[thirdparty/squid.git] / src / anyp / PortCfg.h

/*
 * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

#ifndef SQUID_ANYP_PORTCFG_H
#define SQUID_ANYP_PORTCFG_H

#include "anyp/forward.h"
#include "anyp/ProtocolVersion.h"
#include "anyp/TrafficMode.h"
#include "comm/Connection.h"

#if USE_OPENSSL
#include "ssl/gadgets.h"
#endif

namespace AnyP
{

class PortCfg : public RefCountable
{
public:
    PortCfg();
    ~PortCfg();
    AnyP::PortCfgPointer clone() const;
#if USE_OPENSSL
    /// creates, configures, and validates SSL context and related port options
    void configureSslServerContext();
#endif

    PortCfgPointer next;

    Ip::Address s;
    AnyP::ProtocolVersion transport; ///< transport protocol and version received by this port
    char *name;                /* visible name */
    char *defaultsite;         /* default web site */

    TrafficMode flags;  ///< flags indicating what type of traffic to expect via this port.

    bool allow_direct;       ///< Allow direct forwarding in accelerator mode
    bool vhost;              ///< uses host header
    bool actAsOrigin;        ///< update replies to conform with RFC 2616
    bool ignore_cc;          ///< Ignore request Cache-Control directives

    bool connection_auth_disabled; ///< Don't support connection oriented auth

    bool ftp_track_dirs; ///< whether transactions should track FTP directories

    int vport;               ///< virtual port support. -1 if dynamic, >0 static
    int disable_pmtu_discovery;

    struct {
        unsigned int idle;
        unsigned int interval;
        unsigned int timeout;
        bool enabled;
    } tcp_keepalive;

    /**
     * The listening socket details.
     * If Comm::ConnIsOpen() we are actively listening for client requests.
     * use listenConn->close() to stop.
     */
    Comm::ConnectionPointer listenConn;

#if USE_OPENSSL
    char *cert;
    char *key;
    int version;
    char *cipher;
    char *options;
    char *clientca;
    char *cafile;
    char *capath;
    char *crlfile;
    char *dhfile;
    char *sslflags;
    char *sslContextSessionId; ///< "session id context" for staticSslContext
    bool generateHostCertificates; ///< dynamically make host cert for sslBump
    size_t dynamicCertMemCacheSize; ///< max size of generated certificates memory cache

    Ssl::SSL_CTX_Pointer staticSslContext; ///< for HTTPS accelerator or static sslBump
    Ssl::X509_Pointer signingCert; ///< x509 certificate for signing generated certificates
    Ssl::EVP_PKEY_Pointer signPkey; ///< private key for sighing generated certificates
    Ssl::X509_STACK_Pointer certsToChain; ///<  x509 certificates to send with the generated cert
    Ssl::X509_Pointer untrustedSigningCert; ///< x509 certificate for signing untrusted generated certificates
    Ssl::EVP_PKEY_Pointer untrustedSignPkey; ///< private key for signing untrusted generated certificates

    Ssl::X509_CRL_STACK_Pointer clientVerifyCrls; ///< additional CRL lists to use when verifying the client certificate
    Ssl::X509_NAME_STACK_Pointer clientCA; ///< CA certificates to use when verifying client certificates
    Ssl::DH_Pointer dhParams; ///< DH parameters for temporary/ephemeral DH key exchanges
    Ssl::ContextMethod contextMethod; ///< The context method (SSL_METHOD) to use when creating certificates
    long sslContextFlags; ///< flags modifying the use of SSL
    long sslOptions; ///< SSL engine options
#endif
};

} // namespace AnyP

/// list of Squid http_port configured
extern AnyP::PortCfgPointer HttpPortList;

#if USE_OPENSSL
/// list of Squid https_port configured
extern AnyP::PortCfgPointer HttpsPortList;
#endif

/// list of Squid ftp_port configured
extern AnyP::PortCfgPointer FtpPortList;

#if !defined(MAXTCPLISTENPORTS)
// Max number of TCP listening ports
#define MAXTCPLISTENPORTS 128
#endif

// TODO: kill this global array. Need to check performance of array vs list though.
extern int NHttpSockets;
extern int HttpSockets[MAXTCPLISTENPORTS];

#endif /* SQUID_ANYP_PORTCFG_H */
Commit	Line	Data
bbc27441 AJ	1	/*
	2	* Copyright (C) 1996-2014 The Squid Software Foundation and contributors
	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
	7	*/
	8
65d448bc AJ	9	#ifndef SQUID_ANYP_PORTCFG_H
65d448bc AJ	10	#define SQUID_ANYP_PORTCFG_H
1b26be8f	11
9082b58f	12	#include "anyp/forward.h"
eb6ac808	13	#include "anyp/ProtocolVersion.h"
6a25a046	14	#include "anyp/TrafficMode.h"
00406b24	15	#include "comm/Connection.h"
1b26be8f	16
cb4f4424	17	#if USE_OPENSSL
95d2589c CT	18	#include "ssl/gadgets.h"
	19	#endif
	20
65d448bc AJ	21	namespace AnyP
	22	{
	23
fa720bfb	24	class PortCfg : public RefCountable
5fed1735 AJ	25	{
5fed1735 AJ	26	public:
eb6ac808	27	PortCfg();
65d448bc	28	~PortCfg();
fa720bfb	29	AnyP::PortCfgPointer clone() const;
cb4f4424	30	#if USE_OPENSSL
7a957a93	31	/// creates, configures, and validates SSL context and related port options
f4e4d4d6 CT	32	void configureSslServerContext();
f4e4d4d6 CT	33	#endif
1b26be8f	34
fa720bfb	35	PortCfgPointer next;
1b26be8f	36
b7ac5457	37	Ip::Address s;
eb6ac808	38	AnyP::ProtocolVersion transport; ///< transport protocol and version received by this port
1b26be8f	39	char name; / visible name */
	40	char defaultsite; / default web site */
	41
6a25a046 FC	42	TrafficMode flags; ///< flags indicating what type of traffic to expect via this port.
6a25a046 FC	43
86ab7a90 FC	44	bool allow_direct; ///< Allow direct forwarding in accelerator mode
	45	bool vhost; ///< uses host header
	46	bool actAsOrigin; ///< update replies to conform with RFC 2616
	47	bool ignore_cc; ///< Ignore request Cache-Control directives
1b26be8f	48
86ab7a90 FC	49	bool connection_auth_disabled; ///< Don't support connection oriented auth
86ab7a90 FC	50
e7ce227f AR	51	bool ftp_track_dirs; ///< whether transactions should track FTP directories
e7ce227f AR	52
86ab7a90	53	int vport; ///< virtual port support. -1 if dynamic, >0 static
1b26be8f	54	int disable_pmtu_discovery;
f1e0717c	55
1b26be8f	56	struct {
26ac0430 AJ	57	unsigned int idle;
	58	unsigned int interval;
	59	unsigned int timeout;
86ab7a90	60	bool enabled;
1b26be8f	61	} tcp_keepalive;
1b26be8f	62
04f55905	63	/**
8bbb16e3 AJ	64	* The listening socket details.
	65	* If Comm::ConnIsOpen() we are actively listening for client requests.
	66	* use listenConn->close() to stop.
04f55905	67	*/
8bbb16e3	68	Comm::ConnectionPointer listenConn;
04f55905	69
cb4f4424	70	#if USE_OPENSSL
1b26be8f	71	char *cert;
	72	char *key;
	73	int version;
	74	char *cipher;
	75	char *options;
	76	char *clientca;
	77	char *cafile;
	78	char *capath;
	79	char *crlfile;
	80	char *dhfile;
	81	char *sslflags;
95d2589c CT	82	char *sslContextSessionId; ///< "session id context" for staticSslContext
	83	bool generateHostCertificates; ///< dynamically make host cert for sslBump
	84	size_t dynamicCertMemCacheSize; ///< max size of generated certificates memory cache
	85
	86	Ssl::SSL_CTX_Pointer staticSslContext; ///< for HTTPS accelerator or static sslBump
	87	Ssl::X509_Pointer signingCert; ///< x509 certificate for signing generated certificates
	88	Ssl::EVP_PKEY_Pointer signPkey; ///< private key for sighing generated certificates
a594dbfa	89	Ssl::X509_STACK_Pointer certsToChain; ///< x509 certificates to send with the generated cert
95588170 CT	90	Ssl::X509_Pointer untrustedSigningCert; ///< x509 certificate for signing untrusted generated certificates
95588170 CT	91	Ssl::EVP_PKEY_Pointer untrustedSignPkey; ///< private key for signing untrusted generated certificates
86660d64 CT	92
	93	Ssl::X509_CRL_STACK_Pointer clientVerifyCrls; ///< additional CRL lists to use when verifying the client certificate
	94	Ssl::X509_NAME_STACK_Pointer clientCA; ///< CA certificates to use when verifying client certificates
	95	Ssl::DH_Pointer dhParams; ///< DH parameters for temporary/ephemeral DH key exchanges
	96	Ssl::ContextMethod contextMethod; ///< The context method (SSL_METHOD) to use when creating certificates
	97	long sslContextFlags; ///< flags modifying the use of SSL
	98	long sslOptions; ///< SSL engine options
1b26be8f	99	#endif
1b26be8f	100	};
1b26be8f	101
65d448bc AJ	102	} // namespace AnyP
65d448bc AJ	103
fa720bfb AJ	104	/// list of Squid http_port configured
	105	extern AnyP::PortCfgPointer HttpPortList;
	106
	107	#if USE_OPENSSL
	108	/// list of Squid https_port configured
	109	extern AnyP::PortCfgPointer HttpsPortList;
	110	#endif
	111
8ea0d847 AR	112	/// list of Squid ftp_port configured
	113	extern AnyP::PortCfgPointer FtpPortList;
	114
29fd5407	115	#if !defined(MAXTCPLISTENPORTS)
65d448bc AJ	116	// Max number of TCP listening ports
65d448bc AJ	117	#define MAXTCPLISTENPORTS 128
29fd5407	118	#endif
65d448bc AJ	119
	120	// TODO: kill this global array. Need to check performance of array vs list though.
	121	extern int NHttpSockets;
	122	extern int HttpSockets[MAXTCPLISTENPORTS];
	123
	124	#endif /* SQUID_ANYP_PORTCFG_H */
f53969cc	125