;
166 
167 #if USE_OPENSSL
168 CtoCpp1(EVP_PKEY_free, EVP_PKEY *)
169 typedef Security::LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, HardFun<int, EVP_PKEY *, EVP_PKEY_up_ref> > PrivateKeyPointer;
170 #else
171 // XXX: incompatible with the other PrivateKeyPointer declaration (lacks self-initialization)
172 typedef void *PrivateKeyPointer;
173 #endif
174 
175 class ServerOptions;
176 
177 } // namespace Security
178 
179 #endif /* SQUID_SRC_SECURITY_FORWARD_H */
180 
long ParsedOptions
Definition: forward.h:154
CtoCpp1(X509_free, X509 *) typedef Security CtoCpp1(X509_CRL_free, X509_CRL *) typedef Security typedef std::list< Security::CertPointer CertList)
Definition: forward.h:96
CbDataList< Security::CertError > CertErrors
Holds a list of X.509 certificate errors.
Definition: forward.h:81
std::list< Security::CrlPointer > CertRevokeList
Definition: forward.h:107
int ErrorCode
Squid defined error code (<0), an error code returned by X.509 API, or SSL_ERROR_NONE.
Definition: forward.h:116
Definition: cf_gen.cc:115
unsigned char code
Definition: html_quote.c:20
TLS certificate and private key details from squid.conf.
Definition: KeyData.h:19
Security::LockingPointer< DH, DH_free_cpp, HardFun< int, DH *, DH_up_ref > > DhePointer
Definition: forward.h:111
std::unordered_set< Security::ErrorCode > Errors
Definition: forward.h:133
CtoCpp1(DH_free, DH *)
const char * ErrorString(const ErrorCode code)
Definition: forward.h:121

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors