NegotiationHistory_8cc_source.html

/*

 * Copyright (C) 1996-2025 The Squid Software Foundation and contributors

 *

 * Squid software is distributed under GPLv2+ license and includes

 * contributions from numerous individuals and organizations.

 * Please see the COPYING and CONTRIBUTORS files for details.

 */


#include "squid.h"

#include "MemBuf.h"

#include "security/NegotiationHistory.h"

#include "SquidConfig.h"

#if USE_OPENSSL

#include "ssl/bio.h"

#include "ssl/support.h"

#endif


Security::NegotiationHistory::NegotiationHistory()

#if USE_OPENSSL

    : cipher(nullptr)

#endif

{

}


const char *


Security::NegotiationHistory::printTlsVersion(AnyP::ProtocolVersion const &v) const

{

    if (!TlsFamilyProtocol(v))

        return nullptr;


    static char buf[512];

    snprintf(buf, sizeof(buf), "%s/%d.%d", AnyP::ProtocolType_str[v.protocol], v.major, v.minor);

    return buf;

}


#if USE_OPENSSL

static AnyP::ProtocolVersion


toProtocolVersion(const int v)

{

    switch(v) {

#if defined(TLS1_3_VERSION)

    case TLS1_3_VERSION:

        return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 3);

#endif

#if defined(TLS1_2_VERSION)

    case TLS1_2_VERSION:

        return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 2);

#endif

#if defined(TLS1_1_VERSION)

    case TLS1_1_VERSION:

        return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 1);

#endif

#if defined(TLS1_VERSION)

    case TLS1_VERSION:

        return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 0);

#endif

#if defined(SSL3_VERSION)

    case SSL3_VERSION:

        return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 3, 0);

#endif

#if defined(SSL2_VERSION)

    case SSL2_VERSION:

        return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 2, 0);

#endif

    default:

        return AnyP::ProtocolVersion();

    }

}


#endif


void


Security::NegotiationHistory::retrieveNegotiatedInfo(const Security::SessionPointer &session)

{

#if USE_OPENSSL

    if ((cipher = SSL_get_current_cipher(session.get()))) {

        // Set the negotiated version only if the cipher negotiated

        // else probably the negotiation is not completed and version

        // is not the final negotiated version

        version_ = toProtocolVersion(SSL_version(session.get()));

    }


    if (Debug::Enabled(83, 5)) {

        BIO *b = SSL_get_rbio(session.get());

        Ssl::Bio *bio = static_cast<Ssl::Bio *>(BIO_get_data(b));

        debugs(83, 5, "SSL connection info on FD " << bio->fd() <<

               " SSL version " << version_ <<

               " negotiated cipher " << cipherName());

    }

#else

    (void)session;

#endif

}


void


Security::NegotiationHistory::retrieveParsedInfo(Security::TlsDetails::Pointer const &details)

{

    if (details) {

        helloVersion_ = details->tlsVersion;

        supportedVersion_ = details->tlsSupportedVersion;

    }

}


const char *


Security::NegotiationHistory::cipherName() const

{

#if USE_OPENSSL

    if (!cipher)

        return nullptr;


    return SSL_CIPHER_get_name(cipher);

#else

    return nullptr;

#endif

}


MemBuf.h

toProtocolVersion
static AnyP::ProtocolVersion toProtocolVersion(const int v)
Definition NegotiationHistory.cc:38

NegotiationHistory.h

SquidConfig.h

bio.h

AnyP::ProtocolVersion
Definition ProtocolVersion.h:24

AnyP::ProtocolVersion::major
unsigned int major
major version number
Definition ProtocolVersion.h:40

AnyP::ProtocolVersion::protocol
ProtocolType protocol
which protocol this version is for
Definition ProtocolVersion.h:39

AnyP::ProtocolVersion::minor
unsigned int minor
minor version number
Definition ProtocolVersion.h:41

Debug::Enabled
static bool Enabled(const int section, const int level)
whether debugging the given section and the given level produces output
Definition Stream.h:75

RefCount< TlsDetails >

Security::NegotiationHistory::retrieveParsedInfo
void retrieveParsedInfo(Security::TlsDetails::Pointer const &details)
Extract information from parser stored in TlsDetails object.
Definition NegotiationHistory.cc:95

Security::NegotiationHistory::cipherName
const char * cipherName() const
Definition NegotiationHistory.cc:104

Security::NegotiationHistory::NegotiationHistory
NegotiationHistory()
Definition NegotiationHistory.cc:18

Security::NegotiationHistory::retrieveNegotiatedInfo
void retrieveNegotiatedInfo(const Security::SessionPointer &)
Extract negotiation information from TLS object.
Definition NegotiationHistory.cc:72

Security::NegotiationHistory::printTlsVersion
const char * printTlsVersion(AnyP::ProtocolVersion const &v) const
String representation of the TLS version 'v'.
Definition NegotiationHistory.cc:26

Security::TlsDetails::tlsSupportedVersion
AnyP::ProtocolVersion tlsSupportedVersion
Definition Handshake.h:35

Security::TlsDetails::tlsVersion
AnyP::ProtocolVersion tlsVersion
The TLS hello message version.
Definition Handshake.h:31

Ssl::Bio
BIO source and sink node, handling socket I/O and monitoring SSL state.
Definition bio.h:34

Ssl::Bio::fd
int fd() const
The SSL socket descriptor.
Definition bio.h:49

debugs
#define debugs(SECTION, LEVEL, CONTENT)
Definition Stream.h:192

AnyP::ProtocolType_str
const char * ProtocolType_str[]

AnyP::PROTO_TLS
@ PROTO_TLS
Definition ProtocolType.h:38

AnyP::PROTO_SSL
@ PROTO_SSL
Definition ProtocolType.h:39

Security::SessionPointer
std::shared_ptr< SSL > SessionPointer
Definition Session.h:53

Security::TlsFamilyProtocol
bool TlsFamilyProtocol(const AnyP::ProtocolVersion &version)
whether the given protocol belongs to the TLS/SSL group of protocols
Definition Handshake.h:133

BIO_get_data
void * BIO_get_data(BIO *table)
Definition openssl.h:62

squid.h

support.h