]>
Commit | Line | Data |
---|---|---|
0461fde7 | 1 | /* |
4ac4a490 | 2 | * Copyright (C) 1996-2017 The Squid Software Foundation and contributors |
0461fde7 AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
2bcab852 CT |
9 | #include "squid.h" |
10 | #include "MemBuf.h" | |
11 | #include "security/NegotiationHistory.h" | |
12 | #include "SquidConfig.h" | |
10f0e358 | 13 | #if USE_OPENSSL |
2bcab852 CT |
14 | #include "ssl/bio.h" |
15 | #include "ssl/support.h" | |
10f0e358 CT |
16 | #endif |
17 | ||
67c99fc6 | 18 | Security::NegotiationHistory::NegotiationHistory() |
10f0e358 | 19 | #if USE_OPENSSL |
d9219c2b | 20 | : cipher(nullptr) |
10f0e358 CT |
21 | #endif |
22 | { | |
23 | } | |
2bcab852 CT |
24 | |
25 | const char * | |
67c99fc6 | 26 | Security::NegotiationHistory::printTlsVersion(AnyP::ProtocolVersion const &v) const |
2bcab852 | 27 | { |
67c99fc6 CT |
28 | if (v.protocol != AnyP::PROTO_SSL && v.protocol != AnyP::PROTO_TLS) |
29 | return nullptr; | |
30 | ||
31 | static char buf[512]; | |
32 | snprintf(buf, sizeof(buf), "%s/%d.%d", AnyP::ProtocolType_str[v.protocol], v.major, v.minor); | |
33 | return buf; | |
34 | } | |
35 | ||
2bcab852 | 36 | #if USE_OPENSSL |
67c99fc6 CT |
37 | static AnyP::ProtocolVersion |
38 | toProtocolVersion(const int v) | |
39 | { | |
2bcab852 | 40 | switch(v) { |
d9219c2b | 41 | #if defined(TLS1_2_VERSION) |
2bcab852 | 42 | case TLS1_2_VERSION: |
67c99fc6 | 43 | return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 2); |
d9219c2b CT |
44 | #endif |
45 | #if defined(TLS1_1_VERSION) | |
2bcab852 | 46 | case TLS1_1_VERSION: |
67c99fc6 | 47 | return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 1); |
2bcab852 | 48 | #endif |
d9219c2b | 49 | #if defined(TLS1_VERSION) |
2bcab852 | 50 | case TLS1_VERSION: |
67c99fc6 | 51 | return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 0); |
d9219c2b CT |
52 | #endif |
53 | #if defined(SSL3_VERSION) | |
2bcab852 | 54 | case SSL3_VERSION: |
67c99fc6 | 55 | return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 3, 0); |
d9219c2b CT |
56 | #endif |
57 | #if defined(SSL2_VERSION) | |
2bcab852 | 58 | case SSL2_VERSION: |
67c99fc6 | 59 | return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 2, 0); |
d9219c2b | 60 | #endif |
2bcab852 | 61 | default: |
67c99fc6 | 62 | return AnyP::ProtocolVersion(); |
2bcab852 | 63 | } |
2bcab852 | 64 | } |
67c99fc6 | 65 | #endif |
2bcab852 | 66 | |
2bcab852 | 67 | void |
ad23e748 | 68 | Security::NegotiationHistory::retrieveNegotiatedInfo(const Security::SessionPointer &session) |
2bcab852 | 69 | { |
33cc0629 | 70 | #if USE_OPENSSL |
ad23e748 | 71 | if ((cipher = SSL_get_current_cipher(session.get()))) { |
2bcab852 CT |
72 | // Set the negotiated version only if the cipher negotiated |
73 | // else probably the negotiation is not completed and version | |
74 | // is not the final negotiated version | |
2a268a06 | 75 | version_ = toProtocolVersion(SSL_version(session.get())); |
2bcab852 CT |
76 | } |
77 | ||
014adac1 | 78 | if (Debug::Enabled(83, 5)) { |
ad23e748 | 79 | BIO *b = SSL_get_rbio(session.get()); |
2a268a06 | 80 | Ssl::Bio *bio = static_cast<Ssl::Bio *>(BIO_get_data(b)); |
8abcff99 CT |
81 | debugs(83, 5, "SSL connection info on FD " << bio->fd() << |
82 | " SSL version " << version_ << | |
83 | " negotiated cipher " << cipherName()); | |
84 | } | |
2bcab852 | 85 | #endif |
33cc0629 | 86 | } |
2bcab852 | 87 | |
3cae14a6 | 88 | void |
8abcff99 | 89 | Security::NegotiationHistory::retrieveParsedInfo(Security::TlsDetails::Pointer const &details) |
3cae14a6 | 90 | { |
49a4d72f AR |
91 | if (details) { |
92 | helloVersion_ = details->tlsVersion; | |
93 | supportedVersion_ = details->tlsSupportedVersion; | |
94 | } | |
3cae14a6 CT |
95 | } |
96 | ||
2bcab852 CT |
97 | const char * |
98 | Security::NegotiationHistory::cipherName() const | |
99 | { | |
100 | #if USE_OPENSSL | |
101 | if (!cipher) | |
102 | return nullptr; | |
103 | ||
104 | return SSL_CIPHER_get_name(cipher); | |
105 | #else | |
106 | return nullptr; | |
107 | #endif | |
108 | } | |
4b307ad4 | 109 |