]>
Commit | Line | Data |
---|---|---|
bbc27441 | 1 | /* |
bde978a6 | 2 | * Copyright (C) 1996-2015 The Squid Software Foundation and contributors |
bbc27441 AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
65d448bc AJ |
9 | #ifndef SQUID_ANYP_PORTCFG_H |
10 | #define SQUID_ANYP_PORTCFG_H | |
1b26be8f | 11 | |
9082b58f | 12 | #include "anyp/forward.h" |
eb6ac808 | 13 | #include "anyp/ProtocolVersion.h" |
6a25a046 | 14 | #include "anyp/TrafficMode.h" |
00406b24 | 15 | #include "comm/Connection.h" |
b24e9ae7 | 16 | #include "SBuf.h" |
9a622f3e | 17 | #include "security/PeerOptions.h" |
1b26be8f | 18 | |
cb4f4424 | 19 | #if USE_OPENSSL |
95d2589c CT |
20 | #include "ssl/gadgets.h" |
21 | #endif | |
22 | ||
65d448bc AJ |
23 | namespace AnyP |
24 | { | |
25 | ||
fa720bfb | 26 | class PortCfg : public RefCountable |
5fed1735 AJ |
27 | { |
28 | public: | |
eb6ac808 | 29 | PortCfg(); |
65d448bc | 30 | ~PortCfg(); |
fa720bfb | 31 | AnyP::PortCfgPointer clone() const; |
cb4f4424 | 32 | #if USE_OPENSSL |
7a957a93 | 33 | /// creates, configures, and validates SSL context and related port options |
f4e4d4d6 CT |
34 | void configureSslServerContext(); |
35 | #endif | |
1b26be8f | 36 | |
fa720bfb | 37 | PortCfgPointer next; |
1b26be8f | 38 | |
b7ac5457 | 39 | Ip::Address s; |
eb6ac808 | 40 | AnyP::ProtocolVersion transport; ///< transport protocol and version received by this port |
1b26be8f | 41 | char *name; /* visible name */ |
42 | char *defaultsite; /* default web site */ | |
43 | ||
6a25a046 FC |
44 | TrafficMode flags; ///< flags indicating what type of traffic to expect via this port. |
45 | ||
86ab7a90 FC |
46 | bool allow_direct; ///< Allow direct forwarding in accelerator mode |
47 | bool vhost; ///< uses host header | |
48 | bool actAsOrigin; ///< update replies to conform with RFC 2616 | |
49 | bool ignore_cc; ///< Ignore request Cache-Control directives | |
1b26be8f | 50 | |
86ab7a90 FC |
51 | bool connection_auth_disabled; ///< Don't support connection oriented auth |
52 | ||
e7ce227f AR |
53 | bool ftp_track_dirs; ///< whether transactions should track FTP directories |
54 | ||
86ab7a90 | 55 | int vport; ///< virtual port support. -1 if dynamic, >0 static |
1b26be8f | 56 | int disable_pmtu_discovery; |
f1e0717c | 57 | |
1b26be8f | 58 | struct { |
26ac0430 AJ |
59 | unsigned int idle; |
60 | unsigned int interval; | |
61 | unsigned int timeout; | |
86ab7a90 | 62 | bool enabled; |
1b26be8f | 63 | } tcp_keepalive; |
64 | ||
04f55905 | 65 | /** |
8bbb16e3 AJ |
66 | * The listening socket details. |
67 | * If Comm::ConnIsOpen() we are actively listening for client requests. | |
68 | * use listenConn->close() to stop. | |
04f55905 | 69 | */ |
8bbb16e3 | 70 | Comm::ConnectionPointer listenConn; |
04f55905 | 71 | |
9a622f3e AJ |
72 | /// TLS configuration options for this listening port |
73 | Security::PeerOptions secure; | |
74 | ||
cb4f4424 | 75 | #if USE_OPENSSL |
1b26be8f | 76 | char *clientca; |
1b26be8f | 77 | char *dhfile; |
54fbe371 | 78 | char *tls_dh; |
95d2589c CT |
79 | char *sslContextSessionId; ///< "session id context" for staticSslContext |
80 | bool generateHostCertificates; ///< dynamically make host cert for sslBump | |
81 | size_t dynamicCertMemCacheSize; ///< max size of generated certificates memory cache | |
82 | ||
83 | Ssl::SSL_CTX_Pointer staticSslContext; ///< for HTTPS accelerator or static sslBump | |
f97700a0 | 84 | Security::CertPointer signingCert; ///< x509 certificate for signing generated certificates |
95d2589c | 85 | Ssl::EVP_PKEY_Pointer signPkey; ///< private key for sighing generated certificates |
a594dbfa | 86 | Ssl::X509_STACK_Pointer certsToChain; ///< x509 certificates to send with the generated cert |
f97700a0 | 87 | Security::CertPointer untrustedSigningCert; ///< x509 certificate for signing untrusted generated certificates |
95588170 | 88 | Ssl::EVP_PKEY_Pointer untrustedSignPkey; ///< private key for signing untrusted generated certificates |
86660d64 | 89 | |
86660d64 CT |
90 | Ssl::X509_NAME_STACK_Pointer clientCA; ///< CA certificates to use when verifying client certificates |
91 | Ssl::DH_Pointer dhParams; ///< DH parameters for temporary/ephemeral DH key exchanges | |
54fbe371 | 92 | char *eecdhCurve; ///< Elliptic curve for ephemeral EC-based DH key exchanges |
1b26be8f | 93 | #endif |
1b26be8f | 94 | }; |
95 | ||
65d448bc AJ |
96 | } // namespace AnyP |
97 | ||
fa720bfb AJ |
98 | /// list of Squid http_port configured |
99 | extern AnyP::PortCfgPointer HttpPortList; | |
100 | ||
101 | #if USE_OPENSSL | |
102 | /// list of Squid https_port configured | |
103 | extern AnyP::PortCfgPointer HttpsPortList; | |
104 | #endif | |
105 | ||
8ea0d847 AR |
106 | /// list of Squid ftp_port configured |
107 | extern AnyP::PortCfgPointer FtpPortList; | |
108 | ||
29fd5407 | 109 | #if !defined(MAXTCPLISTENPORTS) |
65d448bc AJ |
110 | // Max number of TCP listening ports |
111 | #define MAXTCPLISTENPORTS 128 | |
29fd5407 | 112 | #endif |
65d448bc AJ |
113 | |
114 | // TODO: kill this global array. Need to check performance of array vs list though. | |
115 | extern int NHttpSockets; | |
116 | extern int HttpSockets[MAXTCPLISTENPORTS]; | |
117 | ||
118 | #endif /* SQUID_ANYP_PORTCFG_H */ | |
f53969cc | 119 |