support.cc File Reference
#include "squid.h"
#include "acl/FilledChecklist.h"
#include "anyp/PortCfg.h"
#include "anyp/Uri.h"
#include "fatal.h"
#include "fd.h"
#include "fde.h"
#include "globals.h"
#include "ipc/MemMap.h"
#include "security/CertError.h"
#include "security/Session.h"
#include "SquidConfig.h"
#include "SquidTime.h"
#include "ssl/bio.h"
#include "ssl/Config.h"
#include "ssl/ErrorDetail.h"
#include "ssl/gadgets.h"
#include "ssl/support.h"
#include <cerrno>
Include dependency graph for support.cc:

Go to the source code of this file.

Functions

static void ssl_ask_password (SSL_CTX *context, const char *prompt)
 
static int check_domain (void *check_data, ASN1_STRING *cn_data)
 
static int ssl_verify_cb (int ok, X509_STORE_CTX *ctx)
 
static int ssl_dupAclChecklist (CRYPTO_EX_DATA *, CRYPTO_EX_DATA *, void *, int, long, void *)
 
static void ssl_freeAclChecklist (void *, void *ptr, CRYPTO_EX_DATA *, int, long, void *)
 
static void ssl_free_ErrorDetail (void *, void *ptr, CRYPTO_EX_DATA *, int, long, void *)
 
static void ssl_free_SslErrors (void *, void *ptr, CRYPTO_EX_DATA *, int, long, void *)
 
static void ssl_free_int (void *, void *ptr, CRYPTO_EX_DATA *, int, long, void *)
 
static void ssl_free_CertChain (void *, void *ptr, CRYPTO_EX_DATA *, int, long, void *)
 
static void ssl_free_X509 (void *, void *ptr, CRYPTO_EX_DATA *, int, long, void *)
 
static void ssl_free_SBuf (void *, void *ptr, CRYPTO_EX_DATA *, int, long, void *)
 
static const char * ssl_get_attribute (X509_NAME *name, const char *attribute_name)
 
const char * sslGetUserAttribute (SSL *ssl, const char *attribute_name)
 
const char * sslGetCAAttribute (SSL *ssl, const char *attribute_name)
 
const char * sslGetUserEmail (SSL *ssl)
 
SBuf sslGetUserCertificatePEM (SSL *ssl)
 
SBuf sslGetUserCertificateChainPEM (SSL *ssl)
 
static const char * hasAuthorityInfoAccessCaIssuers (X509 *cert)
 
static X509 * findCertIssuerFast (Ssl::CertsIndexedList &list, X509 *cert)
 
static bool findCertIssuer (Security::CertList const &list, X509 *cert)
 slowly find the issuer certificate of a given cert using linear search More...
 
static bool issuerExistInCaDb (X509 *cert, const Security::ContextPointer &connContext)
 
static X509 * sk_x509_findIssuer (STACK_OF(X509) *sk, X509 *cert)
 Search for the issuer certificate of cert in sk list. More...
 
static void completeIssuers (X509_STORE_CTX *ctx, STACK_OF(X509) *untrustedCerts)
 add missing issuer certificates to untrustedCerts More...
 
static int untrustedToStoreCtx_cb (X509_STORE_CTX *ctx, void *data)
 OpenSSL certificate validation callback. More...
 
static int bio_sbuf_create (BIO *bio)
 
static int bio_sbuf_destroy (BIO *bio)
 
int bio_sbuf_write (BIO *bio, const char *data, int len)
 
int bio_sbuf_puts (BIO *bio, const char *data)
 
long bio_sbuf_ctrl (BIO *bio, int cmd, long num, void *ptr)
 

Variables

int ssl_ex_index_ssl_untrusted_chain = -1
 
static Ssl::CertsIndexedList SquidUntrustedCerts
 

Function Documentation

◆ bio_sbuf_create()

static int bio_sbuf_create ( BIO *  bio)
static

Definition at line 1226 of file support.cc.

References BIO_set_data(), BIO_set_init(), and NULL.

Referenced by Ssl::BIO_new_SBuf().

◆ bio_sbuf_ctrl()

long bio_sbuf_ctrl ( BIO *  bio,
int  cmd,
long  num,
void *  ptr 
)

Definition at line 1261 of file support.cc.

References BIO_get_data(), buf, and SBuf::clear().

Referenced by Ssl::BIO_new_SBuf().

◆ bio_sbuf_destroy()

static int bio_sbuf_destroy ( BIO *  bio)
static

Definition at line 1234 of file support.cc.

Referenced by Ssl::BIO_new_SBuf().

◆ bio_sbuf_puts()

int bio_sbuf_puts ( BIO *  bio,
const char *  data 
)

Definition at line 1251 of file support.cc.

References SBuf::append(), BIO_get_data(), buf, and SBuf::length().

Referenced by Ssl::BIO_new_SBuf().

