squid : Optimising Web Delivery

Go to the documentation of this file.
/*
 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */
 
#ifndef SQUID_SSL_BIO_H
#define SQUID_SSL_BIO_H
 
#if USE_OPENSSL
 
#include "compat/openssl.h"
#include "FadingCounter.h"
#include "fd.h"
#include "MemBuf.h"
#include "security/Handshake.h"
#include "ssl/support.h"
 
#include <iosfwd>
#include <list>
#if HAVE_OPENSSL_BIO_H
#include <openssl/bio.h>
#endif
#include <string>
#include <type_traits>
 
namespace Ssl
{
 
class Bio
{
public:
    explicit Bio(const int anFd);
    virtual ~Bio();
 
    virtual int write(const char *buf, int size, BIO *table);
 
    virtual int read(char *buf, int size, BIO *table);
 
    virtual void flush(BIO *) {}
 
    int fd() const { return fd_; } 
 
    virtual void stateChanged(const SSL *ssl, int where, int ret);
 
    static BIO *Create(const int fd, Security::Io::Type type);
    static void Link(SSL *ssl, BIO *bio);
 
    const SBuf &rBufData() {return rbuf;} 
protected:
    const int fd_; 
    SBuf rbuf;  
};
 
class ClientBio: public Bio
{
public:
    explicit ClientBio(const int anFd);
 
    void stateChanged(const SSL *ssl, int where, int ret) override;
    int write(const char *buf, int size, BIO *table) override;
    int read(char *buf, int size, BIO *table) override;
    void hold(bool h) {holdRead_ = holdWrite_ = h;}
 
    void setReadBufData(SBuf &data) {rbuf = data;}
private:
    static const time_t RenegotiationsWindow = 10;
 
    static const int RenegotiationsLimit = 5;
 
    bool holdRead_; 
    bool holdWrite_;  
    FadingCounter renegotiations; 
 
    const char *abortReason;
};
 
class ServerBio: public Bio
{
public:
    explicit ServerBio(const int anFd);
 
    void stateChanged(const SSL *ssl, int where, int ret) override;
    int write(const char *buf, int size, BIO *table) override;
    int read(char *buf, int size, BIO *table) override;
    void flush(BIO *table) override;
    void setClientFeatures(Security::TlsDetails::Pointer const &details, SBuf const &hello);
 
    bool resumingSession();
 
    bool encryptedCertificates() const;
 
    bool holdWrite() const {return holdWrite_;}
    void holdWrite(bool h) {holdWrite_ = h;}
    void recordInput(bool r) {record_ = r;}
    bool canSplice() {return allowSplice;}
    bool canBump() {return allowBump;}
    void mode(Ssl::BumpMode m) {bumpMode_ = m;}
    Ssl::BumpMode bumpMode() {return bumpMode_;} 
 
    bool gotHello() const { return (parsedHandshake && !parseError); }
 
    bool gotHelloFailed() const { return (parsedHandshake && parseError); }
 
    const Security::TlsDetails::Pointer &receivedHelloDetails() const {return parser_.details;}
 
private:
    int readAndGive(char *buf, const int size, BIO *table);
    int readAndParse(char *buf, const int size, BIO *table);
    int readAndBuffer(BIO *table);
    int giveBuffered(char *buf, const int size);
 
    Security::TlsDetails::Pointer clientTlsDetails;
    SBuf clientSentHello;
    SBuf helloMsg; 
    mb_size_t  helloMsgSize;
    bool helloBuild; 
    bool allowSplice; 
    bool allowBump;  
    bool holdWrite_;  
    bool record_; 
    bool parsedHandshake; 
    bool parseError; 
    Ssl::BumpMode bumpMode_;
 
    size_t rbufConsumePos;
    Security::HandshakeParser parser_; 
};
 
} // namespace Ssl
 
void
applyTlsDetailsToSSL(SSL *ssl, Security::TlsDetails::Pointer const &details, Ssl::BumpMode bumpMode);
 
#endif /* USE_OPENSSL */
#endif /* SQUID_SSL_BIO_H */
 
squid-cache.org

Optimising Web Delivery

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors
