2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 #ifndef SQUID_SRC_SSL_SERVERBUMP_H
10 #define SQUID_SRC_SSL_SERVERBUMP_H
12 #include "base/AsyncJob.h"
13 #include "base/CbcPointer.h"
14 #include "comm/forward.h"
15 #include "HttpRequest.h"
16 #include "ip/Address.h"
17 #include "security/forward.h"
19 #include "XactionStep.h"
23 class ClientHttpRequest
;
28 using BumpStep
= XactionStep
;
31 * Maintains bump-server-first related information.
35 CBDATA_CLASS(ServerBump
);
38 explicit ServerBump(ClientHttpRequest
*http
, StoreEntry
*e
= nullptr, Ssl::BumpMode mode
= Ssl::bumpServerFirst
);
40 void attachServerSession(const Security::SessionPointer
&); ///< Sets the server TLS session object
41 Security::CertErrors
*sslErrors() const; ///< SSL [certificate validation] errors
43 /// whether there was a successful connection to (and peeking at) the origin server
44 bool connectedOk() const {return entry
&& entry
->isEmpty();}
46 /// whether we are currently performing the given processing step
47 bool at(const BumpStep stp
) const { return step
== stp
; }
49 /// whether we are currently performing one of the given processing steps
50 bool at(const BumpStep step1
, const BumpStep step2
) const { return at(step1
) || at(step2
); }
52 /// faked, minimal request; required by Client API
53 HttpRequest::Pointer request
;
54 StoreEntry
*entry
; ///< for receiving Squid-generated error messages
55 /// HTTPS server certificate. Maybe it is different than the one
56 /// it is stored in serverSession object (error SQUID_X509_V_ERR_CERT_CHANGE)
57 Security::CertPointer serverCert
;
59 Ssl::BumpMode step1
; ///< The SSL bump mode at step1
60 Ssl::BumpMode step2
; ///< The SSL bump mode at step2
61 Ssl::BumpMode step3
; ///< The SSL bump mode at step3
62 } act
; ///< bumping actions at various bumping steps
63 Ssl::BumpStep step
; ///< The SSL bumping step
66 Security::SessionPointer serverSession
; ///< The TLS session object on server side.
67 store_client
*sc
; ///< dummy client to prevent entry trimming
72 #endif /* SQUID_SRC_SSL_SERVERBUMP_H */