support.cc File Reference
#include "squid.h"
#include "acl/FilledChecklist.h"
#include "anyp/PortCfg.h"
#include "anyp/Uri.h"
#include "fatal.h"
#include "fd.h"
#include "fde.h"
#include "globals.h"
#include "ipc/MemMap.h"
#include "security/CertError.h"
#include "security/ErrorDetail.h"
#include "security/Session.h"
#include "SquidConfig.h"
#include "SquidTime.h"
#include "ssl/bio.h"
#include "ssl/Config.h"
#include "ssl/ErrorDetail.h"
#include "ssl/gadgets.h"
#include "ssl/support.h"
#include <cerrno>
Include dependency graph for support.cc:

Go to the source code of this file.

Functions

static void ssl_ask_password (SSL_CTX *context, const char *prompt)
 
static int check_domain (void *check_data, ASN1_STRING *cn_data)
 
static int ssl_verify_cb (int ok, X509_STORE_CTX *ctx)
 
static int VerifyCtxCertificates (X509_STORE_CTX *ctx, STACK_OF(X509) *extraCerts)
 
static int ssl_dupAclChecklist (CRYPTO_EX_DATA *, CRYPTO_EX_DATA *, void *, int, long, void *)
 
static void ssl_freeAclChecklist (void *, void *ptr, CRYPTO_EX_DATA *, int, long, void *)
 
static void ssl_free_ErrorDetail (void *, void *ptr, CRYPTO_EX_DATA *, int, long, void *)
 
static void ssl_free_SslErrors (void *, void *ptr, CRYPTO_EX_DATA *, int, long, void *)
 
static void ssl_free_int (void *, void *ptr, CRYPTO_EX_DATA *, int, long, void *)
 
static void ssl_free_CertChain (void *, void *ptr, CRYPTO_EX_DATA *, int, long, void *)
 
static void ssl_free_X509 (void *, void *ptr, CRYPTO_EX_DATA *, int, long, void *)
 
static void ssl_free_SBuf (void *, void *ptr, CRYPTO_EX_DATA *, int, long, void *)
 
static void ssl_free_VerifyCallbackParameters (void *, void *ptr, CRYPTO_EX_DATA *, int, long, void *)
 "free" function for the ssl_ex_index_verify_callback_parameters entry More...
 
static const char * ssl_get_attribute (X509_NAME *name, const char *attribute_name)
 
const char * sslGetUserAttribute (SSL *ssl, const char *attribute_name)
 
const char * sslGetCAAttribute (SSL *ssl, const char *attribute_name)
 
const char * sslGetUserEmail (SSL *ssl)
 
SBuf sslGetUserCertificatePEM (SSL *ssl)
 
SBuf sslGetUserCertificateChainPEM (SSL *ssl)
 
static X509 * findCertIssuerFast (Ssl::CertsIndexedList &list, X509 *cert)
 
static X509 * sk_x509_findIssuer (const STACK_OF(X509) *sk, X509 *cert)
 slowly find the issuer certificate of a given cert using linear search More...
 
static X509 * findIssuerInCaDb (X509 *cert, const Security::ContextPointer &connContext)
 
static void completeIssuers (X509_STORE_CTX *ctx, STACK_OF(X509) &untrustedCerts)
 add missing issuer certificates to untrustedCerts More...
 
static int untrustedToStoreCtx_cb (X509_STORE_CTX *ctx, void *)
 
static int bio_sbuf_create (BIO *bio)
 
static int bio_sbuf_destroy (BIO *bio)
 
static int bio_sbuf_write (BIO *bio, const char *data, int len)
 
static int bio_sbuf_puts (BIO *bio, const char *data)
 
static long bio_sbuf_ctrl (BIO *bio, int cmd, long, void *)
 

Variables

static int ssl_ex_index_verify_callback_parameters = -1
 
static Ssl::CertsIndexedList SquidUntrustedCerts
 

Function Documentation

◆ bio_sbuf_create()

static int bio_sbuf_create ( BIO *  bio)
static

Definition at line 1415 of file support.cc.

References BIO_set_data(), BIO_set_init(), and NULL.

Referenced by Ssl::BIO_new_SBuf().

◆ bio_sbuf_ctrl()

static long bio_sbuf_ctrl ( BIO *  bio,
int  cmd,
long  ,
void *   
)
static

Definition at line 1450 of file support.cc.

References BIO_get_data(), and SBuf::clear().

Referenced by Ssl::BIO_new_SBuf().

◆ bio_sbuf_destroy()

static int bio_sbuf_destroy ( BIO *  bio)
static

Definition at line 1423 of file support.cc.

Referenced by Ssl::BIO_new_SBuf().

◆ bio_sbuf_puts()

static int bio_sbuf_puts ( BIO *  bio,
const char *  data 
)
static

Definition at line 1440 of file support.cc.

References SBuf::append(), BIO_get_data(), and SBuf::length().

Referenced by Ssl::BIO_new_SBuf().

◆ bio_sbuf_write()

static int bio_sbuf_write ( BIO *  bio,
const char *  data,
int  len 
)
static

Definition at line 1431 of file support.cc.

References SBuf::append(), and BIO_get_data().

Referenced by Ssl::BIO_new_SBuf().

◆ check_domain()

static int check_domain ( void *  check_data,
ASN1_STRING *  cn_data 
)
static

Definition at line 231 of file support.cc.

References debugs, matchDomainName(), mdnRejectSubsubDomains, s, and server.

Referenced by Ssl::checkX509ServerValidity().

◆ completeIssuers()

◆ findCertIssuerFast()

static X509* findCertIssuerFast ( Ssl::CertsIndexedList list,
X509 *  cert 
)
static

quickly find the issuer certificate of a certificate cert in the Ssl::CertsIndexedList list

Definition at line 1132 of file support.cc.

References NULL.

Referenced by Ssl::findIssuerCertificate().

◆ findIssuerInCaDb()

static X509* findIssuerInCaDb ( X509 *  cert,
const Security::ContextPointer connContext 
)
static

finds issuer of a given certificate in CA store of the given connContext

Returns
the cert issuer (after increasing its reference count) or nil

Definition at line 1170 of file support.cc.

References assert, DBG_IMPORTANT, debugs, and Security::ErrorString().

Referenced by Ssl::findIssuerCertificate().

◆ sk_x509_findIssuer()

static X509* sk_x509_findIssuer ( const STACK_OF(X509) *  sk,
X509 *  cert 
)
static

Definition at line 1153 of file support.cc.

Referenced by Ssl::findIssuerCertificate().

◆ ssl_dupAclChecklist()

static int ssl_dupAclChecklist ( CRYPTO_EX_DATA *  ,
CRYPTO_EX_DATA *  ,
void *  ,
int  ,
long  ,
void *   
)
static

Definition at line 568 of file support.cc.

References assert.

Referenced by Ssl::Initialize().

◆ ssl_free_ErrorDetail()

static void ssl_free_ErrorDetail ( void *  ,
void *  ptr,
CRYPTO_EX_DATA *  ,
int  ,
long  ,
void *   
)
static

Definition at line 588 of file support.cc.

Referenced by Ssl::Initialize().

◆ ssl_free_int()

static void ssl_free_int ( void *  ,
void *  ptr,
CRYPTO_EX_DATA *  ,
int  ,
long  ,
void *   
)
static

Definition at line 605 of file support.cc.

Referenced by Ssl::Initialize().

◆ ssl_free_SBuf()

static void ssl_free_SBuf ( void *  ,
void *  ptr,
CRYPTO_EX_DATA *  ,
int  ,
long  ,
void *   
)
static

Definition at line 634 of file support.cc.

Referenced by Ssl::Initialize().

◆ ssl_free_SslErrors()

static void ssl_free_SslErrors ( void *  ,
void *  ptr,
CRYPTO_EX_DATA *  ,
int  ,
long  ,
void *   
)
static

Definition at line 596 of file support.cc.

Referenced by Ssl::Initialize().

◆ ssl_free_VerifyCallbackParameters()

static void ssl_free_VerifyCallbackParameters ( void *  ,
void *  ptr,
CRYPTO_EX_DATA *  ,
int  ,
long  ,
void *   
)
static

Definition at line 643 of file support.cc.

Referenced by Ssl::Initialize().

◆ ssl_free_X509()

static void ssl_free_X509 ( void *  ,
void *  ptr,
CRYPTO_EX_DATA *  ,
int  ,
long  ,
void *   
)
static

Definition at line 625 of file support.cc.

Referenced by Ssl::Initialize().

◆ ssl_freeAclChecklist()

static void ssl_freeAclChecklist ( void *  ,
void *  ptr,
CRYPTO_EX_DATA *  ,
int  ,
long  ,
void *   
)
static

Definition at line 580 of file support.cc.

Referenced by Ssl::Initialize().

◆ ssl_verify_cb()

◆ untrustedToStoreCtx_cb()

static int untrustedToStoreCtx_cb ( X509_STORE_CTX *  ctx,
void *   
)
static

Validates certificates while consulting sslproxy_foreign_intermediate_certs but without using any dynamically downloaded intermediate certificates. OpenSSL "verification callback function" (OpenSSL_vcb_disambiguation)

Definition at line 1336 of file support.cc.

References debugs, and VerifyCtxCertificates().

Referenced by Ssl::useSquidUntrusted().

◆ VerifyCtxCertificates()

static int VerifyCtxCertificates ( X509_STORE_CTX *  ctx,
STACK_OF(X509) *  extraCerts 
)
static

Validates certificates while consulting sslproxy_foreign_intermediate_certs and, optionally, the given extra certificates.

Returns
whatever OpenSSL X509_verify_cert() returns

Definition at line 1288 of file support.cc.

References completeIssuers(), SquidUntrustedCerts, STACK_OF(), and X509_STORE_CTX_set0_untrusted.

Referenced by untrustedToStoreCtx_cb(), and Ssl::VerifyConnCertificates().

Variable Documentation

◆ SquidUntrustedCerts

◆ ssl_ex_index_verify_callback_parameters

int ssl_ex_index_verify_callback_parameters = -1
static

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors