PeerOptions.h

Go to the documentation of this file.

/*
 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */
 
#ifndef SQUID_SRC_SECURITY_PEEROPTIONS_H
#define SQUID_SRC_SECURITY_PEEROPTIONS_H
 
#include "base/YesNoNone.h"
#include "ConfigParser.h"
#include "security/Context.h"
#include "security/forward.h"
#include "security/KeyData.h"
#include "security/Session.h"
 
class Packable;
 
namespace Security
{
 
class PeerOptions
{
public:
    PeerOptions();
    PeerOptions(const PeerOptions &) = default;
    PeerOptions &operator =(const PeerOptions &) = default;
    PeerOptions(PeerOptions &&) = default;
    PeerOptions &operator =(PeerOptions &&) = default;
    virtual ~PeerOptions() {}
 
    virtual void parse(const char *);
 
    void parseOptions();
 
    virtual void clear() {*this = PeerOptions();}
 
    virtual Security::ContextPointer createBlankContext() const;
 
    Security::ContextPointer createClientContext(bool setOptions);
 
    void updateTlsVersionLimits();
 
    void updateContextOptions(Security::ContextPointer &);
 
    void updateContextNpn(Security::ContextPointer &);
 
    void updateContextCa(Security::ContextPointer &);
 
    void updateContextCrl(Security::ContextPointer &);
 
    void updateContextTrust(Security::ContextPointer &);
 
    void updateSessionOptions(Security::SessionPointer &);
 
    virtual void dumpCfg(std::ostream &, const char *pfx) const;
 
private:
    ParsedPortFlags parseFlags();
    void loadCrlFile();
    void loadKeysFile();
 
public:
    SBuf sslOptions;     
    SBuf caDir;          
    SBuf crlFile;        
 
    SBuf sslCipher;
    SBuf sslFlags;       
    SBuf sslDomain;
 
    SBuf tlsMinVersion;  
 
private:
    SBuf tlsMinOptions;
 
    Security::ParsedOptions parsedOptions;
 
    bool optsReparse = true;
 
public:
    ParsedPortFlags parsedFlags = 0; 
 
    std::list<Security::KeyData> certs; 
    std::list<SBuf> caFiles;  
    Security::CertRevokeList parsedCrl; 
 
protected:
    template<typename T>
    Security::ContextPointer convertContextFromRawPtr(T ctx) const {
#if USE_OPENSSL
        debugs(83, 5, "SSL_CTX construct, this=" << (void*)ctx);
        return ContextPointer(ctx, [](SSL_CTX *p) {
            debugs(83, 5, "SSL_CTX destruct, this=" << (void*)p);
            SSL_CTX_free(p);
        });
#elif HAVE_LIBGNUTLS
        debugs(83, 5, "gnutls_certificate_credentials construct, this=" << (void*)ctx);
        return Security::ContextPointer(ctx, [](gnutls_certificate_credentials_t p) {
            debugs(83, 5, "gnutls_certificate_credentials destruct, this=" << (void*)p);
            gnutls_certificate_free_credentials(p);
        });
#else
        assert(!ctx);
        return Security::ContextPointer();
#endif
    }
 
    int sslVersion = 0;
 
    struct flags_ {
        flags_() : tlsDefaultCa(true), tlsNpn(true) {}
        flags_(const flags_ &) = default;
        flags_ &operator =(const flags_ &) = default;
 
        YesNoNone tlsDefaultCa;
 
        bool tlsNpn;
    } flags;
 
public:
    bool encryptTransport = false;
};
 
// XXX: Remove this shim after upgrading legacy code to store PeerContext
// objects instead of disjoint PeerOptons and Context objects (where PeerContext
// is a class that creates and manages {PeerOptions, ContextPointer} pair).
class FuturePeerContext
{
public:
    FuturePeerContext(PeerOptions &o, const ContextPointer &c): options(o), raw(c) {}
 
    PeerOptions &options; 
    const ContextPointer &raw; 
};
 
extern PeerOptions ProxyOutgoingConfig;
 
} // namespace Security
 
// parse the tls_outgoing_options directive
void parse_securePeerOptions(Security::PeerOptions *);
#define free_securePeerOptions(x) Security::ProxyOutgoingConfig.clear()
#define dump_securePeerOptions(e,n,x) do { PackableStream os_(*(e)); os_ << n; (x).dumpCfg(os_,""); os_ << '\n'; } while (false)
 
#endif /* SQUID_SRC_SECURITY_PEEROPTIONS_H */