]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/security/Session.h
082d89723f18e819bb0589c65f758055307ea8cb
2 * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 #ifndef SQUID_SRC_SECURITY_SESSION_H
10 #define SQUID_SRC_SECURITY_SESSION_H
12 #include "base/HardFun.h"
13 #include "comm/forward.h"
14 #include "security/forward.h"
15 #include "security/LockingPointer.h"
20 #include "compat/openssl.h"
21 #if HAVE_OPENSSL_SSL_H
22 #include <openssl/ssl.h>
27 #if HAVE_GNUTLS_GNUTLS_H
28 #include <gnutls/gnutls.h>
34 /// Creates TLS Client connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO).
35 /// On errors, emits DBG_IMPORTANT with details and returns false.
36 bool CreateClientSession(const Security::ContextPointer
&, const Comm::ConnectionPointer
&, const char *squidCtx
);
40 /// Creates TLS Server connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO).
41 /// On errors, emits DBG_IMPORTANT with details and returns false.
42 bool CreateServerSession(const Security::ContextPointer
&, const Comm::ConnectionPointer
&, Security::PeerOptions
&, const char *squidCtx
);
45 typedef SSL Connection
;
47 using Session
= SSL_SESSION
;
49 typedef std::shared_ptr
<SSL
> SessionPointer
;
51 typedef std::unique_ptr
<SSL_SESSION
, HardFun
<void, SSL_SESSION
*, &SSL_SESSION_free
>> SessionStatePointer
;
54 // to be finalized when it is actually needed/used
57 // to be finalized when it is actually needed/used
60 typedef std::shared_ptr
<struct gnutls_session_int
> SessionPointer
;
62 // wrapper function to get around gnutls_free being a typedef
63 inline void squid_gnutls_free(void *d
) {gnutls_free(d
);}
64 typedef std::unique_ptr
<gnutls_datum_t
, HardFun
<void, void*, &Security::squid_gnutls_free
>> SessionStatePointer
;
67 typedef std::nullptr_t Connection
;
71 typedef std::shared_ptr
<void> SessionPointer
;
73 typedef std::unique_ptr
<int> SessionStatePointer
;
77 /// send the shutdown/bye notice for an active TLS session.
78 void SessionSendGoodbye(const Security::SessionPointer
&);
80 /// whether the session is a resumed one
81 bool SessionIsResumed(const Security::SessionPointer
&);
84 * When the session is not a resumed session, retrieve the details needed to
85 * resume a later connection and store them in 'data'. This may result in 'data'
86 * becoming a nil Pointer if no details exist or an error occurs.
88 * When the session is already a resumed session, do nothing and leave 'data'
90 * XXX: is this latter behaviour always correct?
92 void MaybeGetSessionResumeData(const Security::SessionPointer
&, Security::SessionStatePointer
&data
);
94 /// Set the data for resuming a previous session.
95 /// Needs to be done before using the SessionPointer for a handshake.
96 void SetSessionResumeData(const Security::SessionPointer
&, const Security::SessionStatePointer
&);
99 // TODO: remove from public API. It is only public because of Security::ServerOptions::updateContextConfig
100 /// Setup the given TLS context with callbacks used to manage the session cache
101 void SetSessionCacheCallbacks(Security::ContextPointer
&);
103 /// Helper function to retrieve a (non-locked) ContextPointer from a SessionPointer
104 inline Security::ContextPointer
105 GetFrom(Security::SessionPointer
&s
)
107 auto *ctx
= SSL_get_SSL_CTX(s
.get());
108 return Security::ContextPointer(ctx
, [](SSL_CTX
*) {/* nothing to unlock/free */});
111 /// \deprecated use the PeerOptions/ServerOptions API methods instead.
112 /// Wraps SessionPointer value creation to reduce risk of
113 /// a nasty hack in ssl/support.cc.
114 Security::SessionPointer
NewSessionObject(const Security::ContextPointer
&);
117 } // namespace Security
119 #endif /* SQUID_SRC_SECURITY_SESSION_H */