]>
Commit | Line | Data |
---|---|---|
8578e64a | 1 | /* |
f70aedc4 | 2 | * Copyright (C) 1996-2021 The Squid Software Foundation and contributors |
bbc27441 AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
8578e64a AR |
7 | */ |
8 | ||
9 | #include "squid.h" | |
10 | ||
cb4f4424 | 11 | #if USE_OPENSSL |
8578e64a | 12 | |
8578e64a | 13 | #include "acl/CertificateData.h" |
602d9612 A |
14 | #include "acl/Checklist.h" |
15 | #include "acl/ServerCertificate.h" | |
8578e64a | 16 | #include "client_side.h" |
72b12f9e | 17 | #include "fde.h" |
d3dddfb5 | 18 | #include "http/Stream.h" |
8578e64a AR |
19 | #include "ssl/ServerBump.h" |
20 | ||
8578e64a | 21 | int |
4eac3407 | 22 | ACLServerCertificateStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist) |
8578e64a | 23 | { |
9b630a18 AJ |
24 | Security::CertPointer cert; |
25 | if (checklist->serverCert) | |
26 | cert = checklist->serverCert; | |
fab3a825 CT |
27 | else if (checklist->al && Comm::IsConnOpen(checklist->al->hier.tcpServer)) { |
28 | const auto ssl = fd_table[checklist->al->hier.tcpServer->fd].ssl.get(); | |
29 | cert.resetWithoutLocking(SSL_get_peer_certificate(ssl)); | |
30 | } else if (checklist->conn() && checklist->conn()->serverBump()) | |
9b630a18 | 31 | cert = checklist->conn()->serverBump()->serverCert; |
8578e64a AR |
32 | |
33 | if (!cert) | |
34 | return 0; | |
35 | ||
9b630a18 | 36 | return data->match(cert.get()); |
8578e64a AR |
37 | } |
38 | ||
cb4f4424 | 39 | #endif /* USE_OPENSSL */ |
f53969cc | 40 |