PeerOptions.h
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9#ifndef SQUID_SRC_SECURITY_PEEROPTIONS_H
10#define SQUID_SRC_SECURITY_PEEROPTIONS_H
11
12#include "base/YesNoNone.h"
13#include "ConfigParser.h"
14#include "security/forward.h"
15#include "security/KeyData.h"
16
17class Packable;
18
19namespace Security
20{
21
24{
25public:
27 PeerOptions(const PeerOptions &) = default;
28 PeerOptions &operator =(const PeerOptions &) = default;
29 PeerOptions(PeerOptions &&) = default;
31 virtual ~PeerOptions() {}
32
34 virtual void parse(const char *);
35
37 void parseOptions();
38
40 virtual void clear() {*this = PeerOptions();}
41
44
47
50
53
56
59
62
65
68
70 virtual void dumpCfg(Packable *, const char *pfx) const;
71
72private:
74 void loadCrlFile();
76
77public:
81
85
87
88private:
92
96
98 bool optsReparse = true;
99
100public:
102
103 std::list<Security::KeyData> certs;
104 std::list<SBuf> caFiles;
106
107protected:
108 template<typename T>
110#if USE_OPENSSL
111 debugs(83, 5, "SSL_CTX construct, this=" << (void*)ctx);
112 return ContextPointer(ctx, [](SSL_CTX *p) {
113 debugs(83, 5, "SSL_CTX destruct, this=" << (void*)p);
114 SSL_CTX_free(p);
115 });
116#elif USE_GNUTLS
117 debugs(83, 5, "gnutls_certificate_credentials construct, this=" << (void*)ctx);
118 return Security::ContextPointer(ctx, [](gnutls_certificate_credentials_t p) {
119 debugs(83, 5, "gnutls_certificate_credentials destruct, this=" << (void*)p);
120 gnutls_certificate_free_credentials(p);
121 });
122#else
123 assert(!ctx);
125#endif
126 }
127
128 int sslVersion = 0;
129
131 struct flags_ {
132 flags_() : tlsDefaultCa(true), tlsNpn(true) {}
133 flags_(const flags_ &) = default;
134 flags_ &operator =(const flags_ &) = default;
135
138
140 bool tlsNpn;
142
143public:
145 bool encryptTransport = false;
146};
147
150
151} // namespace Security
152
153// parse the tls_outgoing_options directive
155#define free_securePeerOptions(x) Security::ProxyOutgoingConfig.clear()
156#define dump_securePeerOptions(e,n,x) do { (e)->appendf(n); (x).dumpCfg((e),""); (e)->append("\n",1); } while(false)
157
158#endif /* SQUID_SRC_SECURITY_PEEROPTIONS_H */
159
void parse_securePeerOptions(Security::PeerOptions *)
Definition: PeerOptions.cc:805
#define assert(EX)
Definition: assert.h:17
Definition: SBuf.h:94
TLS squid.conf settings for a remote server peer.
Definition: PeerOptions.h:24
void updateContextCrl(Security::ContextPointer &)
setup the CRL details for the given context
Definition: PeerOptions.cc:727
std::list< SBuf > caFiles
paths of files containing trusted Certificate Authority
Definition: PeerOptions.h:104
ParsedPortFlags parseFlags()
Definition: PeerOptions.cc:549
SBuf crlFile
path of file containing Certificate Revoke List
Definition: PeerOptions.h:80
PeerOptions(const PeerOptions &)=default
Security::ContextPointer createClientContext(bool setOptions)
generate a security client-context from these configured options
Definition: PeerOptions.cc:271
Security::CertRevokeList parsedCrl
CRL to use when verifying the remote end certificate.
Definition: PeerOptions.h:105
ParsedPortFlags parsedFlags
parsed value of sslFlags
Definition: PeerOptions.h:101
virtual void parse(const char *)
parse a TLS squid.conf option
Definition: PeerOptions.cc:33
virtual ~PeerOptions()
Definition: PeerOptions.h:31
virtual void clear()
reset the configuration details to default
Definition: PeerOptions.h:40
bool optsReparse
whether parsedOptions content needs to be regenerated
Definition: PeerOptions.h:98
SBuf sslFlags
flags defining what TLS operations Squid performs
Definition: PeerOptions.h:83
virtual void dumpCfg(Packable *, const char *pfx) const
output squid.conf syntax with 'pfx' prefix on parameters for the stored settings
Definition: PeerOptions.cc:105
Security::ContextPointer convertContextFromRawPtr(T ctx) const
Definition: PeerOptions.h:109
SBuf sslOptions
library-specific options string
Definition: PeerOptions.h:78
PeerOptions & operator=(const PeerOptions &)=default
Security::ParsedOptions parsedOptions
Definition: PeerOptions.h:95
struct Security::PeerOptions::flags_ flags
void updateContextCa(Security::ContextPointer &)
setup the CA details for the given context
Definition: PeerOptions.cc:691
void updateContextOptions(Security::ContextPointer &)
Setup the library specific 'options=' parameters for the given context.
Definition: PeerOptions.cc:634
SBuf caDir
path of directory containing a set of trusted Certificate Authorities
Definition: PeerOptions.h:79
void updateTlsVersionLimits()
sync the context options with tls-min-version=N configuration
Definition: PeerOptions.cc:153
PeerOptions(PeerOptions &&)=default
SBuf tlsMinVersion
version label for minimum TLS version to permit
Definition: PeerOptions.h:86
void updateContextTrust(Security::ContextPointer &)
decide which CAs to trust
Definition: PeerOptions.cc:754
void parseOptions()
parse and verify the [tls-]options= string in sslOptions
Definition: PeerOptions.cc:442
void updateContextNpn(Security::ContextPointer &)
setup the NPN extension details for the given context
Definition: PeerOptions.cc:659
std::list< Security::KeyData > certs
details from the cert= and file= config parameters
Definition: PeerOptions.h:103
virtual Security::ContextPointer createBlankContext() const
generate an unset security context object
Definition: PeerOptions.cc:241
void updateSessionOptions(Security::SessionPointer &)
setup any library-specific options that can be set for the given session
Definition: PeerOptions.cc:774
bool encryptTransport
whether transport encryption (TLS/SSL) is to be used on connections to the peer
Definition: PeerOptions.h:145
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Stream.h:193
Network/connection security abstraction layer.
Definition: Connection.h:34
std::shared_ptr< SSL_CTX > ContextPointer
Definition: Context.h:29
uint64_t ParsedOptions
Definition: forward.h:188
std::shared_ptr< SSL > SessionPointer
Definition: Session.h:49
long ParsedPortFlags
Definition: forward.h:198
PeerOptions ProxyOutgoingConfig
configuration options for DIRECT server access
Definition: PeerOptions.cc:24
std::list< Security::CrlPointer > CertRevokeList
Definition: forward.h:101
flags governing Squid internal TLS operations
Definition: PeerOptions.h:131
YesNoNone tlsDefaultCa
whether to use the system default Trusted CA when verifying the remote end certificate
Definition: PeerOptions.h:137
flags_(const flags_ &)=default
flags_ & operator=(const flags_ &)=default
bool tlsNpn
whether to use the TLS NPN extension on these connections
Definition: PeerOptions.h:140

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors