[thirdparty/squid.git] / src / acl / ServerCertificate.cc

/*
 * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

#include "squid.h"

#if USE_OPENSSL

#include "acl/CertificateData.h"
#include "acl/Checklist.h"
#include "acl/ServerCertificate.h"
#include "client_side.h"
#include "fde.h"
#include "http/Stream.h"
#include "ssl/ServerBump.h"

int
ACLServerCertificateStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
    Security::CertPointer cert;
    if (checklist->serverCert)
        cert = checklist->serverCert;
    else if (checklist->al && Comm::IsConnOpen(checklist->al->hier.tcpServer)) {
        const auto ssl = fd_table[checklist->al->hier.tcpServer->fd].ssl.get();
        cert.resetWithoutLocking(SSL_get_peer_certificate(ssl));
    } else if (checklist->conn() && checklist->conn()->serverBump())
        cert = checklist->conn()->serverBump()->serverCert;

    if (!cert)
        return 0;

    return data->match(cert.get());
}

#endif /* USE_OPENSSL */
Commit	Line	Data
8578e64a	1	/*
f70aedc4	2	* Copyright (C) 1996-2021 The Squid Software Foundation and contributors
bbc27441 AJ	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
8578e64a AR	7	*/
	8
	9	#include "squid.h"
	10
cb4f4424	11	#if USE_OPENSSL
8578e64a	12
8578e64a	13	#include "acl/CertificateData.h"
602d9612 A	14	#include "acl/Checklist.h"
602d9612 A	15	#include "acl/ServerCertificate.h"
8578e64a	16	#include "client_side.h"
72b12f9e	17	#include "fde.h"
d3dddfb5	18	#include "http/Stream.h"
8578e64a AR	19	#include "ssl/ServerBump.h"
8578e64a AR	20
8578e64a	21	int
4eac3407	22	ACLServerCertificateStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
8578e64a	23	{
9b630a18 AJ	24	Security::CertPointer cert;
	25	if (checklist->serverCert)
	26	cert = checklist->serverCert;
fab3a825 CT	27	else if (checklist->al && Comm::IsConnOpen(checklist->al->hier.tcpServer)) {
	28	const auto ssl = fd_table[checklist->al->hier.tcpServer->fd].ssl.get();
	29	cert.resetWithoutLocking(SSL_get_peer_certificate(ssl));
	30	} else if (checklist->conn() && checklist->conn()->serverBump())
9b630a18	31	cert = checklist->conn()->serverBump()->serverCert;
8578e64a AR	32
	33	if (!cert)
	34	return 0;
	35
9b630a18	36	return data->match(cert.get());
8578e64a AR	37	}
8578e64a AR	38
cb4f4424	39	#endif /* USE_OPENSSL */
f53969cc	40