forward.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2018 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SRC_SECURITY_FORWARD_H
10 #define SQUID_SRC_SECURITY_FORWARD_H
11 
12 #include "base/CbDataList.h"
13 #include "security/Context.h"
14 #include "security/Session.h"
15 
16 #if USE_GNUTLS && HAVE_GNUTLS_ABSTRACT_H
17 #include <gnutls/abstract.h>
18 #endif
19 #include <list>
20 #if USE_OPENSSL && HAVE_OPENSSL_ERR_H
21 #include <openssl/err.h>
22 #endif
23 #include <unordered_set>
24 
25 #if USE_OPENSSL
26 // Macro to be used to define the C++ wrapper functor of the sk_*_pop_free
27 // OpenSSL family of functions. The C++ functor is suffixed with the _free_wrapper
28 // extension
29 #define sk_dtor_wrapper(sk_object, argument_type, freefunction) \
30  struct sk_object ## _free_wrapper { \
31  void operator()(argument_type a) { sk_object ## _pop_free(a, freefunction); } \
32  }
33 
34 #if !HAVE_LIBCRYPTO_X509_UP_REF // OpenSSL 1.1 API
35 #if defined(CRYPTO_LOCK_X509) // OpenSSL 1.0 API
36 inline int X509_up_ref(X509 *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_X509); return 0;}
37 #else
38 #error missing both OpenSSL API features X509_up_ref (v1.1) and CRYPTO_LOCK_X509 (v1.0)
39 #endif /* CRYPTO_LOCK_X509 */
40 #endif /* X509_up_ref */
41 
42 #if !HAVE_LIBCRYPTO_X509_CRL_UP_REF // OpenSSL 1.1 API
43 #if defined(CRYPTO_LOCK_X509_CRL) // OpenSSL 1.0 API
44 inline int X509_CRL_up_ref(X509_CRL *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_X509_CRL); return 0;}
45 #else
46 #error missing both OpenSSL API features X509_up_ref (v1.1) and CRYPTO_LOCK_X509 (v1.0)
47 #endif /* CRYPTO_LOCK_X509_CRL */
48 #endif /* X509_CRL_up_ref */
49 #if !HAVE_LIBCRYPTO_DH_UP_REF // OpenSSL 1.1 API
50 #if defined(CRYPTO_LOCK_DH) // OpenSSL 1.0 API
51 inline int DH_up_ref(DH *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_DH); return 0;}
52 #else
53 
54 #error missing both OpenSSL API features DH_up_ref (v1.1) and CRYPTO_LOCK_DH (v1.0)
55 #endif /* OpenSSL 1.0 CRYPTO_LOCK_X509_CRL */
56 #endif /* OpenSSL 1.1 DH_up_ref */
57 
58 #if !HAVE_LIBCRYPTO_EVP_PKEY_UP_REF
59 #if defined(CRYPTO_LOCK_EVP_PKEY) // OpenSSL 1.0
60 inline int EVP_PKEY_up_ref(EVP_PKEY *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_EVP_PKEY); return 0;}
61 #endif
62 #else
63 #error missing both OpenSSL API features EVP_PKEY_up_ref (v1.1) and CRYPTO_LOCK_EVP_PKEY (v1.0)
64 #endif
65 
66 #endif /* USE_OPENSSL */
67 
68 /* flags a SSL connection can be configured with */
69 #define SSL_FLAG_NO_DEFAULT_CA (1<<0)
70 #define SSL_FLAG_DELAYED_AUTH (1<<1)
71 #define SSL_FLAG_DONT_VERIFY_PEER (1<<2)
72 #define SSL_FLAG_DONT_VERIFY_DOMAIN (1<<3)
73 #define SSL_FLAG_NO_SESSION_REUSE (1<<4)
74 #define SSL_FLAG_VERIFY_CRL (1<<5)
75 #define SSL_FLAG_VERIFY_CRL_ALL (1<<6)
76 
78 namespace Security
79 {
80 
81 class CertError;
84 
85 #if USE_OPENSSL
86 CtoCpp1(X509_free, X509 *)
87 typedef Security::LockingPointer<X509, X509_free_cpp, HardFun<int, X509 *, X509_up_ref> > CertPointer;
88 #elif USE_GNUTLS
89 typedef std::shared_ptr<struct gnutls_x509_crt_int> CertPointer;
90 #else
91 typedef std::shared_ptr<void> CertPointer;
92 #endif
93 
94 #if USE_OPENSSL
95 CtoCpp1(X509_CRL_free, X509_CRL *)
96 typedef Security::LockingPointer<X509_CRL, X509_CRL_free_cpp, HardFun<int, X509_CRL *, X509_CRL_up_ref> > CrlPointer;
97 #elif USE_GNUTLS
98 CtoCpp1(gnutls_x509_crl_deinit, gnutls_x509_crl_t)
99 typedef Security::LockingPointer<struct gnutls_x509_crl_int, gnutls_x509_crl_deinit> CrlPointer;
100 #else
101 typedef void *CrlPointer;
102 #endif
103 
104 typedef std::list<Security::CertPointer> CertList;
105 
106 typedef std::list<Security::CrlPointer> CertRevokeList;
107 
108 #if USE_OPENSSL
109 CtoCpp1(DH_free, DH *);
111 #else
112 typedef void *DhePointer;
113 #endif
114 
116 
118 typedef int ErrorCode;
119 
120 inline const char *ErrorString(const ErrorCode code) {
121 #if USE_OPENSSL
122  return ERR_error_string(code, nullptr);
123 #elif USE_GNUTLS
124  return gnutls_strerror(code);
125 #else
126  return "[no TLS library]";
127 #endif
128 }
129 
132 typedef std::unordered_set<Security::ErrorCode> Errors;
133 
134 namespace Io
135 {
136 enum Type {
137 #if USE_OPENSSL
140 #elif USE_GNUTLS
141  // NP: this is odd looking but correct.
142  // 'to-client' means we are a server, and vice versa.
143  BIO_TO_CLIENT = GNUTLS_SERVER,
144  BIO_TO_SERVER = GNUTLS_CLIENT
145 #else
146  BIO_TO_CLIENT = 6000,
147  BIO_TO_SERVER
148 #endif
149 };
150 
151 } // namespace Io
152 
153 class KeyData;
154 
155 #if USE_OPENSSL
156 typedef long ParsedOptions;
157 #elif USE_GNUTLS
158 typedef std::shared_ptr<struct gnutls_priority_st> ParsedOptions;
159 #else
160 class ParsedOptions {}; // we never parse/use TLS options in this case
161 #endif
162 
163 class PeerConnector;
164 class PeerOptions;
165 
166 #if USE_OPENSSL
167 CtoCpp1(EVP_PKEY_free, EVP_PKEY *)
168 typedef Security::LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, HardFun<int, EVP_PKEY *, EVP_PKEY_up_ref> > PrivateKeyPointer;
169 #elif USE_GNUTLS
170 typedef std::shared_ptr<struct gnutls_x509_privkey_int> PrivateKeyPointer;
171 #else
172 typedef std::shared_ptr<void> PrivateKeyPointer;
173 #endif
174 
175 class ServerOptions;
176 
177 } // namespace Security
178 
179 #endif /* SQUID_SRC_SECURITY_FORWARD_H */
180 
long ParsedOptions
Definition: forward.h:153
CtoCpp1(X509_free, X509 *) typedef Security CtoCpp1(X509_CRL_free, X509_CRL *) typedef Security typedef std::list< Security::CertPointer CertList)
Definition: forward.h:95
CbDataList< Security::CertError > CertErrors
Holds a list of X.509 certificate errors.
Definition: forward.h:81
std::list< Security::CrlPointer > CertRevokeList
Definition: forward.h:106
int ErrorCode
Squid defined error code (<0), an error code returned by X.509 API, or SSL_ERROR_NONE.
Definition: forward.h:115
Definition: cf_gen.cc:115
unsigned char code
Definition: html_quote.c:20
TLS certificate and private key details from squid.conf.
Definition: KeyData.h:20
Security::LockingPointer< DH, DH_free_cpp, HardFun< int, DH *, DH_up_ref > > DhePointer
Definition: forward.h:110
std::unordered_set< Security::ErrorCode > Errors
Definition: forward.h:132
CtoCpp1(DH_free, DH *)
const char * ErrorString(const ErrorCode code)
Definition: forward.h:120

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors