]>
Commit | Line | Data |
---|---|---|
0461fde7 | 1 | /* |
f70aedc4 | 2 | * Copyright (C) 1996-2021 The Squid Software Foundation and contributors |
0461fde7 AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
2bcab852 CT |
9 | #include "squid.h" |
10 | #include "MemBuf.h" | |
11 | #include "security/NegotiationHistory.h" | |
12 | #include "SquidConfig.h" | |
10f0e358 | 13 | #if USE_OPENSSL |
2bcab852 CT |
14 | #include "ssl/bio.h" |
15 | #include "ssl/support.h" | |
10f0e358 CT |
16 | #endif |
17 | ||
67c99fc6 | 18 | Security::NegotiationHistory::NegotiationHistory() |
10f0e358 | 19 | #if USE_OPENSSL |
d9219c2b | 20 | : cipher(nullptr) |
10f0e358 CT |
21 | #endif |
22 | { | |
23 | } | |
2bcab852 CT |
24 | |
25 | const char * | |
67c99fc6 | 26 | Security::NegotiationHistory::printTlsVersion(AnyP::ProtocolVersion const &v) const |
2bcab852 | 27 | { |
cd29a421 | 28 | if (!TlsFamilyProtocol(v)) |
67c99fc6 CT |
29 | return nullptr; |
30 | ||
31 | static char buf[512]; | |
32 | snprintf(buf, sizeof(buf), "%s/%d.%d", AnyP::ProtocolType_str[v.protocol], v.major, v.minor); | |
33 | return buf; | |
34 | } | |
35 | ||
2bcab852 | 36 | #if USE_OPENSSL |
67c99fc6 CT |
37 | static AnyP::ProtocolVersion |
38 | toProtocolVersion(const int v) | |
39 | { | |
2bcab852 | 40 | switch(v) { |
c6f5ad1c CT |
41 | #if defined(TLS1_3_VERSION) |
42 | case TLS1_3_VERSION: | |
43 | return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 3); | |
44 | #endif | |
d9219c2b | 45 | #if defined(TLS1_2_VERSION) |
2bcab852 | 46 | case TLS1_2_VERSION: |
67c99fc6 | 47 | return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 2); |
d9219c2b CT |
48 | #endif |
49 | #if defined(TLS1_1_VERSION) | |
2bcab852 | 50 | case TLS1_1_VERSION: |
67c99fc6 | 51 | return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 1); |
2bcab852 | 52 | #endif |
d9219c2b | 53 | #if defined(TLS1_VERSION) |
2bcab852 | 54 | case TLS1_VERSION: |
67c99fc6 | 55 | return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 0); |
d9219c2b CT |
56 | #endif |
57 | #if defined(SSL3_VERSION) | |
2bcab852 | 58 | case SSL3_VERSION: |
67c99fc6 | 59 | return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 3, 0); |
d9219c2b CT |
60 | #endif |
61 | #if defined(SSL2_VERSION) | |
2bcab852 | 62 | case SSL2_VERSION: |
67c99fc6 | 63 | return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 2, 0); |
d9219c2b | 64 | #endif |
2bcab852 | 65 | default: |
67c99fc6 | 66 | return AnyP::ProtocolVersion(); |
2bcab852 | 67 | } |
2bcab852 | 68 | } |
67c99fc6 | 69 | #endif |
2bcab852 | 70 | |
2bcab852 | 71 | void |
ad23e748 | 72 | Security::NegotiationHistory::retrieveNegotiatedInfo(const Security::SessionPointer &session) |
2bcab852 | 73 | { |
33cc0629 | 74 | #if USE_OPENSSL |
ad23e748 | 75 | if ((cipher = SSL_get_current_cipher(session.get()))) { |
2bcab852 CT |
76 | // Set the negotiated version only if the cipher negotiated |
77 | // else probably the negotiation is not completed and version | |
78 | // is not the final negotiated version | |
2a268a06 | 79 | version_ = toProtocolVersion(SSL_version(session.get())); |
2bcab852 CT |
80 | } |
81 | ||
014adac1 | 82 | if (Debug::Enabled(83, 5)) { |
ad23e748 | 83 | BIO *b = SSL_get_rbio(session.get()); |
2a268a06 | 84 | Ssl::Bio *bio = static_cast<Ssl::Bio *>(BIO_get_data(b)); |
8abcff99 CT |
85 | debugs(83, 5, "SSL connection info on FD " << bio->fd() << |
86 | " SSL version " << version_ << | |
87 | " negotiated cipher " << cipherName()); | |
88 | } | |
2bcab852 | 89 | #endif |
33cc0629 | 90 | } |
2bcab852 | 91 | |
3cae14a6 | 92 | void |
8abcff99 | 93 | Security::NegotiationHistory::retrieveParsedInfo(Security::TlsDetails::Pointer const &details) |
3cae14a6 | 94 | { |
49a4d72f AR |
95 | if (details) { |
96 | helloVersion_ = details->tlsVersion; | |
97 | supportedVersion_ = details->tlsSupportedVersion; | |
98 | } | |
3cae14a6 CT |
99 | } |
100 | ||
2bcab852 CT |
101 | const char * |
102 | Security::NegotiationHistory::cipherName() const | |
103 | { | |
104 | #if USE_OPENSSL | |
105 | if (!cipher) | |
106 | return nullptr; | |
107 | ||
108 | return SSL_CIPHER_get_name(cipher); | |
109 | #else | |
110 | return nullptr; | |
111 | #endif | |
112 | } | |
4b307ad4 | 113 |