]> git.ipfire.org Git - thirdparty/squid.git/blame - src/security/NegotiationHistory.cc
projects / thirdparty / squid.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Docs: Copyright updates for 2018 (#114)
[thirdparty/squid.git] / src / security / NegotiationHistory.cc
CommitLineData
0461fde7 1/*
5b74111a 2 * Copyright (C) 1996-2018 The Squid Software Foundation and contributors
0461fde7
AJ		 3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
2bcab852
CT		 9#include "squid.h"
10#include "MemBuf.h"
11#include "security/NegotiationHistory.h"
12#include "SquidConfig.h"
10f0e358 13#if USE_OPENSSL
2bcab852
CT		 14#include "ssl/bio.h"
15#include "ssl/support.h"
10f0e358
CT		 16#endif
17
67c99fc6 18Security::NegotiationHistory::NegotiationHistory()
10f0e358 19#if USE_OPENSSL
d9219c2b 20 : cipher(nullptr)
10f0e358
CT		 21#endif
22{
23}
2bcab852
CT		 24
25const char *
67c99fc6 26Security::NegotiationHistory::printTlsVersion(AnyP::ProtocolVersion const &v) const
2bcab852 27{
67c99fc6
CT		 28 if (v.protocol != AnyP::PROTO_SSL && v.protocol != AnyP::PROTO_TLS)
29 return nullptr;
30
31 static char buf[512];
32 snprintf(buf, sizeof(buf), "%s/%d.%d", AnyP::ProtocolType_str[v.protocol], v.major, v.minor);
33 return buf;
34}
35
2bcab852 36#if USE_OPENSSL
67c99fc6
CT		 37static AnyP::ProtocolVersion
38toProtocolVersion(const int v)
39{
2bcab852 40 switch(v) {
d9219c2b 41#if defined(TLS1_2_VERSION)
2bcab852 42 case TLS1_2_VERSION:
67c99fc6 43 return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 2);
d9219c2b
CT		 44#endif
45#if defined(TLS1_1_VERSION)
2bcab852 46 case TLS1_1_VERSION:
67c99fc6 47 return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 1);
2bcab852 48#endif
d9219c2b 49#if defined(TLS1_VERSION)
2bcab852 50 case TLS1_VERSION:
67c99fc6 51 return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 0);
d9219c2b
CT		 52#endif
53#if defined(SSL3_VERSION)
2bcab852 54 case SSL3_VERSION:
67c99fc6 55 return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 3, 0);
d9219c2b
CT		 56#endif
57#if defined(SSL2_VERSION)
2bcab852 58 case SSL2_VERSION:
67c99fc6 59 return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 2, 0);
d9219c2b 60#endif
2bcab852 61 default:
67c99fc6 62 return AnyP::ProtocolVersion();
2bcab852 63 }
2bcab852 64}
67c99fc6 65#endif
2bcab852 66
2bcab852 67void
ad23e748 68Security::NegotiationHistory::retrieveNegotiatedInfo(const Security::SessionPointer &session)
2bcab852 69{
33cc0629 70#if USE_OPENSSL
ad23e748 71 if ((cipher = SSL_get_current_cipher(session.get()))) {
2bcab852
CT		 72 // Set the negotiated version only if the cipher negotiated
73 // else probably the negotiation is not completed and version
74 // is not the final negotiated version
2a268a06 75 version_ = toProtocolVersion(SSL_version(session.get()));
2bcab852
CT		 76 }
77
014adac1 78 if (Debug::Enabled(83, 5)) {
ad23e748 79 BIO *b = SSL_get_rbio(session.get());
2a268a06 80 Ssl::Bio *bio = static_cast<Ssl::Bio *>(BIO_get_data(b));
8abcff99
CT		 81 debugs(83, 5, "SSL connection info on FD " << bio->fd() <<
82 " SSL version " << version_ <<
83 " negotiated cipher " << cipherName());
84 }
2bcab852 85#endif
33cc0629 86}
2bcab852 87
3cae14a6 88void
8abcff99 89Security::NegotiationHistory::retrieveParsedInfo(Security::TlsDetails::Pointer const &details)
3cae14a6 90{
49a4d72f
AR		 91 if (details) {
92 helloVersion_ = details->tlsVersion;
93 supportedVersion_ = details->tlsSupportedVersion;
94 }
3cae14a6
CT		 95}
96
2bcab852
CT		 97const char *
98Security::NegotiationHistory::cipherName() const
99{
100#if USE_OPENSSL
101 if (!cipher)
102 return nullptr;
103
104 return SSL_CIPHER_get_name(cipher);
105#else
106 return nullptr;
107#endif
108}
4b307ad4 109
Mirror of https://github.com/squid-cache/squid.git