support.cc File Reference
#include "squid.h"
#include "acl/FilledChecklist.h"
#include "anyp/PortCfg.h"
#include "fatal.h"
#include "fd.h"
#include "fde.h"
#include "globals.h"
#include "ipc/MemMap.h"
#include "security/CertError.h"
#include "security/Session.h"
#include "SquidConfig.h"
#include "SquidTime.h"
#include "ssl/bio.h"
#include "ssl/Config.h"
#include "ssl/ErrorDetail.h"
#include "ssl/gadgets.h"
#include "ssl/support.h"
#include "URL.h"
#include <cerrno>
Include dependency graph for support.cc:

Go to the source code of this file.

Functions

static int ssl_ask_password_cb (char *buf, int size, int rwflag, void *userdata)
 
static void ssl_ask_password (SSL_CTX *context, const char *prompt)
 
static int check_domain (void *check_data, ASN1_STRING *cn_data)
 
static X509 * X509_STORE_CTX_get0_cert (X509_STORE_CTX *ctx)
 
static int ssl_verify_cb (int ok, X509_STORE_CTX *ctx)
 
static int ssl_dupAclChecklist (CRYPTO_EX_DATA *, CRYPTO_EX_DATA *, void *, int, long, void *)
 
static void ssl_freeAclChecklist (void *, void *ptr, CRYPTO_EX_DATA *, int, long, void *)
 
static void ssl_free_ErrorDetail (void *, void *ptr, CRYPTO_EX_DATA *, int, long, void *)
 
static void ssl_free_SslErrors (void *, void *ptr, CRYPTO_EX_DATA *, int, long, void *)
 
static void ssl_free_int (void *, void *ptr, CRYPTO_EX_DATA *, int, long, void *)
 
static void ssl_free_CertChain (void *, void *ptr, CRYPTO_EX_DATA *, int, long, void *)
 
static void ssl_free_X509 (void *, void *ptr, CRYPTO_EX_DATA *, int, long, void *)
 
static void ssl_free_SBuf (void *, void *ptr, CRYPTO_EX_DATA *, int, long, void *)
 
static const char * ssl_get_attribute (X509_NAME *name, const char *attribute_name)
 
const char * sslGetUserAttribute (SSL *ssl, const char *attribute_name)
 
const char * sslGetCAAttribute (SSL *ssl, const char *attribute_name)
 
const char * sslGetUserEmail (SSL *ssl)
 
const char * sslGetUserCertificatePEM (SSL *ssl)
 
const char * sslGetUserCertificateChainPEM (SSL *ssl)
 
static const char * hasAuthorityInfoAccessCaIssuers (X509 *cert)
 
static X509 * findCertIssuerFast (Ssl::CertsIndexedList &list, X509 *cert)
 
static bool findCertIssuer (Security::CertList const &list, X509 *cert)
 slowly find the issuer certificate of a given cert using linear search More...
 
static bool issuerExistInCaDb (X509 *cert, const Security::ContextPointer &connContext)
 
static X509 * sk_x509_findIssuer (STACK_OF(X509)*sk, X509 *cert)
 Search for the issuer certificate of cert in sk list. More...
 
static void completeIssuers (X509_STORE_CTX *ctx, STACK_OF(X509)*untrustedCerts)
 add missing issuer certificates to untrustedCerts More...
 
static int untrustedToStoreCtx_cb (X509_STORE_CTX *ctx, void *data)
 OpenSSL certificate validation callback. More...
 
static X509 * readSslX509CertificatesChain (char const *certFilename, Security::CertList &chain)
 
static int bio_sbuf_create (BIO *bio)
 
static int bio_sbuf_destroy (BIO *bio)
 
int bio_sbuf_write (BIO *bio, const char *data, int len)
 
int bio_sbuf_puts (BIO *bio, const char *data)
 
long bio_sbuf_ctrl (BIO *bio, int cmd, long num, void *ptr)
 

Variables

int ssl_ex_index_ssl_untrusted_chain = -1
 
static Ssl::CertsIndexedList SquidUntrustedCerts
 

Function Documentation

static int bio_sbuf_create ( BIO *  bio)
static

Definition at line 1347 of file support.cc.

References BIO_set_data(), BIO_set_init(), and NULL.

Referenced by Ssl::BIO_new_SBuf().

long bio_sbuf_ctrl ( BIO *  bio,
int  cmd,
long  num,
void *  ptr 
)

Definition at line 1382 of file support.cc.

References BIO_get_data(), and SBuf::clear().

Referenced by Ssl::BIO_new_SBuf().

static int bio_sbuf_destroy ( BIO *  bio)
static

Definition at line 1355 of file support.cc.

Referenced by Ssl::BIO_new_SBuf().

int bio_sbuf_puts ( BIO *  bio,
const char *  data 
)

Definition at line 1372 of file support.cc.

References SBuf::append(), BIO_get_data(), and SBuf::length().

Referenced by Ssl::BIO_new_SBuf().

int bio_sbuf_write ( BIO *  bio,
const char *  data,
int  len 
)

Definition at line 1363 of file support.cc.

References SBuf::append(), BIO_get_data(), and len.

Referenced by Ssl::BIO_new_SBuf().

static int check_domain ( void *  check_data,
ASN1_STRING *  cn_data 
)
static

Definition at line 208 of file support.cc.

References debugs, i, matchDomainName(), mdnRejectSubsubDomains, and server.

Referenced by Ssl::checkX509ServerValidity().

static void completeIssuers ( X509_STORE_CTX *  ctx,
STACK_OF(X509)*  untrustedCerts 
)
static
static bool findCertIssuer ( Security::CertList const &  list,
X509 *  cert 
)
static

Definition at line 1040 of file support.cc.

Referenced by Ssl::uriOfIssuerIfMissing().

static X509* findCertIssuerFast ( Ssl::CertsIndexedList list,
X509 *  cert 
)
static

quickly find the issuer certificate of a certificate cert in the Ssl::CertsIndexedList list

Definition at line 1019 of file support.cc.

References NULL.

Referenced by completeIssuers(), and Ssl::uriOfIssuerIfMissing().

static const char* hasAuthorityInfoAccessCaIssuers ( X509 *  cert)
static

Definition at line 963 of file support.cc.

References i, MAX_URL, NULL, and xstrncpy().

Referenced by Ssl::uriOfIssuerIfMissing().

static bool issuerExistInCaDb ( X509 *  cert,
const Security::ContextPointer connContext 
)
static
Returns
true if the cert issuer exist in the certificates stored in connContext

Definition at line 1051 of file support.cc.

References DBG_IMPORTANT, debugs, and Security::ErrorString().

Referenced by Ssl::uriOfIssuerIfMissing().

static X509* sk_x509_findIssuer ( STACK_OF(X509)*  sk,
X509 *  cert 
)
static

Definition at line 1127 of file support.cc.

References i, and NULL.

Referenced by completeIssuers().

static int ssl_dupAclChecklist ( CRYPTO_EX_DATA *  ,
CRYPTO_EX_DATA *  ,
void *  ,
int  ,
long  ,
void *   
)
static

Definition at line 392 of file support.cc.

References assert.

Referenced by Ssl::Initialize().

static void ssl_free_ErrorDetail ( void *  ,
void *  ptr,
CRYPTO_EX_DATA *  ,
int  ,
long  ,
void *   
)
static

Definition at line 412 of file support.cc.

Referenced by Ssl::Initialize().

static void ssl_free_int ( void *  ,
void *  ptr,
CRYPTO_EX_DATA *  ,
int  ,
long  ,
void *   
)
static

Definition at line 429 of file support.cc.

Referenced by Ssl::Initialize().

static void ssl_free_SBuf ( void *  ,
void *  ptr,
CRYPTO_EX_DATA *  ,
int  ,
long  ,
void *   
)
static

Definition at line 458 of file support.cc.

References buf.

Referenced by Ssl::Initialize().

static void ssl_free_SslErrors ( void *  ,
void *  ptr,
CRYPTO_EX_DATA *  ,
int  ,
long  ,
void *   
)
static

Definition at line 420 of file support.cc.

Referenced by Ssl::Initialize().

static void ssl_free_X509 ( void *  ,
void *  ptr,
CRYPTO_EX_DATA *  ,
int  ,
long  ,
void *   
)
static

Definition at line 449 of file support.cc.

Referenced by Ssl::Initialize().

static void ssl_freeAclChecklist ( void *  ,
void *  ptr,
CRYPTO_EX_DATA *  ,
int  ,
long  ,
void *   
)
static

Definition at line 404 of file support.cc.

Referenced by Ssl::Initialize().

static int untrustedToStoreCtx_cb ( X509_STORE_CTX *  ctx,
void *  data 
)
static
static X509* X509_STORE_CTX_get0_cert ( X509_STORE_CTX *  ctx)
inlinestatic

Definition at line 237 of file support.cc.

Referenced by completeIssuers(), and ssl_verify_cb().

Variable Documentation

int ssl_ex_index_ssl_untrusted_chain = -1

Definition at line 39 of file support.cc.

Referenced by Ssl::Initialize(), Ssl::SSL_add_untrusted_cert(), and untrustedToStoreCtx_cb().

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors