]>
Commit | Line | Data |
---|---|---|
0461fde7 AJ |
1 | /* |
2 | * Copyright (C) 1996-2016 The Squid Software Foundation and contributors | |
3 | * | |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
2bcab852 CT |
9 | #include "squid.h" |
10 | #include "MemBuf.h" | |
11 | #include "security/NegotiationHistory.h" | |
12 | #include "SquidConfig.h" | |
10f0e358 | 13 | #if USE_OPENSSL |
2bcab852 CT |
14 | #include "ssl/bio.h" |
15 | #include "ssl/support.h" | |
10f0e358 CT |
16 | #endif |
17 | ||
67c99fc6 | 18 | Security::NegotiationHistory::NegotiationHistory() |
10f0e358 | 19 | #if USE_OPENSSL |
67c99fc6 | 20 | : cipher(NULL) |
10f0e358 CT |
21 | #endif |
22 | { | |
23 | } | |
2bcab852 CT |
24 | |
25 | const char * | |
67c99fc6 | 26 | Security::NegotiationHistory::printTlsVersion(AnyP::ProtocolVersion const &v) const |
2bcab852 | 27 | { |
67c99fc6 CT |
28 | if (v.protocol != AnyP::PROTO_SSL && v.protocol != AnyP::PROTO_TLS) |
29 | return nullptr; | |
30 | ||
31 | static char buf[512]; | |
32 | snprintf(buf, sizeof(buf), "%s/%d.%d", AnyP::ProtocolType_str[v.protocol], v.major, v.minor); | |
33 | return buf; | |
34 | } | |
35 | ||
2bcab852 | 36 | #if USE_OPENSSL |
67c99fc6 CT |
37 | static AnyP::ProtocolVersion |
38 | toProtocolVersion(const int v) | |
39 | { | |
2bcab852 CT |
40 | switch(v) { |
41 | #if OPENSSL_VERSION_NUMBER >= 0x10001000L | |
42 | case TLS1_2_VERSION: | |
67c99fc6 | 43 | return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 2); |
2bcab852 | 44 | case TLS1_1_VERSION: |
67c99fc6 | 45 | return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 1); |
2bcab852 CT |
46 | #endif |
47 | case TLS1_VERSION: | |
67c99fc6 | 48 | return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 0); |
2bcab852 | 49 | case SSL3_VERSION: |
67c99fc6 | 50 | return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 3, 0); |
2bcab852 | 51 | case SSL2_VERSION: |
67c99fc6 | 52 | return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 2, 0); |
2bcab852 | 53 | default: |
67c99fc6 | 54 | return AnyP::ProtocolVersion(); |
2bcab852 | 55 | } |
2bcab852 | 56 | } |
67c99fc6 | 57 | #endif |
2bcab852 | 58 | |
2bcab852 | 59 | void |
8abcff99 | 60 | Security::NegotiationHistory::retrieveNegotiatedInfo(Security::SessionPtr ssl) |
2bcab852 | 61 | { |
33cc0629 | 62 | #if USE_OPENSSL |
2bcab852 CT |
63 | if ((cipher = SSL_get_current_cipher(ssl)) != NULL) { |
64 | // Set the negotiated version only if the cipher negotiated | |
65 | // else probably the negotiation is not completed and version | |
66 | // is not the final negotiated version | |
67c99fc6 | 67 | version_ = toProtocolVersion(ssl->version); |
2bcab852 CT |
68 | } |
69 | ||
8abcff99 CT |
70 | if (do_debug(83, 5)) { |
71 | BIO *b = SSL_get_rbio(ssl); | |
72 | Ssl::Bio *bio = static_cast<Ssl::Bio *>(b->ptr); | |
73 | debugs(83, 5, "SSL connection info on FD " << bio->fd() << | |
74 | " SSL version " << version_ << | |
75 | " negotiated cipher " << cipherName()); | |
76 | } | |
2bcab852 | 77 | #endif |
33cc0629 | 78 | } |
2bcab852 | 79 | |
3cae14a6 | 80 | void |
8abcff99 | 81 | Security::NegotiationHistory::retrieveParsedInfo(Security::TlsDetails::Pointer const &details) |
3cae14a6 | 82 | { |
49a4d72f AR |
83 | if (details) { |
84 | helloVersion_ = details->tlsVersion; | |
85 | supportedVersion_ = details->tlsSupportedVersion; | |
86 | } | |
3cae14a6 CT |
87 | } |
88 | ||
2bcab852 CT |
89 | const char * |
90 | Security::NegotiationHistory::cipherName() const | |
91 | { | |
92 | #if USE_OPENSSL | |
93 | if (!cipher) | |
94 | return nullptr; | |
95 | ||
96 | return SSL_CIPHER_get_name(cipher); | |
97 | #else | |
98 | return nullptr; | |
99 | #endif | |
100 | } | |
4b307ad4 | 101 |