[thirdparty/squid.git] / src / security / NegotiationHistory.cc

#include "squid.h"
#include "MemBuf.h"
#include "security/NegotiationHistory.h"
#include "SquidConfig.h"
#if USE_OPENSSL
#include "ssl/bio.h"
#include "ssl/support.h"
#endif

Security::NegotiationHistory::NegotiationHistory():
    helloVersion_(-1),
    supportedVersion_(-1),
    version_(-1)
#if USE_OPENSSL
    , cipher(NULL)
#endif
{
}

const char *
Security::NegotiationHistory::printTlsVersion(int v) const
{
#if USE_OPENSSL
    switch(v) {
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
    case TLS1_2_VERSION:
        return "TLS/1.2";
    case TLS1_1_VERSION:
        return "TLS/1.1";
#endif
    case TLS1_VERSION:
        return "TLS/1.0";
    case SSL3_VERSION:
        return "SSL/3.0";
    case SSL2_VERSION:
        return "SSL/2.0";
    default:
        return nullptr;
    }
#else
    return nullptr;
#endif
}

#if USE_OPENSSL
void
Security::NegotiationHistory::fillWith(SSL *ssl)
{
    if ((cipher = SSL_get_current_cipher(ssl)) != NULL) {
        // Set the negotiated version only if the cipher negotiated
        // else probably the negotiation is not completed and version
        // is not the final negotiated version
        version_ = ssl->version;
    }

    BIO *b = SSL_get_rbio(ssl);
    Ssl::Bio *bio = static_cast<Ssl::Bio *>(b->ptr);

    if (::Config.onoff.logTlsServerHelloDetails) {
        if (Ssl::ServerBio *srvBio = dynamic_cast<Ssl::ServerBio *>(bio))
            srvBio->extractHelloFeatures();
    }

    const Ssl::Bio::sslFeatures &features = bio->receivedHelloFeatures();
    helloVersion_ = features.sslHelloVersion;
    supportedVersion_ = features.sslVersion;

    debugs(83, 5, "SSL connection info on FD " << bio->fd() <<
           " SSL version " << version_ <<
           " negotiated cipher " << cipherName());
}
#endif

const char *
Security::NegotiationHistory::cipherName() const
{
#if USE_OPENSSL
    if (!cipher)
        return nullptr;

    return SSL_CIPHER_get_name(cipher);
#else
    return nullptr;
#endif
}
Commit	Line	Data
2bcab852 CT	1	#include "squid.h"
	2	#include "MemBuf.h"
	3	#include "security/NegotiationHistory.h"
	4	#include "SquidConfig.h"
10f0e358	5	#if USE_OPENSSL
2bcab852 CT	6	#include "ssl/bio.h"
2bcab852 CT	7	#include "ssl/support.h"
10f0e358 CT	8	#endif
	9
	10	Security::NegotiationHistory::NegotiationHistory():
	11	helloVersion_(-1),
	12	supportedVersion_(-1),
	13	version_(-1)
	14	#if USE_OPENSSL
	15	, cipher(NULL)
	16	#endif
	17	{
	18	}
2bcab852 CT	19
	20	const char *
	21	Security::NegotiationHistory::printTlsVersion(int v) const
	22	{
	23	#if USE_OPENSSL
	24	switch(v) {
	25	#if OPENSSL_VERSION_NUMBER >= 0x10001000L
	26	case TLS1_2_VERSION:
	27	return "TLS/1.2";
	28	case TLS1_1_VERSION:
	29	return "TLS/1.1";
	30	#endif
	31	case TLS1_VERSION:
	32	return "TLS/1.0";
	33	case SSL3_VERSION:
	34	return "SSL/3.0";
	35	case SSL2_VERSION:
	36	return "SSL/2.0";
	37	default:
	38	return nullptr;
	39	}
	40	#else
	41	return nullptr;
	42	#endif
	43	}
	44
	45	#if USE_OPENSSL
	46	void
	47	Security::NegotiationHistory::fillWith(SSL *ssl)
	48	{
	49	if ((cipher = SSL_get_current_cipher(ssl)) != NULL) {
	50	// Set the negotiated version only if the cipher negotiated
	51	// else probably the negotiation is not completed and version
	52	// is not the final negotiated version
	53	version_ = ssl->version;
	54	}
	55
	56	BIO *b = SSL_get_rbio(ssl);
	57	Ssl::Bio bio = static_cast<Ssl::Bio >(b->ptr);
	58
	59	if (::Config.onoff.logTlsServerHelloDetails) {
	60	if (Ssl::ServerBio srvBio = dynamic_cast<Ssl::ServerBio >(bio))
	61	srvBio->extractHelloFeatures();
	62	}
	63
	64	const Ssl::Bio::sslFeatures &features = bio->receivedHelloFeatures();
	65	helloVersion_ = features.sslHelloVersion;
	66	supportedVersion_ = features.sslVersion;
	67
	68	debugs(83, 5, "SSL connection info on FD " << bio->fd() <<
	69	" SSL version " << version_ <<
	70	" negotiated cipher " << cipherName());
	71	}
	72	#endif
	73
	74	const char *
	75	Security::NegotiationHistory::cipherName() const
	76	{
	77	#if USE_OPENSSL
	78	if (!cipher)
	79	return nullptr;
	80
	81	return SSL_CIPHER_get_name(cipher);
	82	#else
83	return nullptr;
84	#endif
85	}