squid : Optimising Web Delivery

Go to the documentation of this file.

 /*
  * Copyright (C) 1996-2025 The Squid Software Foundation and contributors
  *
  * Squid software is distributed under GPLv2+ license and includes
  * contributions from numerous individuals and organizations.
  * Please see the COPYING and CONTRIBUTORS files for details.
  */
  
 #include "squid.h"
  
 #if USE_OPENSSL
  
 #include "fatal.h"
 #include "sbuf/Algorithms.h"
 #include "sbuf/SBuf.h"
  
 /* Stub File for the ssl/libsslsquid.la convenience library */
  
 #define STUB_API "ssl/libsslsquid.la"
 #include "tests/STUB.h"
  
 #include "ssl/Config.h"
 Ssl::Config::Config():
 #if USE_SSL_CRTD
     ssl_crtd(nullptr),
 #endif
     ssl_crt_validator(nullptr)
 {
     ssl_crt_validator_Children.concurrency = 1;
     STUB_NOP
 }
 Ssl::Config::~Config() STUB_NOP
 Ssl::Config Ssl::TheConfig;
  
 #include "ssl/context_storage.h"
 //Ssl::CertificateStorageAction::CertificateStorageAction(const Mgr::Command::Pointer &) STUB
 Ssl::CertificateStorageAction::Pointer Ssl::CertificateStorageAction::Create(const Mgr::Command::Pointer &) STUB_RETSTATREF(Ssl::CertificateStorageAction::Pointer)
 void Ssl::CertificateStorageAction::dump(StoreEntry *) STUB
 void Ssl::GlobalContextStorage::addLocalStorage(Ip::Address const &, size_t ) STUB
 Ssl::LocalContextStorage *Ssl::GlobalContextStorage::getLocalStorage(Ip::Address const &)
 { fatal(STUB_API " required"); static LocalContextStorage v(0); return &v; }
 void Ssl::GlobalContextStorage::reconfigureStart() STUB
  
 #include "ssl/ErrorDetail.h"
 #include "ssl/support.h"
 namespace Ssl
 {
 bool ParseErrorString(const char *, Security::Errors &) STUB_RETVAL(false)
 int AskPasswordCb(char *, int, int, void *) STUB_RETVAL(0)
 bool InitServerContext(Security::ContextPointer &, AnyP::PortCfg &) STUB_RETVAL(false)
 bool InitClientContext(Security::ContextPointer &, Security::PeerOptions &, Security::ParsedPortFlags) STUB_RETVAL(false)
 void ConfigurePeerVerification(Security::ContextPointer &, const Security::ParsedPortFlags) STUB
 void DisablePeerVerification(Security::ContextPointer &) STUB
 void MaybeSetupRsaCallback(Security::ContextPointer &) STUB
 } // namespace Ssl
 const char *sslGetUserEmail(SSL *) STUB_RETVAL(nullptr)
 const char *sslGetUserAttribute(SSL *, const char *) STUB_RETVAL(nullptr)
 const char *sslGetCAAttribute(SSL *, const char *) STUB_RETVAL(nullptr)
 SBuf sslGetUserCertificatePEM(SSL *) STUB_RETVAL(SBuf())
 SBuf sslGetUserCertificateChainPEM(SSL *) STUB_RETVAL(SBuf())
 namespace Ssl
 {
 //GETX509ATTRIBUTE GetX509UserAttribute;
 //GETX509ATTRIBUTE GetX509CAAttribute;
 //GETX509ATTRIBUTE GetX509Fingerprint;
 std::vector<const char *> BumpModeStr = {""};
 bool generateUntrustedCert(Security::CertPointer &, Security::PrivateKeyPointer &, Security::CertPointer const &, Security::PrivateKeyPointer const &) STUB_RETVAL(false)
 Security::ContextPointer GenerateSslContext(CertificateProperties const &, Security::ServerOptions &, bool) STUB_RETVAL(Security::ContextPointer())
 bool verifySslCertificate(const Security::ContextPointer &, CertificateProperties const &) STUB_RETVAL(false)
 Security::ContextPointer GenerateSslContextUsingPkeyAndCertFromMemory(const char *, Security::ServerOptions &, bool) STUB_RETVAL(Security::ContextPointer())
 bool HasMatchingSubjectName(X509 &, const GeneralNameMatcher &) STUB_RETVAL(false)
 bool HasSubjectName(X509 &, const AnyP::Host &) STUB_RETVAL(false)
 int asn1timeToString(ASN1_TIME *, char *, int) STUB_RETVAL(0)
 void setClientSNI(SSL *, const char *) STUB
 SBuf GetX509PEM(X509 *) STUB_RETVAL(SBuf())
 } //namespace Ssl
  
 #endif
  

sslGetCAAttribute

const char * sslGetCAAttribute(SSL *ssl, const char *attribute_name)

Definition: support.cc:967

fatal

void fatal(const char *message)

Definition: fatal.cc:28

Ssl::InitClientContext

bool InitClientContext(Security::ContextPointer &, Security::PeerOptions &, Security::ParsedPortFlags)

initialize a TLS client context with OpenSSL specific settings

Definition: support.cc:806

Ssl::asn1timeToString

int asn1timeToString(ASN1_TIME *tm, char *buf, int len)

Definition: support.cc:248

Ssl::HasMatchingSubjectName

bool HasMatchingSubjectName(X509 &, const GeneralNameMatcher &)

Definition: support.cc:307

Ssl::generateUntrustedCert

bool generateUntrustedCert(Security::CertPointer &untrustedCert, Security::PrivateKeyPointer &untrustedPkey, Security::CertPointer const &cert, Security::PrivateKeyPointer const &pkey)

Definition: support.cc:1463

Security::ContextPointer

std::shared_ptr< SSL_CTX > ContextPointer

Definition: Context.h:29

Ssl::MaybeSetupRsaCallback

void MaybeSetupRsaCallback(Security::ContextPointer &)

if required, setup callback for generating ephemeral RSA keys

Definition: support.cc:238

Ssl::InitServerContext

bool InitServerContext(Security::ContextPointer &, AnyP::PortCfg &)

initialize a TLS server context with OpenSSL specific settings

Definition: support.cc:797

SBuf

Definition: SBuf.h:93

Ssl::GetX509PEM

GETX509PEM GetX509PEM

Definition: support.h:121

support.h

sslGetUserEmail

const char * sslGetUserEmail(SSL *) STUB_RETVAL(nullptr) const char *sslGetUserAttribute(SSL *

Ssl::Config::~Config

~Config()

Definition: Config.cc:23

Ssl::Config::Config

Config()

Definition: Config.cc:14

Ssl::ParseErrorString

bool ParseErrorString(const char *name, Security::Errors &)

Definition: ErrorDetail.cc:111

Ssl::CertificateStorageAction::dump

void dump(StoreEntry *sentry) override

Definition: context_storage.cc:33

Config.h

SBuf.h

STUB_RETSTATREF

#define STUB_RETSTATREF(x)

Definition: STUB.h:55

AnyP

Definition: forward.h:14

Ssl::GlobalContextStorage::getLocalStorage

LocalContextStorage * getLocalStorage(Ip::Address const &address)

Return the local storage for the given listening address/port.

Definition: context_storage.cc:80

ClpMap

Definition: ClpMap.h:40

Ssl

Definition: Xaction.cc:39

Adaptation::Ecap::TheConfig

Config TheConfig

Definition: Config.cc:16

Security::ParsedPortFlags

long ParsedPortFlags

Definition: forward.h:204

AnyP::Host

either a domain name (as defined in DNS RFC 1034) or an IP address

Definition: Host.h:24

Ssl::GenerateSslContextUsingPkeyAndCertFromMemory

Security::ContextPointer GenerateSslContextUsingPkeyAndCertFromMemory(const char *data, Security::ServerOptions &, bool trusted)

Definition: support.cc:1038

STUB

#define STUB

macro to stub a void function.

Definition: STUB.h:34

sslGetUserCertificateChainPEM

SBuf sslGetUserCertificateChainPEM(SSL *ssl)

Definition: support.cc:998

Ssl::GenerateSslContext

Security::ContextPointer GenerateSslContext(CertificateProperties const &, Security::ServerOptions &, bool trusted)

Definition: support.cc:1052

RefCount< Action >

sslGetUserAttribute

const char * sslGetUserAttribute(SSL *ssl, const char *attribute_name)

Definition: support.cc:954

Ssl::BumpModeStr

std::vector< const char * > BumpModeStr

Definition: support.cc:46

Security::ServerOptions

TLS squid.conf settings for a listening port.

Definition: ServerOptions.h:25

Ssl::GlobalContextStorage::reconfigureStart

void reconfigureStart()

When reconfigring should be called this method.

Definition: context_storage.cc:91

StoreEntry

Definition: Store.h:37

Ssl::DisablePeerVerification

void DisablePeerVerification(Security::ContextPointer &)

Definition: support.cc:528

STUB_RETVAL

const char const char * STUB_RETVAL(nullptr) const char *sslGetCAAttribute(SSL *

Definition: stub_libsslsquid.cc:58

Ssl::AskPasswordCb

int AskPasswordCb(char *buf, int size, int rwflag, void *userdata)

Definition: support.cc:131

STUB.h

Ssl::CertificateStorageAction::Create

static Pointer Create(const Mgr::Command::Pointer &cmd)

Definition: context_storage.cc:28

Ssl::verifySslCertificate

bool verifySslCertificate(const Security::ContextPointer &, CertificateProperties const &)

Definition: support.cc:1141

STUB_NOP

#define STUB_NOP

Definition: STUB.h:38

Ssl::GlobalContextStorage::addLocalStorage

void addLocalStorage(Ip::Address const &address, size_t size_of_store)

Create new SSL context storage for the local listening address/port.

Definition: context_storage.cc:74

Ssl::HasSubjectName

bool HasSubjectName(X509 &, const AnyP::Host &)

whether at least one common or alternate subject name matches the given one

Definition: support.cc:338

fatal.h

Algorithms.h

Ssl::ConfigurePeerVerification

void ConfigurePeerVerification(Security::ContextPointer &, const Security::ParsedPortFlags)

set the certificate verify callback for a context

Definition: support.cc:501

Security::Errors

std::unordered_set< Security::ErrorCode > Errors

Definition: forward.h:165

squid.h

Security

Network/connection security abstraction layer.

Definition: Connection.h:33

Ip::Address

Definition: Address.h:42

sslGetUserCertificatePEM

SBuf sslGetUserCertificatePEM(SSL *ssl)

Definition: support.cc:987

Ssl::setClientSNI

void setClientSNI(SSL *ssl, const char *fqdn)

Definition: support.cc:1166

STUB_API

#define STUB_API

Definition: stub_libsslsquid.cc:19

Config

class SquidConfig Config

Definition: SquidConfig.cc:12

int

int unsigned int

Definition: stub_fd.cc:19

Ssl::LocalContextStorage

ClpMap< SBuf, Security::ContextPointer, MemoryUsedByContext > LocalContextStorage

Definition: context_storage.h:51

Security::LockingPointer

Definition: LockingPointer.h:50

squid-cache.org

Optimising Web Delivery

Introduction

Documentation

Support

Miscellaneous