[thirdparty/squid.git] / src / ssl / ServerBump.h

/*
 * Copyright (C) 1996-2018 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

#ifndef _SQUID_SSL_PEEKER_H
#define _SQUID_SSL_PEEKER_H

#include "base/AsyncJob.h"
#include "base/CbcPointer.h"
#include "comm/forward.h"
#include "HttpRequest.h"
#include "ip/Address.h"
#include "security/forward.h"
#include "Store.h"

class ConnStateData;
class store_client;

namespace Ssl
{

/**
 * Maintains bump-server-first related information.
 */
class ServerBump
{
    CBDATA_CLASS(ServerBump);

public:
    explicit ServerBump(HttpRequest *fakeRequest, StoreEntry *e = NULL, Ssl::BumpMode mode = Ssl::bumpServerFirst);
    ~ServerBump();
    void attachServerSession(const Security::SessionPointer &); ///< Sets the server TLS session object
    const Security::CertErrors *sslErrors() const; ///< SSL [certificate validation] errors

    /// whether there was a successful connection to (and peeking at) the origin server
    bool connectedOk() const {return entry && entry->isEmpty();}

    /// faked, minimal request; required by Client API
    HttpRequest::Pointer request;
    StoreEntry *entry; ///< for receiving Squid-generated error messages
    /// HTTPS server certificate. Maybe it is different than the one
    /// it is stored in serverSession object (error SQUID_X509_V_ERR_CERT_CHANGE)
    Security::CertPointer serverCert;
    struct {
        Ssl::BumpMode step1; ///< The SSL bump mode at step1
        Ssl::BumpMode step2; ///< The SSL bump mode at step2
        Ssl::BumpMode step3; ///< The SSL bump mode at step3
    } act; ///< bumping actions at various bumping steps
    Ssl::BumpStep step; ///< The SSL bumping step

private:
    Security::SessionPointer serverSession; ///< The TLS session object on server side.
    store_client *sc; ///< dummy client to prevent entry trimming
};

} // namespace Ssl

#endif
Commit	Line	Data
bbc27441	1	/*
5b74111a	2	* Copyright (C) 1996-2018 The Squid Software Foundation and contributors
bbc27441 AJ	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
	7	*/
	8
fd4624d7 CT	9	#ifndef _SQUID_SSL_PEEKER_H
	10	#define _SQUID_SSL_PEEKER_H
	11
	12	#include "base/AsyncJob.h"
	13	#include "base/CbcPointer.h"
	14	#include "comm/forward.h"
	15	#include "HttpRequest.h"
	16	#include "ip/Address.h"
f97700a0	17	#include "security/forward.h"
5107d2c4	18	#include "Store.h"
fd4624d7 CT	19
fd4624d7 CT	20	class ConnStateData;
582c2af2	21	class store_client;
fd4624d7 CT	22
	23	namespace Ssl
	24	{
	25
	26	/**
7a957a93	27	* Maintains bump-server-first related information.
fd4624d7 CT	28	*/
	29	class ServerBump
	30	{
5c2f68b7 AJ	31	CBDATA_CLASS(ServerBump);
5c2f68b7 AJ	32
fd4624d7	33	public:
d620ae0e	34	explicit ServerBump(HttpRequest fakeRequest, StoreEntry e = NULL, Ssl::BumpMode mode = Ssl::bumpServerFirst);
fd4624d7	35	~ServerBump();
8f917129	36	void attachServerSession(const Security::SessionPointer &); ///< Sets the server TLS session object
92e3827b	37	const Security::CertErrors *sslErrors() const; ///< SSL [certificate validation] errors
7a957a93	38
5107d2c4 CT	39	/// whether there was a successful connection to (and peeking at) the origin server
	40	bool connectedOk() const {return entry && entry->isEmpty();}
	41
d5430dc8	42	/// faked, minimal request; required by Client API
fd4624d7 CT	43	HttpRequest::Pointer request;
fd4624d7 CT	44	StoreEntry *entry; ///< for receiving Squid-generated error messages
088f0761	45	/// HTTPS server certificate. Maybe it is different than the one
8f917129	46	/// it is stored in serverSession object (error SQUID_X509_V_ERR_CERT_CHANGE)
088f0761	47	Security::CertPointer serverCert;
a9c2dd2f CT	48	struct {
	49	Ssl::BumpMode step1; ///< The SSL bump mode at step1
	50	Ssl::BumpMode step2; ///< The SSL bump mode at step2
	51	Ssl::BumpMode step3; ///< The SSL bump mode at step3
	52	} act; ///< bumping actions at various bumping steps
	53	Ssl::BumpStep step; ///< The SSL bumping step
fd4624d7 CT	54
fd4624d7 CT	55	private:
8f917129	56	Security::SessionPointer serverSession; ///< The TLS session object on server side.
fd4624d7	57	store_client *sc; ///< dummy client to prevent entry trimming
fd4624d7 CT	58	};
	59
	60	} // namespace Ssl
	61
	62	#endif
f53969cc	63