◆ bio_sbuf_write()

int bio_sbuf_write ( BIO *  bio,
const char *  data,
int  len 
)

Definition at line 1242 of file support.cc.

References SBuf::append(), BIO_get_data(), buf, and len.

Referenced by Ssl::BIO_new_SBuf().

◆ check_domain()

static int check_domain ( void *  check_data,
ASN1_STRING *  cn_data 
)
static

Definition at line 228 of file support.cc.

References debugs, i, matchDomainName(), mdnRejectSubsubDomains, and server.

Referenced by Ssl::checkX509ServerValidity().

◆ completeIssuers()

static void completeIssuers ( X509_STORE_CTX *  ctx,
STACK_OF(X509) *  untrustedCerts 
)
static

◆ findCertIssuer()

static bool findCertIssuer ( Security::CertList const &  list,
X509 *  cert 
)
static

Definition at line 990 of file support.cc.

Referenced by Ssl::uriOfIssuerIfMissing().

◆ findCertIssuerFast()

static X509* findCertIssuerFast ( Ssl::CertsIndexedList list,
X509 *  cert 
)
static

quickly find the issuer certificate of a certificate cert in the Ssl::CertsIndexedList list

Definition at line 969 of file support.cc.

References NULL.

Referenced by completeIssuers(), and Ssl::uriOfIssuerIfMissing().

◆ hasAuthorityInfoAccessCaIssuers()

static const char* hasAuthorityInfoAccessCaIssuers ( X509 *  cert)
static

Definition at line 917 of file support.cc.

References ASN1_STRING_get0_data(), i, MAX_URL, NULL, and xstrncpy().

Referenced by Ssl::uriOfIssuerIfMissing().

◆ issuerExistInCaDb()

static bool issuerExistInCaDb ( X509 *  cert,
const Security::ContextPointer connContext 
)
static
Returns
true if the cert issuer exist in the certificates stored in connContext

Definition at line 1001 of file support.cc.

References DBG_IMPORTANT, debugs, and Security::ErrorString().

Referenced by Ssl::uriOfIssuerIfMissing().

◆ sk_x509_findIssuer()

static X509* sk_x509_findIssuer ( STACK_OF(X509) *  sk,
X509 *  cert 
)
static

Definition at line 1077 of file support.cc.

References i, and NULL.

Referenced by completeIssuers().

◆ ssl_dupAclChecklist()

static int ssl_dupAclChecklist ( CRYPTO_EX_DATA *  ,
CRYPTO_EX_DATA *  ,
void *  ,
int  ,
long  ,
void *   
)
static

Definition at line 405 of file support.cc.

References assert.

Referenced by Ssl::Initialize(), and Ssl::SetupVerifyCallback().

◆ ssl_free_ErrorDetail()

static void ssl_free_ErrorDetail ( void *  ,
void *  ptr,
CRYPTO_EX_DATA *  ,
int  ,
long  ,
void *   
)
static

Definition at line 425 of file support.cc.

Referenced by Ssl::Initialize().

◆ ssl_free_int()

static void ssl_free_int ( void *  ,
void *  ptr,
CRYPTO_EX_DATA *  ,
int  ,
long  ,
void *   
)
static

Definition at line 442 of file support.cc.

Referenced by Ssl::Initialize().

◆ ssl_free_SBuf()

static void ssl_free_SBuf ( void *  ,
void *  ptr,
CRYPTO_EX_DATA *  ,
int  ,
long  ,
void *   
)
static

Definition at line 471 of file support.cc.

References buf.

Referenced by Ssl::Initialize().

◆ ssl_free_SslErrors()

static void ssl_free_SslErrors ( void *  ,
void *  ptr,
CRYPTO_EX_DATA *  ,
int  ,
long  ,
void *   
)
static

Definition at line 433 of file support.cc.

Referenced by Ssl::Initialize().

◆ ssl_free_X509()

static void ssl_free_X509 ( void *  ,
void *  ptr,
CRYPTO_EX_DATA *  ,
int  ,
long  ,
void *   
)
static

Definition at line 462 of file support.cc.

Referenced by Ssl::Initialize().

◆ ssl_freeAclChecklist()

static void ssl_freeAclChecklist ( void *  ,
void *  ptr,
CRYPTO_EX_DATA *  ,
int  ,
long  ,
void *   
)
static

Definition at line 417 of file support.cc.

Referenced by Ssl::Initialize().

◆ untrustedToStoreCtx_cb()

static int untrustedToStoreCtx_cb ( X509_STORE_CTX *  ctx,
void *  data 
)
static

Variable Documentation

◆ SquidUntrustedCerts

◆ ssl_ex_index_ssl_untrusted_chain

int ssl_ex_index_ssl_untrusted_chain = -1

Definition at line 39 of file support.cc.

Referenced by Ssl::Initialize(), Ssl::SSL_add_untrusted_cert(), and untrustedToStoreCtx_cb().

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors