]>
Commit | Line | Data |
---|---|---|
bbc27441 | 1 | /* |
4ac4a490 | 2 | * Copyright (C) 1996-2017 The Squid Software Foundation and contributors |
bbc27441 AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
65d448bc AJ |
9 | #ifndef SQUID_ANYP_PORTCFG_H |
10 | #define SQUID_ANYP_PORTCFG_H | |
1b26be8f | 11 | |
9082b58f | 12 | #include "anyp/forward.h" |
eb6ac808 | 13 | #include "anyp/ProtocolVersion.h" |
6a25a046 | 14 | #include "anyp/TrafficMode.h" |
00406b24 | 15 | #include "comm/Connection.h" |
65e41a45 | 16 | #include "sbuf/SBuf.h" |
474f076e | 17 | #include "security/ServerOptions.h" |
1b26be8f | 18 | |
cb4f4424 | 19 | #if USE_OPENSSL |
95d2589c CT |
20 | #include "ssl/gadgets.h" |
21 | #endif | |
22 | ||
65d448bc AJ |
23 | namespace AnyP |
24 | { | |
25 | ||
fa720bfb | 26 | class PortCfg : public RefCountable |
5fed1735 AJ |
27 | { |
28 | public: | |
eb6ac808 | 29 | PortCfg(); |
65d448bc | 30 | ~PortCfg(); |
fa720bfb | 31 | AnyP::PortCfgPointer clone() const; |
cb4f4424 | 32 | #if USE_OPENSSL |
7a957a93 | 33 | /// creates, configures, and validates SSL context and related port options |
f4e4d4d6 CT |
34 | void configureSslServerContext(); |
35 | #endif | |
1b26be8f | 36 | |
fa720bfb | 37 | PortCfgPointer next; |
1b26be8f | 38 | |
b7ac5457 | 39 | Ip::Address s; |
eb6ac808 | 40 | AnyP::ProtocolVersion transport; ///< transport protocol and version received by this port |
1b26be8f | 41 | char *name; /* visible name */ |
42 | char *defaultsite; /* default web site */ | |
43 | ||
6a25a046 FC |
44 | TrafficMode flags; ///< flags indicating what type of traffic to expect via this port. |
45 | ||
86ab7a90 FC |
46 | bool allow_direct; ///< Allow direct forwarding in accelerator mode |
47 | bool vhost; ///< uses host header | |
48 | bool actAsOrigin; ///< update replies to conform with RFC 2616 | |
49 | bool ignore_cc; ///< Ignore request Cache-Control directives | |
1b26be8f | 50 | |
86ab7a90 FC |
51 | bool connection_auth_disabled; ///< Don't support connection oriented auth |
52 | ||
e7ce227f AR |
53 | bool ftp_track_dirs; ///< whether transactions should track FTP directories |
54 | ||
86ab7a90 | 55 | int vport; ///< virtual port support. -1 if dynamic, >0 static |
1b26be8f | 56 | int disable_pmtu_discovery; |
f1e0717c | 57 | |
1b26be8f | 58 | struct { |
26ac0430 AJ |
59 | unsigned int idle; |
60 | unsigned int interval; | |
61 | unsigned int timeout; | |
86ab7a90 | 62 | bool enabled; |
1b26be8f | 63 | } tcp_keepalive; |
64 | ||
04f55905 | 65 | /** |
8bbb16e3 AJ |
66 | * The listening socket details. |
67 | * If Comm::ConnIsOpen() we are actively listening for client requests. | |
68 | * use listenConn->close() to stop. | |
04f55905 | 69 | */ |
8bbb16e3 | 70 | Comm::ConnectionPointer listenConn; |
04f55905 | 71 | |
9a622f3e | 72 | /// TLS configuration options for this listening port |
474f076e | 73 | Security::ServerOptions secure; |
9a622f3e | 74 | |
cb4f4424 | 75 | #if USE_OPENSSL |
1b26be8f | 76 | char *clientca; |
80b5995a | 77 | char *sslContextSessionId; ///< "session id context" for secure.staticSslContext |
95d2589c CT |
78 | bool generateHostCertificates; ///< dynamically make host cert for sslBump |
79 | size_t dynamicCertMemCacheSize; ///< max size of generated certificates memory cache | |
80 | ||
f97700a0 | 81 | Security::CertPointer signingCert; ///< x509 certificate for signing generated certificates |
95d2589c | 82 | Ssl::EVP_PKEY_Pointer signPkey; ///< private key for sighing generated certificates |
a594dbfa | 83 | Ssl::X509_STACK_Pointer certsToChain; ///< x509 certificates to send with the generated cert |
f97700a0 | 84 | Security::CertPointer untrustedSigningCert; ///< x509 certificate for signing untrusted generated certificates |
95588170 | 85 | Ssl::EVP_PKEY_Pointer untrustedSignPkey; ///< private key for signing untrusted generated certificates |
86660d64 | 86 | |
86660d64 | 87 | Ssl::X509_NAME_STACK_Pointer clientCA; ///< CA certificates to use when verifying client certificates |
1b26be8f | 88 | #endif |
1b26be8f | 89 | }; |
90 | ||
65d448bc AJ |
91 | } // namespace AnyP |
92 | ||
339e4d7a | 93 | /// list of Squid http(s)_port configured |
fa720bfb AJ |
94 | extern AnyP::PortCfgPointer HttpPortList; |
95 | ||
8ea0d847 AR |
96 | /// list of Squid ftp_port configured |
97 | extern AnyP::PortCfgPointer FtpPortList; | |
98 | ||
29fd5407 | 99 | #if !defined(MAXTCPLISTENPORTS) |
65d448bc AJ |
100 | // Max number of TCP listening ports |
101 | #define MAXTCPLISTENPORTS 128 | |
29fd5407 | 102 | #endif |
65d448bc AJ |
103 | |
104 | // TODO: kill this global array. Need to check performance of array vs list though. | |
105 | extern int NHttpSockets; | |
106 | extern int HttpSockets[MAXTCPLISTENPORTS]; | |
107 | ||
108 | #endif /* SQUID_ANYP_PORTCFG_H */ | |
f53969cc | 109 |