TLS squid.conf settings for a remote server peer. More...

#include <PeerOptions.h>

Inheritance diagram for Security::PeerOptions:

Collaboration diagram for Security::PeerOptions:

Classes
struct	flags_
	flags governing Squid internal TLS operations More...

Public Member Functions
	PeerOptions ()

	PeerOptions (const PeerOptions &)=default

PeerOptions &	operator= (const PeerOptions &)=default

	PeerOptions (PeerOptions &&)=default

PeerOptions &	operator= (PeerOptions &&)=default

virtual	~PeerOptions ()

virtual void	parse (const char *)
	parse a TLS squid.conf option

void	parseOptions ()
	parse and verify the [tls-]options= string in sslOptions

virtual void	clear ()
	reset the configuration details to default

virtual Security::ContextPointer	createBlankContext () const
	generate an unset security context object

Security::ContextPointer	createClientContext (bool setOptions)
	generate a security client-context from these configured options

void	updateTlsVersionLimits ()
	sync the context options with tls-min-version=N configuration

void	updateContextOptions (Security::ContextPointer &)
	Setup the library specific 'options=' parameters for the given context.

void	updateContextNpn (Security::ContextPointer &)
	setup the NPN extension details for the given context

void	updateContextCa (Security::ContextPointer &)
	setup the CA details for the given context

void	updateContextCrl (Security::ContextPointer &)
	setup the CRL details for the given context

void	updateContextTrust (Security::ContextPointer &)
	decide which CAs to trust

void	updateSessionOptions (Security::SessionPointer &)
	setup any library-specific options that can be set for the given session

virtual void	dumpCfg (std::ostream &, const char *pfx) const
	output squid.conf syntax with 'pfx' prefix on parameters for the stored settings

Public Attributes
SBuf	sslOptions
	library-specific options string

SBuf	caDir
	path of directory containing a set of trusted Certificate Authorities

SBuf	crlFile
	path of file containing Certificate Revoke List

SBuf	sslCipher

SBuf	sslFlags
	flags defining what TLS operations Squid performs

SBuf	sslDomain

SBuf	tlsMinVersion
	version label for minimum TLS version to permit

ParsedPortFlags	parsedFlags = 0
	parsed value of sslFlags

std::list< Security::KeyData >	certs
	details from the cert= and file= config parameters

std::list< SBuf >	caFiles
	paths of files containing trusted Certificate Authority

Security::CertRevokeList	parsedCrl
	CRL to use when verifying the remote end certificate.

bool	encryptTransport = false
	whether transport encryption (TLS/SSL) is to be used on connections to the peer

Protected Member Functions
template<typename T >
Security::ContextPointer	convertContextFromRawPtr (T ctx) const

Protected Attributes
int	sslVersion = 0

struct Security::PeerOptions::flags_	flags

Private Member Functions
ParsedPortFlags	parseFlags ()

void	loadCrlFile ()

void	loadKeysFile ()

Private Attributes
SBuf	tlsMinOptions

Security::ParsedOptions	parsedOptions

bool	optsReparse = true
	whether parsedOptions content needs to be regenerated

Detailed Description

Definition at line 25 of file PeerOptions.h.

Constructor & Destructor Documentation

◆ PeerOptions() [1/3]

Security::PeerOptions::PeerOptions ( )

Definition at line 31 of file PeerOptions.cc.

References parseOptions().

Referenced by clear().

◆ PeerOptions() [2/3]

Security::PeerOptions::PeerOptions ( const PeerOptions & )

default

◆ PeerOptions() [3/3]

Security::PeerOptions::PeerOptions ( PeerOptions && )

default

◆ ~PeerOptions()

virtual Security::PeerOptions::~PeerOptions ( )

inlinevirtual

Definition at line 33 of file PeerOptions.h.

Member Function Documentation

◆ clear()

virtual void Security::PeerOptions::clear ( )

inlinevirtual

Reimplemented in Security::ServerOptions.

Definition at line 42 of file PeerOptions.h.

References PeerOptions().

◆ convertContextFromRawPtr()

template<typename T >

Security::ContextPointer Security::PeerOptions::convertContextFromRawPtr ( T ctx ) const

inlineprotected

Definition at line 111 of file PeerOptions.h.

References assert, and debugs.

◆ createBlankContext()

Security::ContextPointer Security::PeerOptions::createBlankContext ( ) const

virtual

Reimplemented in Security::ServerOptions.

Definition at line 246 of file PeerOptions.cc.

References debugs, Security::ErrorString(), fatalf(), Ssl::Initialize(), and TLS_client_method.

◆ createClientContext()

Security::ContextPointer Security::PeerOptions::createClientContext ( bool setOptions )

Definition at line 276 of file PeerOptions.cc.

References Ssl::InitClientContext().

Referenced by configDoConfigure().

◆ dumpCfg()

void Security::PeerOptions::dumpCfg	(	std::ostream &	os,
		const char *	pfx
	)		const

virtual

Reimplemented in Security::ServerOptions.

Definition at line 110 of file PeerOptions.cc.

Referenced by dump_peer_options(), and Security::ServerOptions::dumpCfg().

◆ loadCrlFile()

void Security::PeerOptions::loadCrlFile ( )

private

Load a CRLs list stored in the file whose /path/name is in crlFile replaces any CRL loaded previously

Definition at line 618 of file PeerOptions.cc.

References debugs.

◆ loadKeysFile()

void Security::PeerOptions::loadKeysFile ( )

private

◆ operator=() [1/2]

PeerOptions & Security::PeerOptions::operator= ( const PeerOptions & )

default

Referenced by Security::ServerOptions::operator=().

◆ operator=() [2/2]

PeerOptions & Security::PeerOptions::operator= ( PeerOptions && )

default

◆ parse()

void Security::PeerOptions::parse ( const char * token )

virtual

Reimplemented in Security::ServerOptions.

Definition at line 38 of file PeerOptions.cc.

References Security::KeyData::certFile, DBG_CRITICAL, DBG_PARSE_NOTE, debugs, fatal(), fatalf(), Security::KeyData::privateKeyFile, and xatoi().

Referenced by Security::ServerOptions::parse(), parse_obsolete(), and parse_securePeerOptions().

◆ parseFlags()

Security::ParsedPortFlags Security::PeerOptions::parseFlags ( )

private

Parses the TLS flags squid.conf parameter

Definition at line 554 of file PeerOptions.cc.

References DBG_IMPORTANT, DBG_PARSE_NOTE, debugs, fatal(), fatalf(), Here, SQUIDSBUFPH, SQUIDSBUFPRINT, SSL_FLAG_CONDITIONAL_AUTH, SSL_FLAG_DELAYED_AUTH, SSL_FLAG_DONT_VERIFY_DOMAIN, SSL_FLAG_DONT_VERIFY_PEER, SSL_FLAG_NO_DEFAULT_CA, SSL_FLAG_NO_SESSION_REUSE, SSL_FLAG_VERIFY_CRL, and SSL_FLAG_VERIFY_CRL_ALL.

◆ parseOptions()

void Security::PeerOptions::parseOptions ( )

Pre-parse TLS options= parameter to be applied when the TLS objects created. Options must not used in the case of peek or stare bump mode.

Definition at line 447 of file PeerOptions.cc.

References CharacterSet::ALPHA, SBuf::append(), Parser::Tokenizer::atEnd(), SBuf::c_str(), SBuf::cmp(), DBG_IMPORTANT, DBG_PARSE_NOTE, debugs, CharacterSet::DIGIT, Security::ErrorString(), fatalf(), Parser::Tokenizer::int64(), SBuf::isEmpty(), ssl_option::name, SQUIDSBUFPH, SQUIDSBUFPRINT, and ssl_options.

Referenced by PeerOptions(), and parse_securePeerOptions().

◆ updateContextCa()

void Security::PeerOptions::updateContextCa ( Security::ContextPointer & ctx )

Definition at line 696 of file PeerOptions.cc.

References DBG_IMPORTANT, debugs, Security::ErrorString(), and loadSystemTrustedCa().

◆ updateContextCrl()

void Security::PeerOptions::updateContextCrl ( Security::ContextPointer & ctx )

Definition at line 732 of file PeerOptions.cc.

References debugs, SSL_FLAG_VERIFY_CRL, and SSL_FLAG_VERIFY_CRL_ALL.

◆ updateContextNpn()

void Security::PeerOptions::updateContextNpn ( Security::ContextPointer & ctx )

Definition at line 664 of file PeerOptions.cc.

◆ updateContextOptions()

void Security::PeerOptions::updateContextOptions ( Security::ContextPointer & ctx )

Definition at line 639 of file PeerOptions.cc.

◆ updateContextTrust()

void Security::PeerOptions::updateContextTrust ( Security::ContextPointer & ctx )

Definition at line 759 of file PeerOptions.cc.

References assert, DBG_IMPORTANT, debugs, and Security::ErrorString().

◆ updateSessionOptions()

void Security::PeerOptions::updateSessionOptions ( Security::SessionPointer & s )

Definition at line 779 of file PeerOptions.cc.

References DBG_IMPORTANT, debugs, and Security::ErrorString().

Referenced by CreateSession().

◆ updateTlsVersionLimits()

void Security::PeerOptions::updateTlsVersionLimits ( )

Definition at line 158 of file PeerOptions.cc.

References SBuf::append(), SBuf::chop(), DBG_PARSE_NOTE, and debugs.

Member Data Documentation

◆ caDir

SBuf Security::PeerOptions::caDir

Definition at line 81 of file PeerOptions.h.

◆ caFiles

std::list<SBuf> Security::PeerOptions::caFiles

Definition at line 106 of file PeerOptions.h.

◆ certs

std::list<Security::KeyData> Security::PeerOptions::certs

Definition at line 105 of file PeerOptions.h.

Referenced by Ssl::InitClientContext().

◆ crlFile

SBuf Security::PeerOptions::crlFile

Definition at line 82 of file PeerOptions.h.

◆ encryptTransport

bool Security::PeerOptions::encryptTransport = false

Definition at line 147 of file PeerOptions.h.

Referenced by Adaptation::Config::dumpService(), PeerPoolMgr::handleOpenedConnection(), Security::BlindPeerConnector::initialize(), netdbExchangeStart(), FwdState::secureConnectionToPeerIfNeeded(), and CachePeer::securityContext().

◆ flags

struct Security::PeerOptions::flags_ Security::PeerOptions::flags

protected

Referenced by Security::ServerOptions::ServerOptions().

◆ optsReparse

bool Security::PeerOptions::optsReparse = true

private

Definition at line 100 of file PeerOptions.h.

◆ parsedCrl

Security::CertRevokeList Security::PeerOptions::parsedCrl

Definition at line 107 of file PeerOptions.h.

◆ parsedFlags

ParsedPortFlags Security::PeerOptions::parsedFlags = 0

Definition at line 103 of file PeerOptions.h.

◆ parsedOptions

Security::ParsedOptions Security::PeerOptions::parsedOptions

private

Parsed value of sslOptions + tlsMinOptions settings. Set optsReparse=true to have this re-parsed before next use.

Definition at line 97 of file PeerOptions.h.

◆ sslCipher

SBuf Security::PeerOptions::sslCipher

Definition at line 84 of file PeerOptions.h.

Referenced by Ssl::InitClientContext().

◆ sslDomain

SBuf Security::PeerOptions::sslDomain

Definition at line 86 of file PeerOptions.h.

Referenced by Security::BlindPeerConnector::initialize().

◆ sslFlags

SBuf Security::PeerOptions::sslFlags

Definition at line 85 of file PeerOptions.h.

◆ sslOptions

SBuf Security::PeerOptions::sslOptions

Definition at line 80 of file PeerOptions.h.

◆ sslVersion

int Security::PeerOptions::sslVersion = 0

protected

Definition at line 130 of file PeerOptions.h.

◆ tlsMinOptions

SBuf Security::PeerOptions::tlsMinOptions

private

Library-specific options string generated from tlsMinVersion. Call updateTlsVersionLimits() to regenerate this string.

Definition at line 93 of file PeerOptions.h.

◆ tlsMinVersion

SBuf Security::PeerOptions::tlsMinVersion

Definition at line 88 of file PeerOptions.h.

The documentation for this class was generated from the following files:

squid/src/security/PeerOptions.h
squid/src/security/PeerOptions.cc

Classes

Public Member Functions

Public Attributes

Protected Member Functions

Protected Attributes

Private Member Functions

Private Attributes

Detailed Description

Constructor & Destructor Documentation

◆ PeerOptions() [1/3]

◆ PeerOptions() [2/3]

◆ PeerOptions() [3/3]

◆ ~PeerOptions()

Member Function Documentation

◆ clear()

◆ convertContextFromRawPtr()

◆ createBlankContext()

◆ createClientContext()

◆ dumpCfg()

◆ loadCrlFile()

◆ loadKeysFile()

◆ operator=() [1/2]

◆ operator=() [2/2]

◆ parse()

◆ parseFlags()

◆ parseOptions()

◆ updateContextCa()

◆ updateContextCrl()

◆ updateContextNpn()

◆ updateContextOptions()

◆ updateContextTrust()

◆ updateSessionOptions()

◆ updateTlsVersionLimits()

Member Data Documentation

◆ caDir

◆ caFiles

◆ certs

◆ crlFile

◆ encryptTransport

◆ flags

◆ optsReparse

◆ parsedCrl

◆ parsedFlags

◆ parsedOptions

◆ sslCipher

◆ sslDomain

◆ sslFlags

◆ sslOptions

◆ sslVersion

◆ tlsMinOptions

◆ tlsMinVersion