support.h File Reference
#include "base/CbDataList.h"
#include "comm/forward.h"
#include "sbuf/SBuf.h"
#include "security/forward.h"
#include "ssl/gadgets.h"
#include <queue>
#include <map>
Include dependency graph for support.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Namespaces

 AnyP
 
 Ipc
 
 Ssl
 

Macros

#define SQUID_X509_V_ERR_INFINITE_VALIDATION   -4
 
#define SQUID_X509_V_ERR_CERT_CHANGE   -3
 
#define SQUID_ERR_SSL_HANDSHAKE   -2
 
#define SQUID_X509_V_ERR_DOMAIN_MISMATCH   -1
 
#define SQUID_SSL_ERROR_MIN   SQUID_X509_V_ERR_CERT_CHANGE
 
#define SQUID_SSL_ERROR_MAX   INT_MAX
 
#define SQUID_CERT_VALIDATION_ITERATION_MAX   16384
 

Typedefs

typedef RefCount
< CertValidationResponse > 
Ssl::CertValidationResponsePointer
 
typedef char const * Ssl::GETX509ATTRIBUTE (X509 *, const char *)
 
typedef std::multimap< SBuf,
X509 * > 
Ssl::CertsIndexedList
 certificates indexed by issuer name More...
 

Enumerations

enum  Ssl::BumpMode {
  Ssl::bumpNone = 0,
  Ssl::bumpClientFirst,
  Ssl::bumpServerFirst,
  Ssl::bumpPeek,
  Ssl::bumpStare,
  Ssl::bumpBump,
  Ssl::bumpSplice,
  Ssl::bumpTerminate,
  Ssl::bumpEnd
}
 
enum  Ssl::BumpStep {
  Ssl::bumpStep1,
  Ssl::bumpStep2,
  Ssl::bumpStep3
}
 

Functions

void Ssl::Initialize ()
 
bool Ssl::InitServerContext (Security::ContextPointer &, AnyP::PortCfg &)
 initialize a TLS server context with OpenSSL specific settings More...
 
bool Ssl::InitClientContext (Security::ContextPointer &, Security::PeerOptions &, long flags)
 initialize a TLS client context with OpenSSL specific settings More...
 
void Ssl::SetupVerifyCallback (Security::ContextPointer &)
 set the certificate verify callback for a context More...
 
void Ssl::MaybeSetupRsaCallback (Security::ContextPointer &)
 if required, setup callback for generating ephemeral RSA keys More...
 
const char * sslGetUserEmail (SSL *ssl)
 
const char * sslGetUserAttribute (SSL *ssl, const char *attribute_name)
 
const char * sslGetCAAttribute (SSL *ssl, const char *attribute_name)
 
const char * sslGetUserCertificatePEM (SSL *ssl)
 
const char * sslGetUserCertificateChainPEM (SSL *ssl)
 
const char * Ssl::bumpMode (int bm)
 
bool Ssl::loadCerts (const char *certsFile, Ssl::CertsIndexedList &list)
 
bool Ssl::loadSquidUntrusted (const char *path)
 
void Ssl::unloadSquidUntrusted ()
 
void Ssl::SSL_add_untrusted_cert (SSL *ssl, X509 *cert)
 
const char * Ssl::uriOfIssuerIfMissing (X509 *cert, Security::CertList const &serverCertificates, const Security::ContextPointer &context)
 
void Ssl::missingChainCertificatesUrls (std::queue< SBuf > &URIs, Security::CertList const &serverCertificates, const Security::ContextPointer &context)
 
bool Ssl::generateUntrustedCert (Security::CertPointer &untrustedCert, Security::PrivateKeyPointer &untrustedPkey, Security::CertPointer const &cert, Security::PrivateKeyPointer const &pkey)
 
Security::ContextPointer Ssl::GenerateSslContext (CertificateProperties const &, Security::ServerOptions &, bool trusted)
 
bool Ssl::verifySslCertificate (Security::ContextPointer &, CertificateProperties const &)
 
Security::ContextPointer Ssl::GenerateSslContextUsingPkeyAndCertFromMemory (const char *data, Security::ServerOptions &, bool trusted)
 
Security::ContextPointer Ssl::createSSLContext (Security::CertPointer &x509, Security::PrivateKeyPointer &pkey, Security::ServerOptions &)
 Create SSL context and apply ssl certificate and private key to it. More...
 
void Ssl::chainCertificatesToSSLContext (Security::ContextPointer &, Security::ServerOptions &)
 
void Ssl::configureUnconfiguredSslContext (Security::ContextPointer &, Ssl::CertSignAlgorithm signAlgorithm, AnyP::PortCfg &)
 
bool Ssl::configureSSL (SSL *ssl, CertificateProperties const &properties, AnyP::PortCfg &port)
 
bool Ssl::configureSSLUsingPkeyAndCertFromMemory (SSL *ssl, const char *data, AnyP::PortCfg &port)
 
void Ssl::addChainToSslContext (Security::ContextPointer &, Security::CertList &)
 
void Ssl::useSquidUntrusted (SSL_CTX *sslContext)
 
void Ssl::readCertChainAndPrivateKeyFromFiles (Security::CertPointer &cert, Security::PrivateKeyPointer &pkey, Security::CertList &chain, char const *certFilename, char const *keyFilename)
 
int Ssl::matchX509CommonNames (X509 *peer_cert, void *check_data, int(*check_func)(void *check_data, ASN1_STRING *cn_data))
 
bool Ssl::checkX509ServerValidity (X509 *cert, const char *server)
 
int Ssl::asn1timeToString (ASN1_TIME *tm, char *buf, int len)
 
bool Ssl::setClientSNI (SSL *ssl, const char *fqdn)
 
void Ssl::InRamCertificateDbKey (const Ssl::CertificateProperties &certProperties, SBuf &key)
 
BIO * Ssl::BIO_new_SBuf (SBuf *buf)
 

Variables

GETX509ATTRIBUTE Ssl::GetX509UserAttribute
 
GETX509ATTRIBUTE Ssl::GetX509CAAttribute
 
GETX509ATTRIBUTE Ssl::GetX509Fingerprint
 
const EVP_MD * Ssl::DefaultSignHash = NULL
 
std::vector< const char * > Ssl::BumpModeStr
 

Macro Definition Documentation

#define SQUID_CERT_VALIDATION_ITERATION_MAX   16384

Definition at line 53 of file support.h.

Referenced by ssl_verify_cb().

#define SQUID_ERR_SSL_HANDSHAKE   -2

Definition at line 42 of file support.h.

Referenced by Security::PeerConnector::noteNegotiationError().

#define SQUID_SSL_ERROR_MAX   INT_MAX

Definition at line 46 of file support.h.

Referenced by Ssl::ParseErrorString().

#define SQUID_SSL_ERROR_MIN   SQUID_X509_V_ERR_CERT_CHANGE

Definition at line 45 of file support.h.

Referenced by Ssl::ParseErrorString().

#define SQUID_X509_V_ERR_CERT_CHANGE   -3

Definition at line 41 of file support.h.

Referenced by ssl_verify_cb().

#define SQUID_X509_V_ERR_DOMAIN_MISMATCH   -1

Definition at line 43 of file support.h.

Referenced by ConnStateData::serveDelayedError(), and ssl_verify_cb().

#define SQUID_X509_V_ERR_INFINITE_VALIDATION   -4

Definition at line 40 of file support.h.

Referenced by ssl_verify_cb().

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors