squid : Optimising Web Delivery

Go to the documentation of this file.

 /*
  * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
  *
  * Squid software is distributed under GPLv2+ license and includes
  * contributions from numerous individuals and organizations.
  * Please see the COPYING and CONTRIBUTORS files for details.
  */
  
 #include "squid.h"
 #include "AccessLogEntry.h"
 #include "comm/Connection.h"
 #include "HttpRequest.h"
  
 #define STUB_API "security/libsecurity.la"
 #include "tests/STUB.h"
  
 #include "security/BlindPeerConnector.h"
 CBDATA_NAMESPACED_CLASS_INIT(Security, BlindPeerConnector);
 namespace Security
 {
 BlindPeerConnector::BlindPeerConnector(HttpRequestPointer &, const Comm::ConnectionPointer & aServerConn,
                                        const AsyncCallback<EncryptorAnswer> & aCallback,
                                        const AccessLogEntryPointer &alp,
                                        time_t) :
     AsyncJob("Security::BlindPeerConnector"),
     Security::PeerConnector(aServerConn, aCallback, alp, 0)
 {STUB_NOP}
  
 bool BlindPeerConnector::initialize(Security::SessionPointer &) STUB_RETVAL(false)
 FuturePeerContext *BlindPeerConnector::peerContext() const STUB_RETVAL(nullptr)
 void BlindPeerConnector::noteNegotiationDone(ErrorState *) STUB
 }
  
 #include "security/EncryptorAnswer.h"
 Security::EncryptorAnswer::~EncryptorAnswer() {}
 std::ostream &Security::operator <<(std::ostream &os, const Security::EncryptorAnswer &) STUB_RETVAL(os)
  
 #include "security/Certificate.h"
 SBuf Security::SubjectName(Certificate &) STUB_RETVAL(SBuf())
 SBuf Security::IssuerName(Certificate &) STUB_RETVAL(SBuf())
 bool Security::IssuedBy(Certificate &, Certificate &) STUB_RETVAL(false)
 std::ostream &operator <<(std::ostream &os, Security::Certificate &) STUB_RETVAL(os)
  
 #include "security/Handshake.h"
 Security::HandshakeParser::HandshakeParser(MessageSource) STUB
 bool Security::HandshakeParser::parseHello(const SBuf &) STUB_RETVAL(false)
  
 #include "security/Io.h"
 Security::IoResult Security::Accept(Comm::Connection &) STUB_RETVAL(IoResult(IoResult::ioError))
 Security::IoResult Security::Connect(Comm::Connection &) STUB_RETVAL(IoResult(IoResult::ioError))
 void Security::IoResult::printGist(std::ostream &) const STUB
 void Security::IoResult::printWithExtras(std::ostream &) const STUB
 void Security::ForgetErrors() STUB
  
 #include "security/KeyData.h"
 namespace Security
 {
 void KeyData::loadFromFiles(const AnyP::PortCfg &, const char *) STUB
 }
  
 #include "security/KeyLogger.h"
 void Security::KeyLogger::maybeLog(const Connection &, const Acl::ChecklistFiller &) STUB
  
 #include "security/ErrorDetail.h"
 Security::ErrorDetail::ErrorDetail(ErrorCode, const CertPointer &, const CertPointer &, const char *) STUB
 #if USE_OPENSSL
 Security::ErrorDetail::ErrorDetail(ErrorCode, int, int) STUB
 #elif HAVE_LIBGNUTLS
 Security::ErrorDetail::ErrorDetail(ErrorCode, LibErrorCode, int) STUB
 #endif
 void Security::ErrorDetail::setPeerCertificate(const CertPointer &) STUB
 SBuf Security::ErrorDetail::verbose(const HttpRequestPointer &) const STUB_RETVAL(SBuf())
 SBuf Security::ErrorDetail::brief() const STUB_RETVAL(SBuf())
 Security::ErrorCode Security::ErrorCodeFromName(const char *) STUB_RETVAL(0)
 const char *Security::ErrorNameFromCode(ErrorCode, bool) STUB_RETVAL("")
  
 #include "security/NegotiationHistory.h"
 Security::NegotiationHistory::NegotiationHistory() STUB
 void Security::NegotiationHistory::retrieveNegotiatedInfo(const Security::SessionPointer &) STUB
 void Security::NegotiationHistory::retrieveParsedInfo(Security::TlsDetails::Pointer const &) STUB
 const char *Security::NegotiationHistory::cipherName() const STUB
 const char *Security::NegotiationHistory::printTlsVersion(AnyP::ProtocolVersion const &) const STUB
  
 #include "security/PeerConnector.h"
 class TlsNegotiationDetails: public RefCountable {};
 namespace Security
 {
 PeerConnector::PeerConnector(const Comm::ConnectionPointer &, const AsyncCallback<EncryptorAnswer> &, const AccessLogEntryPointer &, const time_t):
     AsyncJob("Security::PeerConnector") {STUB}
 PeerConnector::~PeerConnector() STUB
 void PeerConnector::start() STUB
 bool PeerConnector::doneAll() const STUB_RETVAL(true)
 void PeerConnector::swanSong() STUB
 const char *PeerConnector::status() const STUB_RETVAL("")
 void PeerConnector::fillChecklist(ACLFilledChecklist &) const STUB
 void PeerConnector::commCloseHandler(const CommCloseCbParams &) STUB
 void PeerConnector::commTimeoutHandler(const CommTimeoutCbParams &) STUB
 bool PeerConnector::initialize(Security::SessionPointer &) STUB_RETVAL(false)
 void PeerConnector::negotiate() STUB
 bool PeerConnector::sslFinalized() STUB_RETVAL(false)
 void PeerConnector::handleNegotiationResult(const Security::IoResult &) STUB;
 void PeerConnector::noteWantRead() STUB
 void PeerConnector::noteWantWrite() STUB
 void PeerConnector::noteNegotiationError(const Security::ErrorDetailPointer &) STUB
 void PeerConnector::bail(ErrorState *) STUB
 void PeerConnector::sendSuccess() STUB
 void PeerConnector::callBack() STUB
 void PeerConnector::disconnect() STUB
 void PeerConnector::countFailingConnection() STUB
 void PeerConnector::recordNegotiationDetails() STUB
 EncryptorAnswer &PeerConnector::answer() STUB_RETREF(EncryptorAnswer)
 }
  
 #include "security/PeerOptions.h"
 Security::PeerOptions Security::ProxyOutgoingConfig;
  
 Security::PeerOptions::PeerOptions() {
 #if USE_OPENSSL
     parsedOptions = 0;
 #endif
     STUB_NOP
 }
 void Security::PeerOptions::parse(char const*) STUB
 Security::ContextPointer Security::PeerOptions::createClientContext(bool) STUB_RETVAL(Security::ContextPointer())
 void Security::PeerOptions::updateTlsVersionLimits() STUB
 Security::ContextPointer Security::PeerOptions::createBlankContext() const STUB_RETVAL(Security::ContextPointer())
 void Security::PeerOptions::updateContextCa(Security::ContextPointer &) STUB
 void Security::PeerOptions::updateContextCrl(Security::ContextPointer &) STUB
 void Security::PeerOptions::updateContextTrust(Security::ContextPointer &) STUB
 void Security::PeerOptions::updateSessionOptions(Security::SessionPointer &) STUB
 void Security::PeerOptions::dumpCfg(std::ostream &, char const*) const STUB
 void Security::PeerOptions::parseOptions() STUB
 void parse_securePeerOptions(Security::PeerOptions *) STUB
  
 #include "security/ServerOptions.h"
 //Security::ServerOptions::ServerOptions(const Security::ServerOptions &) STUB
 Security::ServerOptions &Security::ServerOptions::operator=(Security::ServerOptions const&) STUB_RETVAL(*this);
 void Security::ServerOptions::parse(const char *) STUB
 void Security::ServerOptions::dumpCfg(std::ostream &, const char *) const STUB
 Security::ContextPointer Security::ServerOptions::createBlankContext() const STUB_RETVAL(Security::ContextPointer())
 void Security::ServerOptions::initServerContexts(AnyP::PortCfg&) STUB
 bool Security::ServerOptions::createStaticServerContext(AnyP::PortCfg &) STUB_RETVAL(false)
 void Security::ServerOptions::createSigningContexts(const AnyP::PortCfg &) STUB
 bool Security::ServerOptions::updateContextConfig(Security::ContextPointer &) STUB_RETVAL(false)
 void Security::ServerOptions::updateContextEecdh(Security::ContextPointer &) STUB
 void Security::ServerOptions::updateContextClientCa(Security::ContextPointer &) STUB
 void Security::ServerOptions::syncCaFiles() STUB
 void Security::ServerOptions::updateContextSessionId(Security::ContextPointer &) STUB
  
 #include "security/Session.h"
 namespace Security {
 bool CreateClientSession(FuturePeerContext &, const Comm::ConnectionPointer &, const char *) STUB_RETVAL(false)
 bool CreateServerSession(const Security::ContextPointer &, const Comm::ConnectionPointer &, Security::PeerOptions &, const char *) STUB_RETVAL(false)
 void SessionSendGoodbye(const Security::SessionPointer &) STUB
 bool SessionIsResumed(const Security::SessionPointer &) STUB_RETVAL(false)
 void MaybeGetSessionResumeData(const Security::SessionPointer &, Security::SessionStatePointer &) STUB
 void SetSessionResumeData(const Security::SessionPointer &, const Security::SessionStatePointer &) STUB
 #if USE_OPENSSL
 void SetSessionCacheCallbacks(Security::ContextPointer &) STUB
 Security::SessionPointer NewSessionObject(const Security::ContextPointer &) STUB_RETVAL(nullptr)
 #endif
 } // namespace Security
  

Security::ErrorCodeFromName

ErrorCode ErrorCodeFromName(const char *name)

Definition: ErrorDetail.cc:410

AsyncJob

Definition: AsyncJob.h:31

Security::ErrorCode

int ErrorCode

Squid-defined error code (<0), an error code returned by X.509 API, or zero.

Definition: forward.h:131

ACLFilledChecklist

Definition: FilledChecklist.h:33

Security::ServerOptions::parse

void parse(const char *) override

parse a TLS squid.conf option

Definition: ServerOptions.cc:60

Security::ErrorDetail::verbose

SBuf verbose(const HttpRequestPointer &) const override

Definition: ErrorDetail.cc:534

Security::ContextPointer

std::shared_ptr< SSL_CTX > ContextPointer

Definition: Context.h:29

Security::IoResult::printWithExtras

void printWithExtras(std::ostream &) const

Definition: Io.cc:59

Security::PeerOptions::createClientContext

Security::ContextPointer createClientContext(bool setOptions)

generate a security client-context from these configured options

Definition: PeerOptions.cc:271

Connection.h

Security::MaybeGetSessionResumeData

void MaybeGetSessionResumeData(const Security::SessionPointer &, Security::SessionStatePointer &data)

Definition: Session.cc:226

Security::PeerOptions::PeerOptions

PeerOptions()

Definition: PeerOptions.cc:26

Security::PeerConnector::PeerConnector

PeerConnector(const Comm::ConnectionPointer &aServerConn, const AsyncCallback< EncryptorAnswer > &, const AccessLogEntryPointer &alp, const time_t timeout=0)

Definition: PeerConnector.cc:40

Ftp::ProtocolVersion

AnyP::ProtocolVersion ProtocolVersion()

Protocol version to use in Http::Message structures wrapping FTP messages.

Definition: Elements.cc:24

STUB_RETVAL

#define STUB_RETVAL(x)

Definition: STUB.h:42

Security::EncryptorAnswer

Definition: EncryptorAnswer.h:21

Security::CertPointer

Security::LockingPointer< X509, X509_free_cpp, HardFun< int, X509 *, X509_up_ref > > CertPointer

Definition: forward.h:88

Security::BlindPeerConnector::BlindPeerConnector

BlindPeerConnector(HttpRequestPointer &aRequest, const Comm::ConnectionPointer &aServerConn, const AsyncCallback< EncryptorAnswer > &aCallback, const AccessLogEntryPointer &alp, time_t timeout=0)

Definition: BlindPeerConnector.cc:89

SBuf

Definition: SBuf.h:93

AsyncCallback

a smart AsyncCall pointer for delivery of future results

Definition: AsyncCallbacks.h:31

Security::ServerOptions::dumpCfg

void dumpCfg(std::ostream &, const char *pfx) const override

output squid.conf syntax with 'pfx' prefix on parameters for the stored settings

Definition: ServerOptions.cc:140

Comm

Abstraction layer for TCP, UDP, TLS, UDS and filedescriptor sockets.

Definition: AcceptLimiter.h:16

Security::IoResult

a summary a TLS I/O operation outcome

Definition: Io.h:19

Security::HandshakeParser::HandshakeParser

HandshakeParser(MessageSource)

Definition: Handshake.cc:219

ErrorDetail.h

Comm::Connection

Definition: Connection.h:72

BlindPeerConnector.h

RefCountable

Security::SubjectName

SBuf SubjectName(Certificate &)

The SubjectName field of the given certificate (if found) or an empty SBuf.

Definition: Certificate.cc:68

Security::ProxyOutgoingConfig

PeerOptions ProxyOutgoingConfig

configuration options for DIRECT server access

Definition: PeerOptions.cc:24

Security::IoResult::printGist

void printGist(std::ostream &) const

reports brief summary (on one line) suitable for low-level debugging

Definition: Io.cc:50

Security::SessionSendGoodbye

void SessionSendGoodbye(const Security::SessionPointer &)

send the shutdown/bye notice for an active TLS session.

Definition: Session.cc:200

Security::IoResult::ioError

@ ioError

Definition: Io.h:24

Security::SessionIsResumed

bool SessionIsResumed(const Security::SessionPointer &)

whether the session is a resumed one

Definition: Session.cc:213

AnyP::PortCfg

Definition: PortCfg.h:23

Security::ConnectionPointer

SessionPointer::element_type * ConnectionPointer

Definition: Io.cc:23

Security::KeyData::loadFromFiles

void loadFromFiles(const AnyP::PortCfg &, const char *portType)

load the contents of certFile and privateKeyFile into memory cert, pkey and chain

Definition: KeyData.cc:182

AnyP

Definition: forward.h:14

Security::PeerOptions

TLS squid.conf settings for a remote server peer.

Definition: PeerOptions.h:25

Security::ErrorDetail::setPeerCertificate

void setPeerCertificate(const CertPointer &)

Definition: ErrorDetail.cc:490

Security::ErrorDetail::ErrorDetail

ErrorDetail(ErrorCode err_no, const CertPointer &peer, const CertPointer &broken, const char *aReason=nullptr)

Definition: ErrorDetail.cc:466

Security::NegotiationHistory::NegotiationHistory

NegotiationHistory()

Definition: NegotiationHistory.cc:18

Security::SetSessionCacheCallbacks

void SetSessionCacheCallbacks(Security::ContextPointer &)

Setup the given TLS context with callbacks used to manage the session cache.

Definition: Session.cc:376

Security::operator<<

std::ostream & operator<<(std::ostream &, const EncryptorAnswer &)

Definition: EncryptorAnswer.cc:20

Security::NewSessionObject

Security::SessionPointer NewSessionObject(const Security::ContextPointer &)

Definition: Session.cc:90

STUB_RETREF

#define STUB_RETREF(x)

Definition: STUB.h:52

Security::ForgetErrors

void ForgetErrors()

clear any errors that a TLS library has accumulated in its global storage

Definition: Io.cc:71

Security::HandshakeParser::parseHello

bool parseHello(const SBuf &data)

Definition: Handshake.cc:641

Security::Connection

SSL Connection

Definition: Session.h:49

KeyLogger.h

Security::IssuerName

SBuf IssuerName(Certificate &)

The Issuer field of the given certificate (if found) or an empty SBuf.

Definition: Certificate.cc:28

STUB

#define STUB

macro to stub a void function.

Definition: STUB.h:34

Security::ErrorNameFromCode

const char * ErrorNameFromCode(ErrorCode err, bool prefixRawCode=false)

Definition: ErrorDetail.cc:430

Security::KeyLogger::maybeLog

void maybeLog(const Connection &, const Acl::ChecklistFiller &)

(slowly checks logging preconditions and) logs if possible

Definition: KeyLogger.cc:22

Security::CreateServerSession

bool CreateServerSession(const Security::ContextPointer &, const Comm::ConnectionPointer &, Security::PeerOptions &, const char *squidCtx)

Definition: Session.cc:194

RefCount

Definition: forward.h:15

Security::ServerOptions::createBlankContext

Security::ContextPointer createBlankContext() const override

generate an unset security context object

Definition: ServerOptions.cc:163

Security::IssuedBy

bool IssuedBy(Certificate &cert, Certificate &issuer)

Definition: Certificate.cc:108

Security::ServerOptions

TLS squid.conf settings for a listening port.

Definition: ServerOptions.h:25

Security::Certificate

X509 Certificate

Definition: forward.h:79

HttpRequest.h

Security::SessionPointer

std::shared_ptr< SSL > SessionPointer

Definition: Session.h:53

STUB.h

Security::CreateClientSession

bool CreateClientSession(FuturePeerContext &, const Comm::ConnectionPointer &, const char *squidCtx)

Definition: Session.cc:183

Security::SessionStatePointer

std::unique_ptr< SSL_SESSION, HardFun< void, SSL_SESSION *, &SSL_SESSION_free > > SessionStatePointer

Definition: Session.h:55

STUB_NOP

#define STUB_NOP

Definition: STUB.h:38

Security::Connect

IoResult Connect(Comm::Connection &transport)

establish a TLS connection over the specified from-Squid transport connection

Definition: Io.cc:226

CBDATA_NAMESPACED_CLASS_INIT

CBDATA_NAMESPACED_CLASS_INIT(Security, BlindPeerConnector)

CommTimeoutCbParams

Definition: CommCalls.h:133

IoResult

Definition: DiskThreadsDiskFile.h:70

CommCloseCbParams

Definition: CommCalls.h:127

Security::PeerOptions::parsedOptions

Security::ParsedOptions parsedOptions

Definition: PeerOptions.h:97

Security::Accept

IoResult Accept(Comm::Connection &transport)

accept a TLS connection over the specified to-Squid transport connection

Definition: Io.cc:211

ErrorState

Definition: errorpage.h:88

Security::ServerOptions::operator=

ServerOptions & operator=(const ServerOptions &)

Definition: ServerOptions.cc:35

ErrorDetail

interface for supplying additional information about a transaction failure

Definition: Detail.h:20

AccessLogEntry.h

squid.h

Security

Network/connection security abstraction layer.

Definition: Connection.h:33

Acl::ChecklistFiller

an interface for those capable of configuring an ACLFilledChecklist object

Definition: ChecklistFiller.h:18

parse_securePeerOptions

void parse_securePeerOptions(Security::PeerOptions *opt)

Definition: PeerOptions.cc:805

Security::EncryptorAnswer::~EncryptorAnswer

~EncryptorAnswer()

deletes error if it is still set

Definition: EncryptorAnswer.cc:14

Security::LibErrorCode

unsigned long LibErrorCode

TLS library-reported non-validation error.

Definition: forward.h:141

Security::PeerOptions::parse

virtual void parse(const char *)

parse a TLS squid.conf option

Definition: PeerOptions.cc:33

Security::SetSessionResumeData

void SetSessionResumeData(const Security::SessionPointer &, const Security::SessionStatePointer &)

squid-cache.org

Optimising Web Delivery

Introduction

Documentation

Support

Miscellaneous