PeerConnector.h
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9#ifndef SQUID_SRC_SECURITY_PEERCONNECTOR_H
10#define SQUID_SRC_SECURITY_PEERCONNECTOR_H
11
12#include "acl/Acl.h"
13#include "acl/ChecklistFiller.h"
15#include "base/AsyncJob.h"
16#include "base/JobWait.h"
17#include "CommCalls.h"
18#include "http/forward.h"
20#include "security/forward.h"
21#include "security/KeyLogger.h"
22#if USE_OPENSSL
23#include "ssl/support.h"
24#endif
25
26#include <iosfwd>
27#include <queue>
28
29class ErrorState;
30class Downloader;
31class AccessLogEntry;
33
34namespace Security
35{
36
37class IoResult;
39
48class PeerConnector: virtual public AsyncJob, public Acl::ChecklistFiller
49{
51
52public:
54
57 {
58 public:
59 virtual ~CbDialer() {}
62 };
63
64public:
65 PeerConnector(const Comm::ConnectionPointer &aServerConn,
66 AsyncCall::Pointer &aCallback,
67 const AccessLogEntryPointer &alp,
68 const time_t timeout = 0);
69 virtual ~PeerConnector();
70
73
74protected:
75 // AsyncJob API
76 virtual void start();
77 virtual bool doneAll() const;
78 virtual void swanSong();
79 virtual const char *status() const;
80
81 /* Acl::ChecklistFiller API */
82 virtual void fillChecklist(ACLFilledChecklist &) const;
83
86
88 void commCloseHandler(const CommCloseCbParams &params);
89
92
95 void negotiate();
96
100 bool sslFinalized();
101
104
108 void noteWantRead();
109
111 bool isSuspended() const { return static_cast<bool>(suspendedError_); }
112
113#if USE_OPENSSL
116 void suspendNegotiation(const Security::IoResult &lastError);
117
119 void resumeNegotiation();
120
122 void handleMissingCertificates(const Security::IoResult &lastError);
123
125 void startCertDownloading(SBuf &url);
126
128 void certDownloadingDone(SBuf &object, int status);
129#endif
130
133 virtual void noteWantWrite();
134
137
142
146
149
151 void bail(ErrorState *error);
152
154 void sendSuccess();
155
157 void callBack();
158
160 void disconnect();
161
164
167
171
174
179private:
180 PeerConnector(const PeerConnector &); // not implemented
181 PeerConnector &operator =(const PeerConnector &); // not implemented
182
183#if USE_OPENSSL
184 unsigned int certDownloadNestingLevel() const;
185
188
191
193#endif
194
195 static void NegotiateSsl(int fd, void *data);
196 void negotiateSsl();
197
199 static const unsigned int MaxCertsDownloads = 10;
200
202 static const unsigned int MaxNestedDownloads = 3;
203
206
209 time_t startTime;
212 std::queue<SBuf> urlsOfMissingCerts;
213 unsigned int certsDownloads;
214
215#if USE_OPENSSL
218#endif
219
222
224};
225
226} // namespace Security
227
228#endif /* SQUID_SRC_SECURITY_PEERCONNECTOR_H */
229
RefCount< AccessLogEntry > AccessLogEntryPointer
Definition: PeerConnector.h:32
void error(char *format,...)
an interface for those capable of configuring an ACLFilledChecklist object
Definition: SBuf.h:94
a summary a TLS I/O operation outcome
Definition: Io.h:19
manages collecting and logging secrets of a TLS connection to tls_key_log
Definition: KeyLogger.h:24
Callback dialer API to allow PeerConnector to set the answer.
Definition: PeerConnector.h:57
virtual Security::EncryptorAnswer & answer()=0
gives PeerConnector access to the in-dialer answer
void countFailingConnection()
updates connection usage history before the connection is closed
virtual bool doneAll() const
whether positive goal has been reached
virtual void noteNegotiationDone(ErrorState *)
CbcPointer< PeerConnector > Pointer
Definition: PeerConnector.h:53
void sslCrtvdHandleReply(Ssl::CertValidationResponsePointer)
Process response from cert validator helper.
Ssl::X509_STACK_Pointer downloadedCerts
successfully downloaded intermediate certificates (omitted by the peer)
void negotiateSsl()
Comm::SetSelect() callback. Direct calls tickle/resume negotiations.
void commCloseHandler(const CommCloseCbParams &params)
The comm_close callback handler.
time_t startTime
when the peer connector negotiation started
void certDownloadingDone(SBuf &object, int status)
Called by Downloader after a certificate object downloaded.
