src/security/NegotiationHistory.cc

   1 /*
   2  * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 #include "squid.h"
  10 #include "MemBuf.h"
  11 #include "security/NegotiationHistory.h"
  12 #include "SquidConfig.h"
  13 #if USE_OPENSSL
  14 #include "ssl/bio.h"
  15 #include "ssl/support.h"
  16 #endif
  17
  18 Security::NegotiationHistory::NegotiationHistory()
  19 #if USE_OPENSSL
  20     : cipher(nullptr)
  21 #endif
  22 {
  23 }
  24
  25 const char *
  26 Security::NegotiationHistory::printTlsVersion(AnyP::ProtocolVersion const &v) const
  27 {
  28     if (v.protocol != AnyP::PROTO_SSL && v.protocol != AnyP::PROTO_TLS)
  29         return nullptr;
  30
  31     static char buf[512];
  32     snprintf(buf, sizeof(buf), "%s/%d.%d", AnyP::ProtocolType_str[v.protocol], v.major, v.minor);
  33     return buf;
  34 }
  35
  36 #if USE_OPENSSL
  37 static AnyP::ProtocolVersion
  38 toProtocolVersion(const int v)
  39 {
  40     switch(v) {
  41 #if defined(TLS1_2_VERSION)
  42     case TLS1_2_VERSION:
  43         return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 2);
  44 #endif
  45 #if defined(TLS1_1_VERSION)
  46     case TLS1_1_VERSION:
  47         return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 1);
  48 #endif
  49 #if defined(TLS1_VERSION)
  50     case TLS1_VERSION:
  51         return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 0);
  52 #endif
  53 #if defined(SSL3_VERSION)
  54     case SSL3_VERSION:
  55         return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 3, 0);
  56 #endif
  57 #if defined(SSL2_VERSION)
  58     case SSL2_VERSION:
  59         return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 2, 0);
  60 #endif
  61     default:
  62         return AnyP::ProtocolVersion();
  63     }
  64 }
  65 #endif
  66
  67 void
  68 Security::NegotiationHistory::retrieveNegotiatedInfo(const Security::SessionPointer &session)
  69 {
  70 #if USE_OPENSSL
  71     if ((cipher = SSL_get_current_cipher(session.get()))) {
  72         // Set the negotiated version only if the cipher negotiated
  73         // else probably the negotiation is not completed and version
  74         // is not the final negotiated version
  75         version_ = toProtocolVersion(SSL_version(session.get()));
  76     }
  77
  78     if (Debug::Enabled(83, 5)) {
  79         BIO *b = SSL_get_rbio(session.get());
  80         Ssl::Bio *bio = static_cast<Ssl::Bio *>(BIO_get_data(b));
  81         debugs(83, 5, "SSL connection info on FD " << bio->fd() <<
  82                " SSL version " << version_ <<
  83                " negotiated cipher " << cipherName());
  84     }
  85 #endif
  86 }
  87
  88 void
  89 Security::NegotiationHistory::retrieveParsedInfo(Security::TlsDetails::Pointer const &details)
  90 {
  91     if (details) {
  92         helloVersion_ = details->tlsVersion;
  93         supportedVersion_ = details->tlsSupportedVersion;
  94     }
  95 }
  96
  97 const char *
  98 Security::NegotiationHistory::cipherName() const
  99 {
 100 #if USE_OPENSSL
 101     if (!cipher)
 102         return nullptr;
 103
 104     return SSL_CIPHER_get_name(cipher);
 105 #else
 106     return nullptr;
 107 #endif
 108 }
 109