]>
Commit | Line | Data |
---|---|---|
bbc27441 AJ |
1 | /* |
2 | * Copyright (C) 1996-2014 The Squid Software Foundation and contributors | |
3 | * | |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
65d448bc AJ |
9 | #ifndef SQUID_ANYP_PORTCFG_H |
10 | #define SQUID_ANYP_PORTCFG_H | |
1b26be8f | 11 | |
9082b58f | 12 | #include "anyp/forward.h" |
eb6ac808 | 13 | #include "anyp/ProtocolVersion.h" |
6a25a046 | 14 | #include "anyp/TrafficMode.h" |
00406b24 | 15 | #include "comm/Connection.h" |
1b26be8f | 16 | |
cb4f4424 | 17 | #if USE_OPENSSL |
95d2589c CT |
18 | #include "ssl/gadgets.h" |
19 | #endif | |
20 | ||
65d448bc AJ |
21 | namespace AnyP |
22 | { | |
23 | ||
fa720bfb | 24 | class PortCfg : public RefCountable |
5fed1735 AJ |
25 | { |
26 | public: | |
eb6ac808 | 27 | PortCfg(); |
65d448bc | 28 | ~PortCfg(); |
fa720bfb | 29 | AnyP::PortCfgPointer clone() const; |
cb4f4424 | 30 | #if USE_OPENSSL |
7a957a93 | 31 | /// creates, configures, and validates SSL context and related port options |
f4e4d4d6 CT |
32 | void configureSslServerContext(); |
33 | #endif | |
1b26be8f | 34 | |
fa720bfb | 35 | PortCfgPointer next; |
1b26be8f | 36 | |
b7ac5457 | 37 | Ip::Address s; |
eb6ac808 | 38 | AnyP::ProtocolVersion transport; ///< transport protocol and version received by this port |
1b26be8f | 39 | char *name; /* visible name */ |
40 | char *defaultsite; /* default web site */ | |
41 | ||
6a25a046 FC |
42 | TrafficMode flags; ///< flags indicating what type of traffic to expect via this port. |
43 | ||
86ab7a90 FC |
44 | bool allow_direct; ///< Allow direct forwarding in accelerator mode |
45 | bool vhost; ///< uses host header | |
46 | bool actAsOrigin; ///< update replies to conform with RFC 2616 | |
47 | bool ignore_cc; ///< Ignore request Cache-Control directives | |
1b26be8f | 48 | |
86ab7a90 FC |
49 | bool connection_auth_disabled; ///< Don't support connection oriented auth |
50 | ||
e7ce227f AR |
51 | bool ftp_track_dirs; ///< whether transactions should track FTP directories |
52 | ||
86ab7a90 | 53 | int vport; ///< virtual port support. -1 if dynamic, >0 static |
1b26be8f | 54 | int disable_pmtu_discovery; |
f1e0717c | 55 | |
1b26be8f | 56 | struct { |
26ac0430 AJ |
57 | unsigned int idle; |
58 | unsigned int interval; | |
59 | unsigned int timeout; | |
86ab7a90 | 60 | bool enabled; |
1b26be8f | 61 | } tcp_keepalive; |
62 | ||
04f55905 | 63 | /** |
8bbb16e3 AJ |
64 | * The listening socket details. |
65 | * If Comm::ConnIsOpen() we are actively listening for client requests. | |
66 | * use listenConn->close() to stop. | |
04f55905 | 67 | */ |
8bbb16e3 | 68 | Comm::ConnectionPointer listenConn; |
04f55905 | 69 | |
cb4f4424 | 70 | #if USE_OPENSSL |
1b26be8f | 71 | char *cert; |
72 | char *key; | |
73 | int version; | |
74 | char *cipher; | |
75 | char *options; | |
76 | char *clientca; | |
77 | char *cafile; | |
78 | char *capath; | |
79 | char *crlfile; | |
80 | char *dhfile; | |
81 | char *sslflags; | |
95d2589c CT |
82 | char *sslContextSessionId; ///< "session id context" for staticSslContext |
83 | bool generateHostCertificates; ///< dynamically make host cert for sslBump | |
84 | size_t dynamicCertMemCacheSize; ///< max size of generated certificates memory cache | |
85 | ||
86 | Ssl::SSL_CTX_Pointer staticSslContext; ///< for HTTPS accelerator or static sslBump | |
87 | Ssl::X509_Pointer signingCert; ///< x509 certificate for signing generated certificates | |
88 | Ssl::EVP_PKEY_Pointer signPkey; ///< private key for sighing generated certificates | |
a594dbfa | 89 | Ssl::X509_STACK_Pointer certsToChain; ///< x509 certificates to send with the generated cert |
95588170 CT |
90 | Ssl::X509_Pointer untrustedSigningCert; ///< x509 certificate for signing untrusted generated certificates |
91 | Ssl::EVP_PKEY_Pointer untrustedSignPkey; ///< private key for signing untrusted generated certificates | |
86660d64 CT |
92 | |
93 | Ssl::X509_CRL_STACK_Pointer clientVerifyCrls; ///< additional CRL lists to use when verifying the client certificate | |
94 | Ssl::X509_NAME_STACK_Pointer clientCA; ///< CA certificates to use when verifying client certificates | |
95 | Ssl::DH_Pointer dhParams; ///< DH parameters for temporary/ephemeral DH key exchanges | |
96 | Ssl::ContextMethod contextMethod; ///< The context method (SSL_METHOD) to use when creating certificates | |
97 | long sslContextFlags; ///< flags modifying the use of SSL | |
98 | long sslOptions; ///< SSL engine options | |
1b26be8f | 99 | #endif |
1b26be8f | 100 | }; |
101 | ||
65d448bc AJ |
102 | } // namespace AnyP |
103 | ||
fa720bfb AJ |
104 | /// list of Squid http_port configured |
105 | extern AnyP::PortCfgPointer HttpPortList; | |
106 | ||
107 | #if USE_OPENSSL | |
108 | /// list of Squid https_port configured | |
109 | extern AnyP::PortCfgPointer HttpsPortList; | |
110 | #endif | |
111 | ||
8ea0d847 AR |
112 | /// list of Squid ftp_port configured |
113 | extern AnyP::PortCfgPointer FtpPortList; | |
114 | ||
29fd5407 | 115 | #if !defined(MAXTCPLISTENPORTS) |
65d448bc AJ |
116 | // Max number of TCP listening ports |
117 | #define MAXTCPLISTENPORTS 128 | |
29fd5407 | 118 | #endif |
65d448bc AJ |
119 | |
120 | // TODO: kill this global array. Need to check performance of array vs list though. | |
121 | extern int NHttpSockets; | |
122 | extern int HttpSockets[MAXTCPLISTENPORTS]; | |
123 | ||
124 | #endif /* SQUID_ANYP_PORTCFG_H */ | |
f53969cc | 125 |