TLS squid.conf settings for a listening port. More...

#include <ServerOptions.h>

Inheritance diagram for Security::ServerOptions:
Collaboration diagram for Security::ServerOptions:

Public Types

typedef std::unique_ptr
< STACK_OF(X509_NAME),
Security::ServerOptions::sk_X509_NAME_free_wrapper > 
X509_NAME_STACK_Pointer
 

Public Member Functions

 sk_dtor_wrapper (sk_X509_NAME, STACK_OF(X509_NAME)*, X509_NAME_free)
 
 ServerOptions ()
 
 ServerOptions (const ServerOptions &)=default
 
ServerOptionsoperator= (const ServerOptions &)
 
 ServerOptions (ServerOptions &&o)
 
ServerOptionsoperator= (ServerOptions &&o)
 
virtual ~ServerOptions ()=default
 
virtual void parse (const char *)
 parse a TLS squid.conf option More...
 
virtual void clear ()
 reset the configuration details to default More...
 
virtual Security::ContextPointer createBlankContext () const
 generate an unset security context object More...
 
virtual void dumpCfg (Packable *, const char *pfx) const
 output squid.conf syntax with 'pfx' prefix on parameters for the stored settings More...
 
bool createStaticServerContext (AnyP::PortCfg &)
 
void createSigningContexts (AnyP::PortCfg &)
 
bool updateContextConfig (Security::ContextPointer &)
 update the given TLS security context using squid.conf settings More...
 
void updateContextEecdh (Security::ContextPointer &)
 update the context with DH, EDH, EECDH settings More...
 
void updateContextClientCa (Security::ContextPointer &)
 update the context with CA details used to verify client certificates More...
 
void updateContextSessionId (Security::ContextPointer &)
 update the context with a configured session ID (if any) More...
 
void syncCaFiles ()
 sync the various sources of CA files to be loaded More...
 
Security::ContextPointer createClientContext (bool setOptions)
 generate a security client-context from these configured options More...
 
void updateTlsVersionLimits ()
 sync the context options with tls-min-version=N configuration More...
 
void updateContextOptions (Security::ContextPointer &) const
 Setup the library specific 'options=' parameters for the given context. More...
 
void updateContextNpn (Security::ContextPointer &)
 setup the NPN extension details for the given context More...
 
void updateContextCa (Security::ContextPointer &)
 setup the CA details for the given context More...
 
void updateContextCrl (Security::ContextPointer &)
 setup the CRL details for the given context More...
 
void updateSessionOptions (Security::SessionPointer &)
 setup any library-specific options that can be set for the given session More...
 

Public Attributes

Security::ContextPointer staticContext
 TLS context to use for HTTPS accelerator or static SSL-Bump. More...
 
SBuf staticContextSessionId
 "session id context" for staticContext More...
 
bool generateHostCertificates = true
 dynamically make host cert More...
 
Security::CertPointer signingCert
 x509 certificate for signing generated certificates More...
 
Security::PrivateKeyPointer signPkey
 private key for signing generated certificates More...
 
Security::CertList certsToChain
 x509 certificates to send with the generated cert More...
 
Security::CertPointer untrustedSigningCert
 x509 certificate for signing untrusted generated certificates More...
 
Security::PrivateKeyPointer untrustedSignPkey
 private key for signing untrusted generated certificates More...
 
size_t dynamicCertMemCacheSize = 4*1024*1024
 max size of generated certificates memory cache (4 MB default) More...
 
SBuf sslOptions
 library-specific options string More...
 
SBuf caDir
 path of directory containing a set of trusted Certificate Authorities More...
 
SBuf crlFile
 path of file containing Certificate Revoke List More...
 
SBuf sslCipher
 
SBuf sslFlags
 flags defining what TLS operations Squid performs More...
 
SBuf sslDomain
 
SBuf tlsMinVersion
 version label for minimum TLS version to permit More...
 
Security::ParsedOptions parsedOptions
 parsed value of sslOptions More...
 
long parsedFlags = 0
 parsed value of sslFlags More...
 
std::list< Security::KeyDatacerts
 details from the cert= and file= config parameters More...
 
std::list< SBufcaFiles
 paths of files containing trusted Certificate Authority More...
 
Security::CertRevokeList parsedCrl
 CRL to use when verifying the remote end certificate. More...
 
bool encryptTransport = false
 whether transport encryption (TLS/SSL) is to be used on connections to the peer More...
 

Protected Member Functions

template<typename T >
Security::ContextPointer convertContextFromRawPtr (T ctx) const
 

Protected Attributes

int sslVersion = 0
 
struct
Security::PeerOptions::flags_ 
flags
 

Private Member Functions

bool loadClientCaFile ()
 
void loadDhParams ()
 

Private Attributes

SBuf clientCaFile
 name of file to load client CAs from More...
 
X509_NAME_STACK_Pointer clientCaStack
 CA certificate(s) to use when verifying client certificates. More...
 
SBuf dh
 Diffi-Helman cipher config. More...
 
SBuf dhParamsFile
 Diffi-Helman ciphers parameter file. More...
 
SBuf eecdhCurve
 Elliptic curve for ephemeral EC-based DH key exchanges. More...
 
Security::DhePointer parsedDhParams
 DH parameters for temporary/ephemeral DH key exchanges. More...
 

Detailed Description

Definition at line 19 of file ServerOptions.h.

Member Typedef Documentation

typedef std::unique_ptr<STACK_OF(X509_NAME), Security::ServerOptions::sk_X509_NAME_free_wrapper> Security::ServerOptions::X509_NAME_STACK_Pointer

Definition at line 24 of file ServerOptions.h.

Constructor & Destructor Documentation

Security::ServerOptions::ServerOptions ( )
inline
Security::ServerOptions::ServerOptions ( const ServerOptions )
default
Security::ServerOptions::ServerOptions ( ServerOptions &&  o)
inline

Definition at line 34 of file ServerOptions.h.

References operator=().

virtual Security::ServerOptions::~ServerOptions ( )
virtualdefault

Member Function Documentation

virtual void Security::ServerOptions::clear ( )
inlinevirtual

Reimplemented from Security::PeerOptions.

Definition at line 40 of file ServerOptions.h.

References ServerOptions().

template<typename T >
Security::ContextPointer Security::PeerOptions::convertContextFromRawPtr ( ctx) const
inlineprotectedinherited

Definition at line 90 of file PeerOptions.h.

References assert, debugs, and p.

Security::ContextPointer Security::ServerOptions::createBlankContext ( ) const
virtual

Reimplemented from Security::PeerOptions.

Definition at line 159 of file ServerOptions.cc.

References DBG_CRITICAL, debugs, Security::ErrorString(), and Ssl::Initialize().

Referenced by Ssl::createSSLContext().

Security::ContextPointer Security::PeerOptions::createClientContext ( bool  setOptions)
inherited

Definition at line 279 of file PeerOptions.cc.

References Ssl::InitClientContext().

Referenced by configDoConfigure().

void Security::ServerOptions::createSigningContexts ( AnyP::PortCfg port)

initialize contexts for signing dynamic TLS certificates (if needed) the resulting context is stored in signingCert, signPKey, untrustedSigningCert, untrustedSignPKey

Definition at line 212 of file ServerOptions.cc.

References buf, SBuf::c_str(), Security::KeyData::certFile, DBG_IMPORTANT, debugs, fatalf(), Ssl::generateUntrustedCert(), keys, Security::KeyData::privateKeyFile, AnyP::ProtocolVersion::protocol, AnyP::ProtocolType_str, Ssl::readCertChainAndPrivateKeyFromFiles(), AnyP::PortCfg::s, Ip::Address::toUrl(), and AnyP::PortCfg::transport.

bool Security::ServerOptions::createStaticServerContext ( AnyP::PortCfg port)

generate a security server-context from these configured options the resulting context is stored in staticContext

Returns
true if a context could be created

Definition at line 193 of file ServerOptions.cc.

References Ssl::InitServerContext().

void Security::ServerOptions::dumpCfg ( Packable p,
const char *  pfx 
) const
virtual
bool Security::ServerOptions::loadClientCaFile ( )
private

load clientca= file (if any) into memory.

Return values
trueclientca is not set, or loaded successfully
falseunable to load the file, or not using OpenSSL

Definition at line 264 of file ServerOptions.cc.

References DBG_CRITICAL, and debugs.

void Security::ServerOptions::loadDhParams ( )
private

Definition at line 281 of file ServerOptions.cc.

References DBG_IMPORTANT, debugs, and NULL.

ServerOptions& Security::ServerOptions::operator= ( ServerOptions &&  o)
inline

Definition at line 35 of file ServerOptions.h.

References operator=().

void Security::ServerOptions::parse ( const char *  token)
virtual
Security::ServerOptions::sk_dtor_wrapper ( sk_X509_NAME  ,
STACK_OF(X509_NAME)*  ,
X509_NAME_free   
)
void Security::ServerOptions::syncCaFiles ( )

Definition at line 249 of file ServerOptions.cc.

void Security::PeerOptions::updateContextCa ( Security::ContextPointer ctx)
inherited

Definition at line 649 of file PeerOptions.cc.

References DBG_IMPORTANT, debugs, Security::ErrorString(), i, and loadSystemTrustedCa().

void Security::ServerOptions::updateContextClientCa ( Security::ContextPointer ctx)
void Security::PeerOptions::updateContextCrl ( Security::ContextPointer ctx)
inherited

Definition at line 685 of file PeerOptions.cc.

References debugs, i, SSL_FLAG_VERIFY_CRL, and SSL_FLAG_VERIFY_CRL_ALL.

void Security::ServerOptions::updateContextEecdh ( Security::ContextPointer ctx)

Definition at line 384 of file ServerOptions.cc.

References DBG_CRITICAL, debugs, and Security::ErrorString().

void Security::PeerOptions::updateContextNpn ( Security::ContextPointer ctx)
inherited

Definition at line 618 of file PeerOptions.cc.

void Security::PeerOptions::updateContextOptions ( Security::ContextPointer ctx) const
inherited

Definition at line 597 of file PeerOptions.cc.

void Security::ServerOptions::updateContextSessionId ( Security::ContextPointer ctx)

Definition at line 425 of file ServerOptions.cc.

void Security::PeerOptions::updateSessionOptions ( Security::SessionPointer s)
inherited

Definition at line 710 of file PeerOptions.cc.

References DBG_IMPORTANT, debugs, and Security::ErrorString().

Referenced by CreateSession().

void Security::PeerOptions::updateTlsVersionLimits ( )
inherited

Member Data Documentation

SBuf Security::PeerOptions::caDir
inherited

Definition at line 72 of file PeerOptions.h.

std::list<SBuf> Security::PeerOptions::caFiles
inherited

Definition at line 85 of file PeerOptions.h.

std::list<Security::KeyData> Security::PeerOptions::certs
inherited

Definition at line 84 of file PeerOptions.h.

Referenced by Ssl::InitClientContext(), and Ssl::InitServerContext().

Security::CertList Security::ServerOptions::certsToChain
SBuf Security::ServerOptions::clientCaFile
private

Definition at line 89 of file ServerOptions.h.

Referenced by operator=().

X509_NAME_STACK_Pointer Security::ServerOptions::clientCaStack
private

Definition at line 92 of file ServerOptions.h.

Referenced by operator=().

SBuf Security::PeerOptions::crlFile
inherited

Definition at line 73 of file PeerOptions.h.

SBuf Security::ServerOptions::dh
private

Definition at line 97 of file ServerOptions.h.

Referenced by operator=().

SBuf Security::ServerOptions::dhParamsFile
private

Definition at line 98 of file ServerOptions.h.

Referenced by operator=().

size_t Security::ServerOptions::dynamicCertMemCacheSize = 4*1024*1024

Definition at line 82 of file ServerOptions.h.

Referenced by operator=().

SBuf Security::ServerOptions::eecdhCurve
private

Definition at line 99 of file ServerOptions.h.

Referenced by operator=().

bool Security::PeerOptions::encryptTransport = false
inherited
struct Security::PeerOptions::flags_ Security::PeerOptions::flags
protectedinherited

Referenced by ServerOptions().

bool Security::ServerOptions::generateHostCertificates = true

Definition at line 73 of file ServerOptions.h.

Referenced by operator=().

Security::CertRevokeList Security::PeerOptions::parsedCrl
inherited

Definition at line 86 of file PeerOptions.h.

Security::DhePointer Security::ServerOptions::parsedDhParams
private

Definition at line 101 of file ServerOptions.h.

Referenced by operator=().

long Security::PeerOptions::parsedFlags = 0
inherited

Definition at line 82 of file PeerOptions.h.

Security::ParsedOptions Security::PeerOptions::parsedOptions
inherited

Definition at line 81 of file PeerOptions.h.

Referenced by Ssl::PeekingPeerConnector::initialize().

Security::CertPointer Security::ServerOptions::signingCert
Security::PrivateKeyPointer Security::ServerOptions::signPkey

Definition at line 76 of file ServerOptions.h.

Referenced by Ssl::InitServerContext(), and operator=().

SBuf Security::PeerOptions::sslCipher
inherited

Definition at line 75 of file PeerOptions.h.

Referenced by Ssl::InitClientContext().

SBuf Security::PeerOptions::sslDomain
inherited

Definition at line 77 of file PeerOptions.h.

SBuf Security::PeerOptions::sslFlags
inherited

Definition at line 76 of file PeerOptions.h.

SBuf Security::PeerOptions::sslOptions
inherited

Definition at line 71 of file PeerOptions.h.

int Security::PeerOptions::sslVersion = 0
protectedinherited

Definition at line 107 of file PeerOptions.h.

Security::ContextPointer Security::ServerOptions::staticContext

Definition at line 70 of file ServerOptions.h.

SBuf Security::ServerOptions::staticContextSessionId

Definition at line 71 of file ServerOptions.h.

Referenced by operator=().

SBuf Security::PeerOptions::tlsMinVersion
inherited

Definition at line 79 of file PeerOptions.h.

Security::CertPointer Security::ServerOptions::untrustedSigningCert

Definition at line 78 of file ServerOptions.h.

Referenced by operator=().

Security::PrivateKeyPointer Security::ServerOptions::untrustedSignPkey

Definition at line 79 of file ServerOptions.h.

Referenced by operator=().


The documentation for this class was generated from the following files:

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors