src/security/NegotiationHistory.cc

   1 /*
   2  * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 #include "squid.h"
  10 #include "MemBuf.h"
  11 #include "security/NegotiationHistory.h"
  12 #include "SquidConfig.h"
  13 #if USE_OPENSSL
  14 #include "ssl/bio.h"
  15 #include "ssl/support.h"
  16 #endif
  17
  18 Security::NegotiationHistory::NegotiationHistory()
  19 #if USE_OPENSSL
  20     : cipher(nullptr)
  21 #endif
  22 {
  23 }
  24
  25 const char *
  26 Security::NegotiationHistory::printTlsVersion(AnyP::ProtocolVersion const &v) const
  27 {
  28     if (!TlsFamilyProtocol(v))
  29         return nullptr;
  30
  31     static char buf[512];
  32     snprintf(buf, sizeof(buf), "%s/%d.%d", AnyP::ProtocolType_str[v.protocol], v.major, v.minor);
  33     return buf;
  34 }
  35
  36 #if USE_OPENSSL
  37 static AnyP::ProtocolVersion
  38 toProtocolVersion(const int v)
  39 {
  40     switch(v) {
  41 #if defined(TLS1_3_VERSION)
  42     case TLS1_3_VERSION:
  43         return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 3);
  44 #endif
  45 #if defined(TLS1_2_VERSION)
  46     case TLS1_2_VERSION:
  47         return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 2);
  48 #endif
  49 #if defined(TLS1_1_VERSION)
  50     case TLS1_1_VERSION:
  51         return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 1);
  52 #endif
  53 #if defined(TLS1_VERSION)
  54     case TLS1_VERSION:
  55         return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 0);
  56 #endif
  57 #if defined(SSL3_VERSION)
  58     case SSL3_VERSION:
  59         return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 3, 0);
  60 #endif
  61 #if defined(SSL2_VERSION)
  62     case SSL2_VERSION:
  63         return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 2, 0);
  64 #endif
  65     default:
  66         return AnyP::ProtocolVersion();
  67     }
  68 }
  69 #endif
  70
  71 void
  72 Security::NegotiationHistory::retrieveNegotiatedInfo(const Security::SessionPointer &session)
  73 {
  74 #if USE_OPENSSL
  75     if ((cipher = SSL_get_current_cipher(session.get()))) {
  76         // Set the negotiated version only if the cipher negotiated
  77         // else probably the negotiation is not completed and version
  78         // is not the final negotiated version
  79         version_ = toProtocolVersion(SSL_version(session.get()));
  80     }
  81
  82     if (Debug::Enabled(83, 5)) {
  83         BIO *b = SSL_get_rbio(session.get());
  84         Ssl::Bio *bio = static_cast<Ssl::Bio *>(BIO_get_data(b));
  85         debugs(83, 5, "SSL connection info on FD " << bio->fd() <<
  86                " SSL version " << version_ <<
  87                " negotiated cipher " << cipherName());
  88     }
  89 #endif
  90 }
  91
  92 void
  93 Security::NegotiationHistory::retrieveParsedInfo(Security::TlsDetails::Pointer const &details)
  94 {
  95     if (details) {
  96         helloVersion_ = details->tlsVersion;
  97         supportedVersion_ = details->tlsSupportedVersion;
  98     }
  99 }
 100
 101 const char *
 102 Security::NegotiationHistory::cipherName() const
 103 {
 104 #if USE_OPENSSL
 105     if (!cipher)
 106         return nullptr;
 107
 108     return SSL_CIPHER_get_name(cipher);
 109 #else
 110     return nullptr;
 111 #endif
 112 }
 113