forward.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SRC_SECURITY_FORWARD_H
10 #define SQUID_SRC_SECURITY_FORWARD_H
11 
12 #include "base/CbDataList.h"
13 #include "security/Context.h"
14 #include "security/Session.h"
15 
16 #if USE_GNUTLS && HAVE_GNUTLS_ABSTRACT_H
17 #include <gnutls/abstract.h>
18 #endif
19 #include <list>
20 #if USE_OPENSSL
21 #include "compat/openssl.h"
22 #if HAVE_OPENSSL_BN_H
23 #include <openssl/bn.h>
24 #endif
25 #if HAVE_OPENSSL_ERR_H
26 #include <openssl/err.h>
27 #endif
28 #if HAVE_OPENSSL_RSA_H
29 #include <openssl/rsa.h>
30 #endif
31 #endif /* USE_OPENSSL */
32 #include <unordered_set>
33 
34 #if USE_OPENSSL
35 // Macro to be used to define the C++ wrapper functor of the sk_*_pop_free
36 // OpenSSL family of functions. The C++ functor is suffixed with the _free_wrapper
37 // extension
38 #define sk_dtor_wrapper(sk_object, argument_type, freefunction) \
39  struct sk_object ## _free_wrapper { \
40  void operator()(argument_type a) { sk_object ## _pop_free(a, freefunction); } \
41  }
42 #endif /* USE_OPENSSL */
43 
44 /* flags a SSL connection can be configured with */
45 #define SSL_FLAG_NO_DEFAULT_CA (1<<0)
46 #define SSL_FLAG_DELAYED_AUTH (1<<1)
47 #define SSL_FLAG_DONT_VERIFY_PEER (1<<2)
48 #define SSL_FLAG_DONT_VERIFY_DOMAIN (1<<3)
49 #define SSL_FLAG_NO_SESSION_REUSE (1<<4)
50 #define SSL_FLAG_VERIFY_CRL (1<<5)
51 #define SSL_FLAG_VERIFY_CRL_ALL (1<<6)
52 #define SSL_FLAG_CONDITIONAL_AUTH (1<<7)
53 
55 namespace Security
56 {
57 
58 class CertError;
61 
62 #if USE_OPENSSL
63 CtoCpp1(X509_free, X509 *);
65 #elif USE_GNUTLS
66 typedef std::shared_ptr<struct gnutls_x509_crt_int> CertPointer;
67 #else
68 typedef std::shared_ptr<void> CertPointer;
69 #endif
70 
71 #if USE_OPENSSL
72 CtoCpp1(X509_CRL_free, X509_CRL *);
74 #elif USE_GNUTLS
75 CtoCpp1(gnutls_x509_crl_deinit, gnutls_x509_crl_t);
77 #else
78 typedef void *CrlPointer;
79 #endif
80 
81 typedef std::list<Security::CertPointer> CertList;
82 
83 typedef std::list<Security::CrlPointer> CertRevokeList;
84 
85 #if USE_OPENSSL
86 CtoCpp1(DH_free, DH *);
88 #else
89 typedef void *DhePointer;
90 #endif
91 
93 
95 typedef int ErrorCode;
96 
97 inline const char *ErrorString(const ErrorCode code) {
98 #if USE_OPENSSL
99  return ERR_error_string(code, nullptr);
100 #elif USE_GNUTLS
101  return gnutls_strerror(code);
102 #else
103  return "[no TLS library]";
104 #endif
105 }
106 
109 typedef std::unordered_set<Security::ErrorCode> Errors;
110 
111 namespace Io
112 {
113 enum Type {
114 #if USE_OPENSSL
117 #elif USE_GNUTLS
118  // NP: this is odd looking but correct.
119  // 'to-client' means we are a server, and vice versa.
120  BIO_TO_CLIENT = GNUTLS_SERVER,
121  BIO_TO_SERVER = GNUTLS_CLIENT
122 #else
123  BIO_TO_CLIENT = 6000,
125 #endif
126 };
127 
128 } // namespace Io
129 
130 class KeyData;
131 
132 #if USE_OPENSSL
133 typedef long ParsedOptions;
134 #elif USE_GNUTLS
135 typedef std::shared_ptr<struct gnutls_priority_st> ParsedOptions;
136 #else
137 class ParsedOptions {}; // we never parse/use TLS options in this case
138 #endif
139 
143 typedef long ParsedPortFlags;
144 
145 class PeerConnector;
146 class PeerOptions;
147 
148 #if USE_OPENSSL
149 CtoCpp1(EVP_PKEY_free, EVP_PKEY *)
151 #elif USE_GNUTLS
152 typedef std::shared_ptr<struct gnutls_x509_privkey_int> PrivateKeyPointer;
153 #else
154 typedef std::shared_ptr<void> PrivateKeyPointer;
155 #endif
156 
157 class ServerOptions;
158 
159 } // namespace Security
160 
161 #endif /* SQUID_SRC_SECURITY_FORWARD_H */
162 
int ErrorCode
Squid defined error code (<0), an error code returned by X.509 API, or SSL_ERROR_NONE.
Definition: forward.h:92
Security::LockingPointer< X509, X509_free_cpp, HardFun< int, X509 *, X509_up_ref > > CertPointer
Definition: forward.h:64
@ BIO_TO_SERVER
Definition: forward.h:116
const char * ErrorString(const ErrorCode code)
Definition: forward.h:97
@ BIO_TO_CLIENT
Definition: forward.h:115
Security::LockingPointer< DH, DH_free_cpp, HardFun< int, DH *, DH_up_ref > > DhePointer
Definition: forward.h:87
TLS squid.conf settings for a remote server peer.
Definition: PeerOptions.h:23
unsigned char code
Definition: html_quote.c:20
long ParsedPortFlags
Definition: forward.h:143
Definition: cf_gen.cc:108
CtoCpp1(X509_free, X509 *)
CbDataList< Security::CertError > CertErrors
Holds a list of X.509 certificate errors.
Definition: forward.h:58
TLS squid.conf settings for a listening port.
Definition: ServerOptions.h:25
TLS certificate and private key details from squid.conf.
Definition: KeyData.h:20
std::list< Security::CertPointer > CertList
Definition: forward.h:81
std::list< Security::CrlPointer > CertRevokeList
Definition: forward.h:83
std::unordered_set< Security::ErrorCode > Errors
Definition: forward.h:109
Security::LockingPointer< X509_CRL, X509_CRL_free_cpp, HardFun< int, X509_CRL *, X509_CRL_up_ref > > CrlPointer
Definition: forward.h:73
Network/connection security abstraction layer.
Definition: Connection.h:33
long ParsedOptions
Definition: forward.h:130

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors