Security Namespace Reference

Network/connection security abstraction layer.

Namespaces

 Io
 

Classes

class  BlindPeerConnector
 A simple PeerConnector for SSL/TLS cache_peers. No SslBump capabilities. More...
 
class  CertError
 
class  EncryptorAnswer
 
class  TLSPlaintext
 TLS Record Layer's frame from RFC 5246 Section 6.2.1. More...
 
class  Sslv2Record
 draft-hickman-netscape-ssl-00. Section 4.1. SSL Record Header Format More...
 
class  Handshake
 TLS Handshake Protocol frame from RFC 5246 Section 7.4. More...
 
class  Alert
 TLS Alert protocol frame from RFC 5246 Section 7.2. More...
 
class  Extension
 TLS Hello Extension from RFC 5246 Section 7.4.1.4. More...
 
class  TlsDetails
 
class  HandshakeParser
 Incremental TLS/SSL Handshake parser. More...
 
class  KeyData
 TLS certificate and private key details from squid.conf. More...
 
class  LockingPointer
 
class  NegotiationHistory
 
class  PeerConnector
 
class  PeerOptions
 TLS squid.conf settings for a remote server peer. More...
 
class  ServerOptions
 TLS squid.conf settings for a listening port. More...
 

Typedefs

typedef std::shared_ptr< SSL_CTX > ContextPointer
 
typedef CbDataList
< Security::CertError
CertErrors
 Holds a list of X.509 certificate errors. More...
 
typedef std::list
< Security::CrlPointer > 
CertRevokeList
 
typedef
Security::LockingPointer< DH,
DH_free_cpp, HardFun< int, DH
*, DH_up_ref > > 
DhePointer
 
typedef int ErrorCode
 Squid defined error code (<0), an error code returned by X.509 API, or SSL_ERROR_NONE. More...
 
typedef std::unordered_set
< Security::ErrorCode
Errors
 
typedef long ParsedOptions
 
typedef std::unordered_set
< Extension::Type
Extensions
 Extension types optimized for fast lookups. More...
 
typedef HardFun< bool, const
void *, nilFunction
NilFunctor
 
typedef std::shared_ptr< SSL > SessionPointer
 
typedef std::unique_ptr
< SSL_SESSION, HardFun< void,
SSL_SESSION
*,&SSL_SESSION_free > > 
SessionStatePointer
 

Enumerations

enum  ContentType {
  ctChangeCipherSpec = 20,
  ctAlert = 21,
  ctHandshake = 22,
  ctApplicationData = 23
}
 TLS Record Layer's content types from RFC 5246 Section 6.2.1. More...
 
enum  HandshakeType {
  hskClientHello = 1,
  hskServerHello = 2,
  hskCertificate = 11,
  hskServerHelloDone = 14
}
 TLS Handshake protocol's handshake types from RFC 5246 Section 7.4. More...
 

Functions

std::ostream & operator<< (std::ostream &, const Security::EncryptorAnswer &)
 
 CtoCpp1 (DH_free, DH *)
 
const char * ErrorString (const ErrorCode code)
 
static Extensions SupportedExtensions ()
 A helper function to create a set of all supported TLS extensions. More...
 
std::ostream & operator<< (std::ostream &os, Security::TlsDetails const &details)
 
bool nilFunction (const void *)
 
bool CreateClientSession (const Security::ContextPointer &, const Comm::ConnectionPointer &, const char *squidCtx)
 
bool CreateServerSession (const Security::ContextPointer &, const Comm::ConnectionPointer &, const char *squidCtx)
 
void SessionSendGoodbye (const Security::SessionPointer &)
 send the shutdown/bye notice for an active TLS session. More...
 
bool SessionIsResumed (const Security::SessionPointer &)
 whether the session is a resumed one More...
 
void MaybeGetSessionResumeData (const Security::SessionPointer &, Security::SessionStatePointer &data)
 
void SetSessionResumeData (const Security::SessionPointer &, const Security::SessionStatePointer &)
 
void SetSessionCacheCallbacks (Security::ContextPointer &)
 Setup the given TLS context with callbacks used to manage the session cache. More...
 
Security::ContextPointer GetFrom (Security::SessionPointer &s)
 Helper function to retrieve a (non-locked) ContextPointer from a SessionPointer. More...
 
Security::SessionPointer NewSessionObject (const Security::ContextPointer &)
 

Variables

CtoCpp1(X509_free, X509
*) typedef Security CtoCpp1(X509_CRL_free,
X509_CRL *) typedef Security
typedef std::list
< Security::CertPointer 
CertList )
 
static const uint64_t HelloRandomSize = 32
 The size of the TLS Random structure from RFC 5246 Section 7.4.1.2. More...
 
PeerOptions ProxyOutgoingConfig
 configuration options for DIRECT server access More...
 

Typedef Documentation

Definition at line 81 of file forward.h.

typedef std::list<Security::CrlPointer> Security::CertRevokeList

Definition at line 107 of file forward.h.

typedef std::shared_ptr<SSL_CTX> Security::ContextPointer

Definition at line 28 of file Context.h.

typedef Security::LockingPointer<DH, DH_free_cpp, HardFun<int, DH *, DH_up_ref> > Security::DhePointer

Definition at line 111 of file forward.h.

Definition at line 116 of file forward.h.

typedef std::unordered_set<Security::ErrorCode> Security::Errors

set of Squid defined TLS error codes

Note
using std::unordered_set ensures values are unique, with fast lookup

Definition at line 133 of file forward.h.

typedef std::unordered_set<Extension::Type> Security::Extensions

Definition at line 104 of file Handshake.cc.

typedef HardFun<bool, const void *, nilFunction> Security::NilFunctor

Definition at line 40 of file LockingPointer.h.

Definition at line 154 of file forward.h.

typedef std::shared_ptr<SSL> Security::SessionPointer

Definition at line 41 of file Session.h.

typedef std::unique_ptr<SSL_SESSION, HardFun<void, SSL_SESSION*, &SSL_SESSION_free> > Security::SessionStatePointer

Definition at line 43 of file Session.h.

Enumeration Type Documentation

Enumerator
ctChangeCipherSpec 
ctAlert 
ctHandshake 
ctApplicationData 

Definition at line 28 of file Handshake.cc.

Enumerator
hskClientHello 
hskServerHello 
hskCertificate 
hskServerHelloDone 

Definition at line 56 of file Handshake.cc.

Function Documentation

bool Security::CreateClientSession ( const Security::ContextPointer ctx,
const Comm::ConnectionPointer c,
const char *  squidCtx 
)

Creates TLS Client connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO). On errors, emits DBG_IMPORTANT with details and returns false.

Definition at line 185 of file Session.cc.

References Security::Io::BIO_TO_SERVER, and CreateSession().

Referenced by Security::PeerConnector::initialize().

bool Security::CreateServerSession ( const Security::ContextPointer ctx,
const Comm::ConnectionPointer c,
const char *  squidCtx 
)

Creates TLS Server connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO). On errors, emits DBG_IMPORTANT with details and returns false.

Definition at line 191 of file Session.cc.

References Security::Io::BIO_TO_CLIENT, and CreateSession().

Referenced by httpsCreate().

Security::CtoCpp1 ( DH_free  ,
DH *   
)
Security::ContextPointer Security::GetFrom ( Security::SessionPointer s)
inline
void Security::MaybeGetSessionResumeData ( const Security::SessionPointer s,
Security::SessionStatePointer data 
)

When the session is not a resumed session, retrieve the details needed to resume a later connection and store them in 'data'. This may result in 'data' becoming a nil Pointer if no details exist or an error occurs.

When the session is already a resumed session, do nothing and leave 'data' unhanged. XXX: is this latter behaviour always correct?

Definition at line 223 of file Session.cc.

References debugs, ErrorString(), and SessionIsResumed().

Referenced by Security::BlindPeerConnector::noteNegotiationDone(), and Ssl::IcapPeerConnector::noteNegotiationDone().

Security::SessionPointer Security::NewSessionObject ( const Security::ContextPointer ctx)
Deprecated:
use the PeerOptions/ServerOptions API methods instead. Wraps SessionPointer value creation to reduce risk of a nasty hack in ssl/support.cc.

Definition at line 97 of file Session.cc.

References debugs, and p.

Referenced by CreateSession(), and Ssl::verifySslCertificate().

bool Security::nilFunction ( const void *  )
inline

Definition at line 39 of file LockingPointer.h.

std::ostream & Security::operator<< ( std::ostream &  os,
const Security::EncryptorAnswer answer 
)
std::ostream& Security::operator<< ( std::ostream &  os,
Security::TlsDetails const &  details 
)
inline

Definition at line 50 of file Handshake.h.

References Security::TlsDetails::print().

bool Security::SessionIsResumed ( const Security::SessionPointer s)

Definition at line 210 of file Session.cc.

References debugs.

Referenced by clientNegotiateSSL(), and MaybeGetSessionResumeData().

void Security::SessionSendGoodbye ( const Security::SessionPointer s)

Definition at line 197 of file Session.cc.

References debugs.

Referenced by commStartTlsClose().

void Security::SetSessionCacheCallbacks ( Security::ContextPointer ctx)
void Security::SetSessionResumeData ( const Security::SessionPointer s,
const Security::SessionStatePointer data 
)

Set the data for resuming a previous session. Needs to be done before using the SessionPointer for a handshake.

Definition at line 244 of file Session.cc.

References DBG_CRITICAL, debugs, and ErrorString().

Referenced by Security::BlindPeerConnector::initialize(), and Ssl::IcapPeerConnector::initialize().

static Security::Extensions Security::SupportedExtensions ( )
static

Definition at line 582 of file Handshake.cc.

Referenced by Security::Extension::supported().

Variable Documentation

CtoCpp1 (X509_free, X509 *) typedef Security CtoCpp1 (X509_CRL_free, X509_CRL *) typedef Security typedef std::list<Security::CertPointer Security::CertList)
const uint64_t Security::HelloRandomSize = 32
static
Security::PeerOptions Security::ProxyOutgoingConfig

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors