PeekingPeerConnector.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SRC_SSL_PEEKINGPEERCONNECTOR_H
10 #define SQUID_SRC_SSL_PEEKINGPEERCONNECTOR_H
11 
12 #include "security/PeerConnector.h"
13 
14 #if USE_OPENSSL
15 
16 namespace Ssl
17 {
18 
20 class PeekingPeerConnector: public Security::PeerConnector {
21  CBDATA_CHILD(PeekingPeerConnector);
22 public:
23  PeekingPeerConnector(HttpRequestPointer &aRequest,
24  const Comm::ConnectionPointer &aServerConn,
25  const Comm::ConnectionPointer &aClientConn,
26  const AsyncCallback<Security::EncryptorAnswer> &aCallback,
27  const AccessLogEntryPointer &alp,
28  time_t timeout = 0);
29 
30  /* Security::PeerConnector API */
31  bool initialize(Security::SessionPointer &) override;
32  Security::FuturePeerContext *peerContext() const override;
33  void noteWantWrite() override;
34  void noteNegotiationError(const Security::ErrorDetailPointer &) override;
35  void noteNegotiationDone(ErrorState *error) override;
36 
39  void handleServerCertificate();
40 
43  void checkForPeekAndSplice();
44 
46  void checkForPeekAndSpliceDone(Acl::Answer);
47 
49  void checkForPeekAndSpliceMatched(const Ssl::BumpMode finalMode);
50 
52  Ssl::BumpMode checkForPeekAndSpliceGuess() const;
53 
56  void serverCertificateVerified();
57 
59  void startTunneling();
60 
62  static void cbCheckForPeekAndSpliceDone(Acl::Answer, void *data);
63 
64 private:
65 
67  void tunnelInsteadOfNegotiating();
68 
69  Comm::ConnectionPointer clientConn;
70  AsyncCall::Pointer closeHandler;
71  bool splice;
72  bool serverCertificateHandled;
73 };
74 
75 } // namespace Ssl
76 
77 #endif /* USE_OPENSSL */
78 #endif /* SQUID_SRC_SSL_PEEKINGPEERCONNECTOR_H */
79 
Ssl::PeekingPeerConnector::startTunneling
void startTunneling()
Abruptly stops TLS negotiation and starts tunneling.
Definition: PeekingPeerConnector.cc:269
Ssl::PeekingPeerConnector::noteNegotiationDone
void noteNegotiationDone(ErrorState *error) override
Definition: PeekingPeerConnector.cc:222
error
void error(char *format,...)
Ssl::BumpMode
BumpMode
Definition: support.h:132
Ssl::PeekingPeerConnector::checkForPeekAndSpliceGuess
Ssl::BumpMode checkForPeekAndSpliceGuess() const
Guesses the final bumping decision when no ssl_bump rules match.
Definition: PeekingPeerConnector.cc:127
Security::FuturePeerContext
A combination of PeerOptions and the corresponding Context.
Definition: PeerOptions.h:154
Ssl::PeekingPeerConnector
A PeerConnector for HTTP origin servers. Capable of SslBumping.
Definition: PeekingPeerConnector.h:20
Ssl::PeekingPeerConnector::PeekingPeerConnector
PeekingPeerConnector(HttpRequestPointer &aRequest, const Comm::ConnectionPointer &aServerConn, const Comm::ConnectionPointer &aClientConn, const AsyncCallback< Security::EncryptorAnswer > &aCallback, const AccessLogEntryPointer &alp, time_t timeout=0)
Definition: PeekingPeerConnector.cc:28
Ssl::PeekingPeerConnector::splice
bool splice
whether we are going to splice or not
Definition: PeekingPeerConnector.h:71
Ssl
Definition: Xaction.cc:39
Ssl::PeekingPeerConnector::closeHandler
AsyncCall::Pointer closeHandler
we call this when the connection closed
Definition: PeekingPeerConnector.h:70
Ssl::PeekingPeerConnector::peerContext
Security::FuturePeerContext * peerContext() const override
Definition: PeekingPeerConnector.cc:144
Ssl::PeekingPeerConnector::clientConn
Comm::ConnectionPointer clientConn
TCP connection to the client.
Definition: PeekingPeerConnector.h:69
Ssl::PeekingPeerConnector::serverCertificateHandled
bool serverCertificateHandled
whether handleServerCertificate() succeeded
Definition: PeekingPeerConnector.h:72
Ssl::PeekingPeerConnector::CBDATA_CHILD
CBDATA_CHILD(PeekingPeerConnector)
Security::SessionPointer
std::shared_ptr< SSL > SessionPointer
Definition: Session.h:53
Ssl::PeekingPeerConnector::checkForPeekAndSpliceDone
void checkForPeekAndSpliceDone(Acl::Answer)
Callback function for ssl_bump acl check in step3 SSL bump step.
Definition: PeekingPeerConnector.cc:59
Ssl::PeekingPeerConnector::cbCheckForPeekAndSpliceDone
static void cbCheckForPeekAndSpliceDone(Acl::Answer, void *data)
A wrapper function for checkForPeekAndSpliceDone for use with acl.
Definition: PeekingPeerConnector.cc:51
Ssl::PeekingPeerConnector::initialize
bool initialize(Security::SessionPointer &) override
Definition: PeekingPeerConnector.cc:150
Ssl::PeekingPeerConnector::checkForPeekAndSpliceMatched
void checkForPeekAndSpliceMatched(const Ssl::BumpMode finalMode)
Handles the final bumping decision.
Definition: PeekingPeerConnector.cc:91
Ssl::PeekingPeerConnector::noteNegotiationError
void noteNegotiationError(const Security::ErrorDetailPointer &) override
Called when the SSL_connect function aborts with an SSL negotiation error.
Definition: PeekingPeerConnector.cc:306
Ssl::PeekingPeerConnector::tunnelInsteadOfNegotiating
void tunnelInsteadOfNegotiating()
Inform caller class that the SSL negotiation aborted.

 

Introduction

Documentation

Support

Miscellaneous