]> git.ipfire.org Git - thirdparty/squid.git/blame - src/security/NegotiationHistory.cc
projects / thirdparty / squid.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Source Format Enforcement (#763)
[thirdparty/squid.git] / src / security / NegotiationHistory.cc
CommitLineData
0461fde7 1/*
f70aedc4 2 * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
0461fde7
AJ		 3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
2bcab852
CT		 9#include "squid.h"
10#include "MemBuf.h"
11#include "security/NegotiationHistory.h"
12#include "SquidConfig.h"
10f0e358 13#if USE_OPENSSL
2bcab852
CT		 14#include "ssl/bio.h"
15#include "ssl/support.h"
10f0e358
CT		 16#endif
17
67c99fc6 18Security::NegotiationHistory::NegotiationHistory()
10f0e358 19#if USE_OPENSSL
d9219c2b 20 : cipher(nullptr)
10f0e358
CT		 21#endif
22{
23}
2bcab852
CT		 24
25const char *
67c99fc6 26Security::NegotiationHistory::printTlsVersion(AnyP::ProtocolVersion const &v) const
2bcab852 27{
cd29a421 28 if (!TlsFamilyProtocol(v))
67c99fc6
CT		 29 return nullptr;
30
31 static char buf[512];
32 snprintf(buf, sizeof(buf), "%s/%d.%d", AnyP::ProtocolType_str[v.protocol], v.major, v.minor);
33 return buf;
34}
35
2bcab852 36#if USE_OPENSSL
67c99fc6
CT		 37static AnyP::ProtocolVersion
38toProtocolVersion(const int v)
39{
2bcab852 40 switch(v) {
c6f5ad1c
CT		 41#if defined(TLS1_3_VERSION)
42 case TLS1_3_VERSION:
43 return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 3);
44#endif
d9219c2b 45#if defined(TLS1_2_VERSION)
2bcab852 46 case TLS1_2_VERSION:
67c99fc6 47 return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 2);
d9219c2b
CT		 48#endif
49#if defined(TLS1_1_VERSION)
2bcab852 50 case TLS1_1_VERSION:
67c99fc6 51 return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 1);
2bcab852 52#endif
d9219c2b 53#if defined(TLS1_VERSION)
2bcab852 54 case TLS1_VERSION:
67c99fc6 55 return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 0);
d9219c2b
CT		 56#endif
57#if defined(SSL3_VERSION)
2bcab852 58 case SSL3_VERSION:
67c99fc6 59 return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 3, 0);
d9219c2b
CT		 60#endif
61#if defined(SSL2_VERSION)
2bcab852 62 case SSL2_VERSION:
67c99fc6 63 return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 2, 0);
d9219c2b 64#endif
2bcab852 65 default:
67c99fc6 66 return AnyP::ProtocolVersion();
2bcab852 67 }
2bcab852 68}
67c99fc6 69#endif
2bcab852 70
2bcab852 71void
ad23e748 72Security::NegotiationHistory::retrieveNegotiatedInfo(const Security::SessionPointer &session)
2bcab852 73{
33cc0629 74#if USE_OPENSSL
ad23e748 75 if ((cipher = SSL_get_current_cipher(session.get()))) {
2bcab852
CT		 76 // Set the negotiated version only if the cipher negotiated
77 // else probably the negotiation is not completed and version
78 // is not the final negotiated version
2a268a06 79 version_ = toProtocolVersion(SSL_version(session.get()));
2bcab852
CT		 80 }
81
014adac1 82 if (Debug::Enabled(83, 5)) {
ad23e748 83 BIO *b = SSL_get_rbio(session.get());
2a268a06 84 Ssl::Bio *bio = static_cast<Ssl::Bio *>(BIO_get_data(b));
8abcff99
CT		 85 debugs(83, 5, "SSL connection info on FD " << bio->fd() <<
86 " SSL version " << version_ <<
87 " negotiated cipher " << cipherName());
88 }
2bcab852 89#endif
33cc0629 90}
2bcab852 91
3cae14a6 92void
8abcff99 93Security::NegotiationHistory::retrieveParsedInfo(Security::TlsDetails::Pointer const &details)
3cae14a6 94{
49a4d72f
AR		 95 if (details) {
96 helloVersion_ = details->tlsVersion;
97 supportedVersion_ = details->tlsSupportedVersion;
98 }
3cae14a6
CT		 99}
100
2bcab852
CT		 101const char *
102Security::NegotiationHistory::cipherName() const
103{
104#if USE_OPENSSL
105 if (!cipher)
106 return nullptr;
107
108 return SSL_CIPHER_get_name(cipher);
109#else
110 return nullptr;
111#endif
112}
4b307ad4 113
Mirror of https://github.com/squid-cache/squid.git