src/acl/Certificate.cc

   1 /*
   2  * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 /* DEBUG: section 28    Access Control */
  10
  11 #include "squid.h"
  12
  13 /* MS Visual Studio Projects are monolithic, so we need the following
  14  * #if to exclude the SSL code from compile process when not needed.
  15  */
  16 #if USE_OPENSSL
  17
  18 #include "acl/Certificate.h"
  19 #include "acl/CertificateData.h"
  20 #include "acl/Checklist.h"
  21 #include "client_side.h"
  22 #include "fde.h"
  23 #include "globals.h"
  24 #include "http/Stream.h"
  25 #include "HttpRequest.h"
  26
  27 int
  28 ACLCertificateStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
  29 {
  30     const int fd = checklist->fd();
  31     const bool goodDescriptor = 0 <= fd && fd <= Biggest_FD;
  32     auto ssl = goodDescriptor ? fd_table[fd].ssl.get() : nullptr;
  33     X509 *cert = SSL_get_peer_certificate(ssl);
  34     const bool res = data->match (cert);
  35     X509_free(cert);
  36     return res;
  37 }
  38
  39 #endif /* USE_OPENSSL */
  40