]>
Commit | Line | Data |
---|---|---|
65d448bc AJ |
1 | #ifndef SQUID_ANYP_PORTCFG_H |
2 | #define SQUID_ANYP_PORTCFG_H | |
1b26be8f | 3 | |
9082b58f | 4 | #include "anyp/forward.h" |
eb6ac808 | 5 | #include "anyp/ProtocolVersion.h" |
6a25a046 | 6 | #include "anyp/TrafficMode.h" |
00406b24 | 7 | #include "comm/Connection.h" |
1b26be8f | 8 | |
cb4f4424 | 9 | #if USE_OPENSSL |
95d2589c CT |
10 | #include "ssl/gadgets.h" |
11 | #endif | |
12 | ||
65d448bc AJ |
13 | namespace AnyP |
14 | { | |
15 | ||
5fed1735 AJ |
16 | class PortCfg |
17 | { | |
18 | public: | |
eb6ac808 | 19 | PortCfg(); |
65d448bc AJ |
20 | ~PortCfg(); |
21 | AnyP::PortCfg *clone() const; | |
cb4f4424 | 22 | #if USE_OPENSSL |
7a957a93 | 23 | /// creates, configures, and validates SSL context and related port options |
f4e4d4d6 CT |
24 | void configureSslServerContext(); |
25 | #endif | |
1b26be8f | 26 | |
eb6ac808 AJ |
27 | /** |
28 | * Set this ports transport type from a string representation. | |
29 | * Unknown transport type representations will halt Squid. | |
30 | * Supports: HTTP, HTTP/1.1, HTTPS, HTTPS/1.1. | |
31 | */ | |
32 | void setTransport(const char *aProtocol); | |
33 | ||
65d448bc | 34 | PortCfg *next; |
1b26be8f | 35 | |
b7ac5457 | 36 | Ip::Address s; |
eb6ac808 | 37 | AnyP::ProtocolVersion transport; ///< transport protocol and version received by this port |
1b26be8f | 38 | char *name; /* visible name */ |
39 | char *defaultsite; /* default web site */ | |
40 | ||
6a25a046 FC |
41 | TrafficMode flags; ///< flags indicating what type of traffic to expect via this port. |
42 | ||
86ab7a90 FC |
43 | bool allow_direct; ///< Allow direct forwarding in accelerator mode |
44 | bool vhost; ///< uses host header | |
45 | bool actAsOrigin; ///< update replies to conform with RFC 2616 | |
46 | bool ignore_cc; ///< Ignore request Cache-Control directives | |
1b26be8f | 47 | |
86ab7a90 FC |
48 | bool connection_auth_disabled; ///< Don't support connection oriented auth |
49 | ||
50 | int vport; ///< virtual port support. -1 if dynamic, >0 static | |
1b26be8f | 51 | int disable_pmtu_discovery; |
f1e0717c | 52 | |
1b26be8f | 53 | struct { |
26ac0430 AJ |
54 | unsigned int idle; |
55 | unsigned int interval; | |
56 | unsigned int timeout; | |
86ab7a90 | 57 | bool enabled; |
1b26be8f | 58 | } tcp_keepalive; |
59 | ||
04f55905 | 60 | /** |
8bbb16e3 AJ |
61 | * The listening socket details. |
62 | * If Comm::ConnIsOpen() we are actively listening for client requests. | |
63 | * use listenConn->close() to stop. | |
04f55905 | 64 | */ |
8bbb16e3 | 65 | Comm::ConnectionPointer listenConn; |
04f55905 | 66 | |
cb4f4424 | 67 | #if USE_OPENSSL |
1b26be8f | 68 | char *cert; |
69 | char *key; | |
70 | int version; | |
71 | char *cipher; | |
72 | char *options; | |
73 | char *clientca; | |
74 | char *cafile; | |
75 | char *capath; | |
76 | char *crlfile; | |
77 | char *dhfile; | |
78 | char *sslflags; | |
95d2589c CT |
79 | char *sslContextSessionId; ///< "session id context" for staticSslContext |
80 | bool generateHostCertificates; ///< dynamically make host cert for sslBump | |
81 | size_t dynamicCertMemCacheSize; ///< max size of generated certificates memory cache | |
82 | ||
83 | Ssl::SSL_CTX_Pointer staticSslContext; ///< for HTTPS accelerator or static sslBump | |
84 | Ssl::X509_Pointer signingCert; ///< x509 certificate for signing generated certificates | |
85 | Ssl::EVP_PKEY_Pointer signPkey; ///< private key for sighing generated certificates | |
a594dbfa | 86 | Ssl::X509_STACK_Pointer certsToChain; ///< x509 certificates to send with the generated cert |
95588170 CT |
87 | Ssl::X509_Pointer untrustedSigningCert; ///< x509 certificate for signing untrusted generated certificates |
88 | Ssl::EVP_PKEY_Pointer untrustedSignPkey; ///< private key for signing untrusted generated certificates | |
86660d64 CT |
89 | |
90 | Ssl::X509_CRL_STACK_Pointer clientVerifyCrls; ///< additional CRL lists to use when verifying the client certificate | |
91 | Ssl::X509_NAME_STACK_Pointer clientCA; ///< CA certificates to use when verifying client certificates | |
92 | Ssl::DH_Pointer dhParams; ///< DH parameters for temporary/ephemeral DH key exchanges | |
93 | Ssl::ContextMethod contextMethod; ///< The context method (SSL_METHOD) to use when creating certificates | |
94 | long sslContextFlags; ///< flags modifying the use of SSL | |
95 | long sslOptions; ///< SSL engine options | |
1b26be8f | 96 | #endif |
97 | ||
65d448bc | 98 | CBDATA_CLASS2(PortCfg); // namespaced |
1b26be8f | 99 | }; |
100 | ||
65d448bc AJ |
101 | } // namespace AnyP |
102 | ||
103 | // Max number of TCP listening ports | |
104 | #define MAXTCPLISTENPORTS 128 | |
105 | ||
106 | // TODO: kill this global array. Need to check performance of array vs list though. | |
107 | extern int NHttpSockets; | |
108 | extern int HttpSockets[MAXTCPLISTENPORTS]; | |
109 | ||
110 | #endif /* SQUID_ANYP_PORTCFG_H */ |