Ssl::VerifyCallbackParameters Class Reference

#include <support.h>

Static Public Member Functions
static VerifyCallbackParameters *	New (Security::Connection &)
static VerifyCallbackParameters &	At (Security::Connection &)
static VerifyCallbackParameters *	Find (Security::Connection &)

Public Attributes
bool	callerHandlesMissingCertificates = false
bool	hidMissingIssuer = false

Detailed Description

OpenSSL "verify_callback function" input/output parameters. This information cannot be passed through the verification API directly, so it is aggregated in this class and exchanged via ssl_ex_index_verify_callback_parameters. For OpenSSL validation callback details, see OpenSSL_vcb_disambiguation.

Definition at line 363 of file support.h.

Member Function Documentation

At()

Ssl::VerifyCallbackParameters & Ssl::VerifyCallbackParameters::At ( Security::Connection &  sconn )

static

Returns

the VerifyCallbackParameters object previously attached via New()

Definition at line 647 of file support.cc.

References Must.

Referenced by Security::PeerConnector::handleMissingCertificates(), and Security::PeerConnector::negotiate().

Find()

Ssl::VerifyCallbackParameters * Ssl::VerifyCallbackParameters::Find ( Security::Connection &  sconn )

static

Returns

the VerifyCallbackParameters object previously attached via New() or nil

Definition at line 629 of file support.cc.

References ssl_ex_index_verify_callback_parameters.

Referenced by ssl_verify_cb().

New()

Ssl::VerifyCallbackParameters * Ssl::VerifyCallbackParameters::New ( Security::Connection &  sconn )

static

creates a VerifyCallbackParameters object and adds it to the given TLS connection

Returns

the successfully created and added object

Definition at line 635 of file support.cc.

References Here, Must, and ssl_ex_index_verify_callback_parameters.

Referenced by Security::PeerConnector::initialize().

Member Data Documentation

callerHandlesMissingCertificates

bool Ssl::VerifyCallbackParameters::callerHandlesMissingCertificates = false

whether X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY should be cleared (after setting hidMissingIssuer) because the validation initiator wants to get the missing certificates and redo the validation with them

Definition at line 380 of file support.h.

Referenced by Security::PeerConnector::handleMissingCertificates().

hidMissingIssuer

bool Ssl::VerifyCallbackParameters::hidMissingIssuer = false

whether certificate validation has failed due to missing certificate(s) (i.e. X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY), but the failure was cleared/hidden due to true callerHandlesMissingCertificates setting; the certificate chain has to be deemed untrusted until revalidation (if any)

Definition at line 388 of file support.h.

---

The documentation for this class was generated from the following files:

• squid/src/ssl/support.h
• squid/src/ssl/support.cc