]>
Commit | Line | Data |
---|---|---|
3aac8c26 | 1 | /* |
b8ae064d | 2 | * Copyright (C) 1996-2023 The Squid Software Foundation and contributors |
3aac8c26 AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
9 | #ifndef SQUID_SRC_SECURITY_SESSION_H | |
10 | #define SQUID_SRC_SECURITY_SESSION_H | |
11 | ||
5d9a65df | 12 | #include "base/HardFun.h" |
86f77270 | 13 | #include "comm/forward.h" |
e227da8d | 14 | #include "security/forward.h" |
4106be3f | 15 | #include "security/LockingPointer.h" |
33cc0629 | 16 | |
3ec728ac AJ |
17 | #include <memory> |
18 | ||
3aac8c26 | 19 | #if USE_OPENSSL |
24b30fdc | 20 | #include "compat/openssl.h" |
3aac8c26 AJ |
21 | #if HAVE_OPENSSL_SSL_H |
22 | #include <openssl/ssl.h> | |
23 | #endif | |
24 | #endif | |
25 | ||
26 | #if USE_GNUTLS | |
27 | #if HAVE_GNUTLS_GNUTLS_H | |
28 | #include <gnutls/gnutls.h> | |
29 | #endif | |
30 | #endif | |
31 | ||
32 | namespace Security { | |
33 | ||
86f77270 AJ |
34 | /// Creates TLS Client connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO). |
35 | /// On errors, emits DBG_IMPORTANT with details and returns false. | |
36 | bool CreateClientSession(const Security::ContextPointer &, const Comm::ConnectionPointer &, const char *squidCtx); | |
37 | ||
60fcfadf AJ |
38 | class PeerOptions; |
39 | ||
86f77270 AJ |
40 | /// Creates TLS Server connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO). |
41 | /// On errors, emits DBG_IMPORTANT with details and returns false. | |
60fcfadf | 42 | bool CreateServerSession(const Security::ContextPointer &, const Comm::ConnectionPointer &, Security::PeerOptions &, const char *squidCtx); |
86f77270 | 43 | |
3aac8c26 | 44 | #if USE_OPENSSL |
800967af CT |
45 | typedef SSL Connection; |
46 | ||
e227da8d AR |
47 | using Session = SSL_SESSION; |
48 | ||
9c8549cf | 49 | typedef std::shared_ptr<SSL> SessionPointer; |
3aac8c26 | 50 | |
5d9a65df AJ |
51 | typedef std::unique_ptr<SSL_SESSION, HardFun<void, SSL_SESSION*, &SSL_SESSION_free>> SessionStatePointer; |
52 | ||
3aac8c26 | 53 | #elif USE_GNUTLS |
e227da8d AR |
54 | // to be finalized when it is actually needed/used |
55 | struct Connection {}; | |
56 | ||
57 | // to be finalized when it is actually needed/used | |
58 | struct Session {}; | |
59 | ||
9c8549cf | 60 | typedef std::shared_ptr<struct gnutls_session_int> SessionPointer; |
3aac8c26 | 61 | |
5d9a65df AJ |
62 | // wrapper function to get around gnutls_free being a typedef |
63 | inline void squid_gnutls_free(void *d) {gnutls_free(d);} | |
64 | typedef std::unique_ptr<gnutls_datum_t, HardFun<void, void*, &Security::squid_gnutls_free>> SessionStatePointer; | |
65 | ||
3aac8c26 | 66 | #else |
800967af CT |
67 | typedef std::nullptr_t Connection; |
68 | ||
e227da8d AR |
69 | struct Session {}; |
70 | ||
9c8549cf | 71 | typedef std::shared_ptr<void> SessionPointer; |
33cc0629 | 72 | |
5d9a65df AJ |
73 | typedef std::unique_ptr<int> SessionStatePointer; |
74 | ||
3aac8c26 AJ |
75 | #endif |
76 | ||
03e0e0e4 AJ |
77 | /// send the shutdown/bye notice for an active TLS session. |
78 | void SessionSendGoodbye(const Security::SessionPointer &); | |
087b94cb | 79 | |
5d9a65df AJ |
80 | /// whether the session is a resumed one |
81 | bool SessionIsResumed(const Security::SessionPointer &); | |
82 | ||
83 | /** | |
84 | * When the session is not a resumed session, retrieve the details needed to | |
85 | * resume a later connection and store them in 'data'. This may result in 'data' | |
86 | * becoming a nil Pointer if no details exist or an error occurs. | |
87 | * | |
88 | * When the session is already a resumed session, do nothing and leave 'data' | |
89 | * unhanged. | |
90 | * XXX: is this latter behaviour always correct? | |
91 | */ | |
92 | void MaybeGetSessionResumeData(const Security::SessionPointer &, Security::SessionStatePointer &data); | |
93 | ||
94 | /// Set the data for resuming a previous session. | |
95 | /// Needs to be done before using the SessionPointer for a handshake. | |
96 | void SetSessionResumeData(const Security::SessionPointer &, const Security::SessionStatePointer &); | |
97 | ||
c96b5508 | 98 | #if USE_OPENSSL |
cf487124 | 99 | // TODO: remove from public API. It is only public because of Security::ServerOptions::updateContextConfig |
301a17d1 AJ |
100 | /// Setup the given TLS context with callbacks used to manage the session cache |
101 | void SetSessionCacheCallbacks(Security::ContextPointer &); | |
102 | ||
1c1fae0f AJ |
103 | /// Helper function to retrieve a (non-locked) ContextPointer from a SessionPointer |
104 | inline Security::ContextPointer | |
105 | GetFrom(Security::SessionPointer &s) | |
106 | { | |
107 | auto *ctx = SSL_get_SSL_CTX(s.get()); | |
108 | return Security::ContextPointer(ctx, [](SSL_CTX *) {/* nothing to unlock/free */}); | |
109 | } | |
110 | ||
c96b5508 AJ |
111 | /// \deprecated use the PeerOptions/ServerOptions API methods instead. |
112 | /// Wraps SessionPointer value creation to reduce risk of | |
113 | /// a nasty hack in ssl/support.cc. | |
114 | Security::SessionPointer NewSessionObject(const Security::ContextPointer &); | |
115 | #endif | |
116 | ||
3aac8c26 AJ |
117 | } // namespace Security |
118 | ||
119 | #endif /* SQUID_SRC_SECURITY_SESSION_H */ | |
120 |