AsyncCall::Pointer closeHandler
we call this when the connection closed
virtual void fillChecklist(ACLFilledChecklist &) const
configure the given checklist (to reflect the current transaction state)
void startCertDownloading(SBuf &url)
Start downloading procedure for the given URL.
virtual bool initialize(Security::SessionPointer &)
bool noteFwdPconnUse
hack: whether the connection requires fwdPconnPool->noteUses()
Definition: PeerConnector.h:72
JobWait< Downloader > certDownloadWait
waits for the missing certificate to be downloaded
virtual Security::ContextPointer getTlsContext()=0
void bail(ErrorState *error)
sends the given error to the initiator
virtual void noteNegotiationError(const Security::ErrorDetailPointer &)
Called when the SSL_connect function aborts with an SSL negotiation error.
EncryptorAnswer & answer()
convenience method to get to the answer fields
virtual void start()
Preps connection and SSL state. Calls negotiate().
virtual const char * status() const
internal cleanup; do not call directly
virtual void noteWantWrite()
bool computeMissingCertificateUrls(const Connection &)
finds URLs of (some) missing intermediate certificates or returns false
void handleMissingCertificates(const Security::IoResult &lastError)
Either initiates fetching of missing certificates or bails with an error.
std::queue< SBuf > urlsOfMissingCerts
The list of URLs where missing certificates should be downloaded.
HttpRequestPointer request
peer connection trigger or cause
PeerConnector & operator=(const PeerConnector &)
Security::IoResultPointer suspendedError_
outcome of the last (failed and) suspended negotiation attempt (or nil)
time_t negotiationTimeout
the SSL connection timeout to use
void resumeNegotiation()
Resumes TLS negotiation paused by suspendNegotiation()
static const unsigned int MaxNestedDownloads
The maximum number of inter-dependent Downloader jobs a worker may initiate.
PeerConnector(const PeerConnector &)
Comm::ConnectionPointer const & serverConnection() const
mimics FwdState to minimize changes to FwdState::initiate/negotiateSsl
void handleNegotiationResult(const Security::IoResult &)
Called after each negotiation step to handle the result.
void commTimeoutHandler(const CommTimeoutCbParams &)
The connection read timeout callback handler.
void bypassCertValidator()
If called the certificates validator will not used.
Security::KeyLogger keyLogger
managers logging of the being-established TLS connection secrets
AsyncCall::Pointer callback
we call this with the results
AccessLogEntryPointer al
info for the future access.log entry
static void NegotiateSsl(int fd, void *data)
A wrapper for Comm::SetSelect() notifications.
void disconnect()
a bail(), sendSuccess() helper: stops monitoring the connection
unsigned int certsDownloads
the number of downloaded missing certificates
bool isSuspended() const
Whether TLS negotiation has been paused and not yet resumed.
void sendSuccess()
sends the encrypted connection to the initiator
unsigned int certDownloadNestingLevel() const
the number of concurrent PeerConnector jobs waiting for us
void callBack()
a bail(), sendSuccess() helper: sends results to the initiator
static const unsigned int MaxCertsDownloads
The maximum number of missing certificates a single PeerConnector may download.
Comm::ConnectionPointer serverConn
TCP connection to the peer.
void suspendNegotiation(const Security::IoResult &lastError)
CBDATA_CLASS(PeerConnector)
Security::CertErrors * sslCrtvdCheckForErrors(Ssl::CertValidationResponse const &, ErrorDetailPointer &)
Check SSL errors returned from cert validator against sslproxy_cert_error access list.
PeerConnector(const Comm::ConnectionPointer &aServerConn, AsyncCall::Pointer &aCallback, const AccessLogEntryPointer &alp, const time_t timeout=0)
Network/connection security abstraction layer.
Definition: Connection.h:34
RefCount< IoResult > IoResultPointer
Definition: PeerConnector.h:38
std::shared_ptr< SSL_CTX > ContextPointer
Definition: Context.h:29
SSL Connection
Definition: Session.h:45
std::shared_ptr< SSL > SessionPointer
Definition: Session.h:49
std::unique_ptr< STACK_OF(X509), sk_X509_free_wrapper > X509_STACK_Pointer
Definition: gadgets.h:47

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors