PeekingPeerConnector.h
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9#ifndef SQUID_SRC_SSL_PEEKINGPEERCONNECTOR_H
10#define SQUID_SRC_SSL_PEEKINGPEERCONNECTOR_H
11
12#include "security/PeerConnector.h"
13
14#if USE_OPENSSL
15
16namespace Ssl
17{
18
20class PeekingPeerConnector: public Security::PeerConnector {
21 CBDATA_CHILD(PeekingPeerConnector);
22public:
23 PeekingPeerConnector(HttpRequestPointer &aRequest,
24 const Comm::ConnectionPointer &aServerConn,
25 const Comm::ConnectionPointer &aClientConn,
26 const AsyncCallback<Security::EncryptorAnswer> &aCallback,
27 const AccessLogEntryPointer &alp,
28 time_t timeout = 0);
29
30 /* Security::PeerConnector API */
31 bool initialize(Security::SessionPointer &) override;
32 Security::ContextPointer getTlsContext() override;
33 void noteWantWrite() override;
34 void noteNegotiationError(const Security::ErrorDetailPointer &) override;
35 void noteNegotiationDone(ErrorState *error) override;
36
39 void handleServerCertificate();
40
43 void checkForPeekAndSplice();
44
46 void checkForPeekAndSpliceDone(Acl::Answer);
47
49 void checkForPeekAndSpliceMatched(const Ssl::BumpMode finalMode);
50
52 Ssl::BumpMode checkForPeekAndSpliceGuess() const;
53
56 void serverCertificateVerified();
57
59 void startTunneling();
60
62 static void cbCheckForPeekAndSpliceDone(Acl::Answer, void *data);
63
64private:
65
67 void tunnelInsteadOfNegotiating();
68
69 Comm::ConnectionPointer clientConn;
70 AsyncCall::Pointer closeHandler;
71 bool splice;
72 bool serverCertificateHandled;
73};
74
75} // namespace Ssl
76
77#endif /* USE_OPENSSL */
78#endif /* SQUID_SRC_SSL_PEEKINGPEERCONNECTOR_H */
79
error
void error(char *format,...)
Ssl::PeekingPeerConnector
A PeerConnector for HTTP origin servers. Capable of SslBumping.
Definition: PeekingPeerConnector.h:20
Ssl::PeekingPeerConnector::initialize
bool initialize(Security::SessionPointer &) override
Definition: PeekingPeerConnector.cc:152
Ssl::PeekingPeerConnector::serverCertificateHandled
bool serverCertificateHandled
whether handleServerCertificate() succeeded
Definition: PeekingPeerConnector.h:72
Ssl::PeekingPeerConnector::checkForPeekAndSpliceDone
void checkForPeekAndSpliceDone(Acl::Answer)
Callback function for ssl_bump acl check in step3 SSL bump step.
Definition: PeekingPeerConnector.cc:59
Ssl::PeekingPeerConnector::noteNegotiationError
void noteNegotiationError(const Security::ErrorDetailPointer &) override
Called when the SSL_connect function aborts with an SSL negotiation error.
Definition: PeekingPeerConnector.cc:311
Ssl::PeekingPeerConnector::startTunneling
void startTunneling()
Abruptly stops TLS negotiation and starts tunneling.
Definition: PeekingPeerConnector.cc:274
Ssl::PeekingPeerConnector::checkForPeekAndSpliceMatched
void checkForPeekAndSpliceMatched(const Ssl::BumpMode finalMode)
Handles the final bumping decision.
Definition: PeekingPeerConnector.cc:93
Ssl::PeekingPeerConnector::clientConn
Comm::ConnectionPointer clientConn
TCP connection to the client.
Definition: PeekingPeerConnector.h:69
Ssl::PeekingPeerConnector::CBDATA_CHILD
CBDATA_CHILD(PeekingPeerConnector)
Ssl::PeekingPeerConnector::splice
bool splice
whether we are going to splice or not
Definition: PeekingPeerConnector.h:71
Ssl::PeekingPeerConnector::closeHandler
AsyncCall::Pointer closeHandler
we call this when the connection closed
Definition: PeekingPeerConnector.h:70
Ssl::PeekingPeerConnector::noteNegotiationDone
void noteNegotiationDone(ErrorState *error) override
Definition: PeekingPeerConnector.cc:227
Ssl::PeekingPeerConnector::getTlsContext
Security::ContextPointer getTlsContext() override
Definition: PeekingPeerConnector.cc:146
Ssl::PeekingPeerConnector::cbCheckForPeekAndSpliceDone
static void cbCheckForPeekAndSpliceDone(Acl::Answer, void *data)
A wrapper function for checkForPeekAndSpliceDone for use with acl.
Definition: PeekingPeerConnector.cc:51
Ssl::PeekingPeerConnector::PeekingPeerConnector
PeekingPeerConnector(HttpRequestPointer &aRequest, const Comm::ConnectionPointer &aServerConn, const Comm::ConnectionPointer &aClientConn, const AsyncCallback< Security::EncryptorAnswer > &aCallback, const AccessLogEntryPointer &alp, time_t timeout=0)
Definition: PeekingPeerConnector.cc:28
Ssl::PeekingPeerConnector::tunnelInsteadOfNegotiating
void tunnelInsteadOfNegotiating()
Inform caller class that the SSL negotiation aborted.
Ssl::PeekingPeerConnector::checkForPeekAndSpliceGuess
Ssl::BumpMode checkForPeekAndSpliceGuess() const
Guesses the final bumping decision when no ssl_bump rules match.
Definition: PeekingPeerConnector.cc:129
Ssl::BumpMode
BumpMode
Definition: support.h:126
Security::ContextPointer
std::shared_ptr< SSL_CTX > ContextPointer
Definition: Context.h:29
Security::SessionPointer
std::shared_ptr< SSL > SessionPointer
Definition: Session.h:49
Ssl
Definition: Xaction.cc:40

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors