Squid Web Cache master
Loading...
Searching...
No Matches
Classes | Namespaces | Macros | Typedefs | Enumerations | Functions | Variables
support.h File Reference
#include "anyp/forward.h"
#include "base/CbDataList.h"
#include "base/TypeTraits.h"
#include "comm/forward.h"
#include "compat/openssl.h"
#include "dns/forward.h"
#include "ip/Address.h"
#include "sbuf/SBuf.h"
#include "security/Session.h"
#include "ssl/gadgets.h"
#include <queue>
#include <map>
#include <optional>
#include <variant>
Include dependency graph for support.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

class  Ssl::GeneralNameMatcher
 an algorithm for checking/testing/comparing X.509 certificate names More...
 
class  Ssl::VerifyCallbackParameters
 

Namespaces

namespace  AnyP
 
namespace  Ipc
 
namespace  Ssl
 

Macros

#define SQUID_CERT_VALIDATION_ITERATION_MAX   16384
 

Typedefs

typedef RefCount< CertValidationResponseSsl::CertValidationResponsePointer
 
typedef char const * Ssl::GETX509ATTRIBUTE(X509 *, const char *)
 
typedef SBuf Ssl::GETX509PEM(X509 *)
 
typedef std::multimap< SBuf, X509 * > Ssl::CertsIndexedList
 certificates indexed by issuer name
 
using Ssl::GeneralName = AnyP::Host
 

Enumerations

enum  Ssl::BumpMode {
  Ssl::bumpNone = 0 , Ssl::bumpClientFirst , Ssl::bumpServerFirst , Ssl::bumpPeek ,
  Ssl::bumpStare , Ssl::bumpBump , Ssl::bumpSplice , Ssl::bumpTerminate ,
  Ssl::bumpEnd
}
 

Functions

int Ssl::AskPasswordCb (char *buf, int size, int rwflag, void *userdata)
 
void Ssl::Initialize ()
 
bool Ssl::InitServerContext (Security::ContextPointer &, AnyP::PortCfg &)
 initialize a TLS server context with OpenSSL specific settings
 
bool Ssl::InitClientContext (Security::ContextPointer &, Security::PeerOptions &, Security::ParsedPortFlags)
 initialize a TLS client context with OpenSSL specific settings
 
void Ssl::ConfigurePeerVerification (Security::ContextPointer &, const Security::ParsedPortFlags)
 set the certificate verify callback for a context
 
void Ssl::DisablePeerVerification (Security::ContextPointer &)
 
void Ssl::MaybeSetupRsaCallback (Security::ContextPointer &)
 if required, setup callback for generating ephemeral RSA keys
 
const char * sslGetUserEmail (SSL *ssl)
 
const char * sslGetUserAttribute (SSL *ssl, const char *attribute_name)
 
const char * sslGetCAAttribute (SSL *ssl, const char *attribute_name)
 
SBuf sslGetUserCertificatePEM (SSL *ssl)
 
SBuf sslGetUserCertificateChainPEM (SSL *ssl)
 
const char * Ssl::bumpMode (int bm)
 
bool Ssl::loadCerts (const char *certsFile, Ssl::CertsIndexedList &list)
 
bool Ssl::loadSquidUntrusted (const char *path)
 
void Ssl::unloadSquidUntrusted ()
 
void Ssl::SSL_add_untrusted_cert (SSL *ssl, X509 *cert)
 
const char * Ssl::findIssuerUri (X509 *cert)
 finds certificate issuer URI in the Authority Info Access extension
 
Security::CertPointer Ssl::findIssuerCertificate (X509 *cert, const STACK_OF(X509) *serverCertificates, const Security::ContextPointer &context)
 
bool Ssl::missingChainCertificatesUrls (std::queue< SBuf > &URIs, const STACK_OF(X509) &serverCertificates, const Security::ContextPointer &context)
 
bool Ssl::generateUntrustedCert (Security::CertPointer &untrustedCert, Security::PrivateKeyPointer &untrustedPkey, Security::CertPointer const &cert, Security::PrivateKeyPointer const &pkey)
 
Security::ContextPointer Ssl::GenerateSslContext (CertificateProperties const &, Security::ServerOptions &, bool trusted)
 
bool Ssl::verifySslCertificate (const Security::ContextPointer &, CertificateProperties const &)
 
Security::ContextPointer Ssl::GenerateSslContextUsingPkeyAndCertFromMemory (const char *data, Security::ServerOptions &, bool trusted)
 
Security::ContextPointer Ssl::createSSLContext (Security::CertPointer &x509, Security::PrivateKeyPointer &pkey, Security::ServerOptions &)
 Create SSL context and apply ssl certificate and private key to it.
 
void Ssl::chainCertificatesToSSLContext (Security::ContextPointer &, Security::ServerOptions &)
 
void Ssl::configureUnconfiguredSslContext (Security::ContextPointer &, Ssl::CertSignAlgorithm signAlgorithm, AnyP::PortCfg &)
 
bool Ssl::configureSSL (SSL *ssl, CertificateProperties const &properties, AnyP::PortCfg &port)
 
bool Ssl::configureSSLUsingPkeyAndCertFromMemory (SSL *ssl, const char *data, AnyP::PortCfg &port)
 
void Ssl::useSquidUntrusted (SSL_CTX *sslContext)
 
bool Ssl::HasMatchingSubjectName (X509 &, const GeneralNameMatcher &)
 
bool Ssl::HasSubjectName (X509 &, const AnyP::Host &)
 whether at least one common or alternate subject name matches the given one
 
int Ssl::asn1timeToString (ASN1_TIME *tm, char *buf, int len)
 
void Ssl::setClientSNI (SSL *ssl, const char *fqdn)
 
void Ssl::InRamCertificateDbKey (const Ssl::CertificateProperties &certProperties, SBuf &key)
 
BIO * Ssl::BIO_new_SBuf (SBuf *buf)
 
bool Ssl::VerifyConnCertificates (Security::Connection &, const Ssl::X509_STACK_Pointer &extraCerts)
 

Variables

GETX509ATTRIBUTE Ssl::GetX509UserAttribute
 
GETX509ATTRIBUTE Ssl::GetX509CAAttribute
 
GETX509PEM Ssl::GetX509PEM
 
GETX509ATTRIBUTE Ssl::GetX509Fingerprint
 
const EVP_MD * Ssl::DefaultSignHash = nullptr
 
std::vector< const char * > Ssl::BumpModeStr
 

Macro Definition Documentation

◆ SQUID_CERT_VALIDATION_ITERATION_MAX

#define SQUID_CERT_VALIDATION_ITERATION_MAX   16384

Definition at line 51 of file support.h.