]>
Commit | Line | Data |
---|---|---|
2bcab852 CT |
1 | #include "squid.h" |
2 | #include "MemBuf.h" | |
3 | #include "security/NegotiationHistory.h" | |
4 | #include "SquidConfig.h" | |
10f0e358 | 5 | #if USE_OPENSSL |
2bcab852 CT |
6 | #include "ssl/bio.h" |
7 | #include "ssl/support.h" | |
10f0e358 CT |
8 | #endif |
9 | ||
10 | Security::NegotiationHistory::NegotiationHistory(): | |
11 | helloVersion_(-1), | |
12 | supportedVersion_(-1), | |
13 | version_(-1) | |
14 | #if USE_OPENSSL | |
15 | , cipher(NULL) | |
16 | #endif | |
17 | { | |
18 | } | |
2bcab852 CT |
19 | |
20 | const char * | |
21 | Security::NegotiationHistory::printTlsVersion(int v) const | |
22 | { | |
23 | #if USE_OPENSSL | |
24 | switch(v) { | |
25 | #if OPENSSL_VERSION_NUMBER >= 0x10001000L | |
26 | case TLS1_2_VERSION: | |
27 | return "TLS/1.2"; | |
28 | case TLS1_1_VERSION: | |
29 | return "TLS/1.1"; | |
30 | #endif | |
31 | case TLS1_VERSION: | |
32 | return "TLS/1.0"; | |
33 | case SSL3_VERSION: | |
34 | return "SSL/3.0"; | |
35 | case SSL2_VERSION: | |
36 | return "SSL/2.0"; | |
37 | default: | |
38 | return nullptr; | |
39 | } | |
40 | #else | |
41 | return nullptr; | |
42 | #endif | |
43 | } | |
44 | ||
45 | #if USE_OPENSSL | |
46 | void | |
47 | Security::NegotiationHistory::fillWith(SSL *ssl) | |
48 | { | |
49 | if ((cipher = SSL_get_current_cipher(ssl)) != NULL) { | |
50 | // Set the negotiated version only if the cipher negotiated | |
51 | // else probably the negotiation is not completed and version | |
52 | // is not the final negotiated version | |
53 | version_ = ssl->version; | |
54 | } | |
55 | ||
56 | BIO *b = SSL_get_rbio(ssl); | |
57 | Ssl::Bio *bio = static_cast<Ssl::Bio *>(b->ptr); | |
58 | ||
59 | if (::Config.onoff.logTlsServerHelloDetails) { | |
60 | if (Ssl::ServerBio *srvBio = dynamic_cast<Ssl::ServerBio *>(bio)) | |
61 | srvBio->extractHelloFeatures(); | |
62 | } | |
63 | ||
64 | const Ssl::Bio::sslFeatures &features = bio->receivedHelloFeatures(); | |
65 | helloVersion_ = features.sslHelloVersion; | |
66 | supportedVersion_ = features.sslVersion; | |
67 | ||
68 | debugs(83, 5, "SSL connection info on FD " << bio->fd() << | |
69 | " SSL version " << version_ << | |
70 | " negotiated cipher " << cipherName()); | |
71 | } | |
72 | #endif | |
73 | ||
74 | const char * | |
75 | Security::NegotiationHistory::cipherName() const | |
76 | { | |
77 | #if USE_OPENSSL | |
78 | if (!cipher) | |
79 | return nullptr; | |
80 | ||
81 | return SSL_CIPHER_get_name(cipher); | |
82 | #else | |
83 | return nullptr; | |
84 | #endif | |
85 | } |