9#ifndef SQUID_SRC_SECURITY_PEERCONNECTOR_H
10#define SQUID_SRC_SECURITY_PEERCONNECTOR_H
58 const time_t timeout = 0);
66 void start()
override;
69 const char *
status()
const override;
RefCount< AccessLogEntry > AccessLogEntryPointer
void error(char *format,...)
an interface for those capable of configuring an ACLFilledChecklist object
a smart AsyncCall pointer for delivery of future results
A combination of PeerOptions and the corresponding Context.
a summary a TLS I/O operation outcome
manages collecting and logging secrets of a TLS connection to tls_key_log
void countFailingConnection()
updates connection usage history before the connection is closed
virtual void noteNegotiationDone(ErrorState *)
CbcPointer< PeerConnector > Pointer
Ssl::X509_STACK_Pointer downloadedCerts
successfully downloaded intermediate certificates (omitted by the peer)
void negotiateSsl()
Comm::SetSelect() callback. Direct calls tickle/resume negotiations.
void commCloseHandler(const CommCloseCbParams ¶ms)
The comm_close callback handler.
void sslCrtvdHandleReply(Ssl::CertValidationResponsePointer &)
Process response from cert validator helper.
time_t startTime
when the peer connector negotiation started
AsyncCall::Pointer closeHandler
we call this when the connection closed
void startCertDownloading(SBuf &url)
Start downloading procedure for the given URL.
virtual bool initialize(Security::SessionPointer &)
bool noteFwdPconnUse
hack: whether the connection requires fwdPconnPool->noteUses()
JobWait< Downloader > certDownloadWait
waits for the missing certificate to be downloaded
void bail(ErrorState *error)
sends the given error to the initiator
virtual void noteNegotiationError(const Security::ErrorDetailPointer &)
Called when the SSL_connect function aborts with an SSL negotiation error.
EncryptorAnswer & answer()
convenience method to get to the answer fields
~PeerConnector() override
virtual void noteWantWrite()
bool computeMissingCertificateUrls(const Connection &)
finds URLs of (some) missing intermediate certificates or returns false
void handleMissingCertificates(const Security::IoResult &lastError)
Either initiates fetching of missing certificates or bails with an error.
std::queue< SBuf > urlsOfMissingCerts
The list of URLs where missing certificates should be downloaded.
HttpRequestPointer request
peer connection trigger or cause
PeerConnector & operator=(const PeerConnector &)
Security::IoResultPointer suspendedError_
outcome of the last (failed and) suspended negotiation attempt (or nil)
time_t negotiationTimeout
the SSL connection timeout to use
void resumeNegotiation()
Resumes TLS negotiation paused by suspendNegotiation()
static const unsigned int MaxNestedDownloads
The maximum number of inter-dependent Downloader jobs a worker may initiate.
void start() override
Preps connection and SSL state. Calls negotiate().
PeerConnector(const PeerConnector &)
Comm::ConnectionPointer const & serverConnection() const
mimics FwdState to minimize changes to FwdState::initiate/negotiateSsl
virtual FuturePeerContext * peerContext() const =0
void handleNegotiationResult(const Security::IoResult &)
Called after each negotiation step to handle the result.
void commTimeoutHandler(const CommTimeoutCbParams &)
The connection read timeout callback handler.
void bypassCertValidator()
If called the certificates validator will not used.
void fillChecklist(ACLFilledChecklist &) const override
configure the given checklist (to reflect the current transaction state)
bool doneAll() const override
whether positive goal has been reached
Security::KeyLogger keyLogger
managers logging of the being-established TLS connection secrets
AccessLogEntryPointer al
info for the future access.log entry
static void NegotiateSsl(int fd, void *data)
A wrapper for Comm::SetSelect() notifications.
void disconnect()
a bail(), sendSuccess() helper: stops monitoring the connection
unsigned int certsDownloads
the number of downloaded missing certificates
AsyncCallback< EncryptorAnswer > callback
answer destination
bool isSuspended() const
Whether TLS negotiation has been paused and not yet resumed.
void sendSuccess()
sends the encrypted connection to the initiator
void certDownloadingDone(DownloaderAnswer &)
Called by Downloader after a certificate object downloaded.
unsigned int certDownloadNestingLevel() const
the number of concurrent PeerConnector jobs waiting for us
void callBack()
a bail(), sendSuccess() helper: sends results to the initiator
static const unsigned int MaxCertsDownloads
The maximum number of missing certificates a single PeerConnector may download.
Comm::ConnectionPointer serverConn
TCP connection to the peer.
void suspendNegotiation(const Security::IoResult &lastError)
const char * status() const override
internal cleanup; do not call directly
Security::CertErrors * sslCrtvdCheckForErrors(Ssl::CertValidationResponse const &, ErrorDetailPointer &)
Check SSL errors returned from cert validator against sslproxy_cert_error access list.
void recordNegotiationDetails()
Network/connection security abstraction layer.
RefCount< IoResult > IoResultPointer
std::shared_ptr< SSL > SessionPointer
std::unique_ptr< STACK_OF(X509), sk_X509_free_wrapper > X509_STACK_Pointer
1.9.8