]>
Commit | Line | Data |
---|---|---|
0461fde7 AJ |
1 | /* |
2 | * Copyright (C) 1996-2016 The Squid Software Foundation and contributors | |
3 | * | |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
2bcab852 CT |
9 | #include "squid.h" |
10 | #include "MemBuf.h" | |
11 | #include "security/NegotiationHistory.h" | |
12 | #include "SquidConfig.h" | |
10f0e358 | 13 | #if USE_OPENSSL |
2bcab852 CT |
14 | #include "ssl/bio.h" |
15 | #include "ssl/support.h" | |
10f0e358 CT |
16 | #endif |
17 | ||
18 | Security::NegotiationHistory::NegotiationHistory(): | |
19 | helloVersion_(-1), | |
20 | supportedVersion_(-1), | |
21 | version_(-1) | |
22 | #if USE_OPENSSL | |
23 | , cipher(NULL) | |
24 | #endif | |
25 | { | |
26 | } | |
2bcab852 CT |
27 | |
28 | const char * | |
29 | Security::NegotiationHistory::printTlsVersion(int v) const | |
30 | { | |
31 | #if USE_OPENSSL | |
32 | switch(v) { | |
33 | #if OPENSSL_VERSION_NUMBER >= 0x10001000L | |
34 | case TLS1_2_VERSION: | |
35 | return "TLS/1.2"; | |
36 | case TLS1_1_VERSION: | |
37 | return "TLS/1.1"; | |
38 | #endif | |
39 | case TLS1_VERSION: | |
40 | return "TLS/1.0"; | |
41 | case SSL3_VERSION: | |
42 | return "SSL/3.0"; | |
43 | case SSL2_VERSION: | |
44 | return "SSL/2.0"; | |
45 | default: | |
46 | return nullptr; | |
47 | } | |
48 | #else | |
49 | return nullptr; | |
50 | #endif | |
51 | } | |
52 | ||
2bcab852 | 53 | void |
33cc0629 | 54 | Security::NegotiationHistory::fillWith(Security::SessionPtr ssl) |
2bcab852 | 55 | { |
33cc0629 | 56 | #if USE_OPENSSL |
2bcab852 CT |
57 | if ((cipher = SSL_get_current_cipher(ssl)) != NULL) { |
58 | // Set the negotiated version only if the cipher negotiated | |
59 | // else probably the negotiation is not completed and version | |
60 | // is not the final negotiated version | |
61 | version_ = ssl->version; | |
62 | } | |
63 | ||
64 | BIO *b = SSL_get_rbio(ssl); | |
65 | Ssl::Bio *bio = static_cast<Ssl::Bio *>(b->ptr); | |
3cae14a6 CT |
66 | if (const Security::TlsDetails::Pointer &details = bio->receivedHelloDetails()) |
67 | fillWith(details); | |
2bcab852 CT |
68 | |
69 | debugs(83, 5, "SSL connection info on FD " << bio->fd() << | |
70 | " SSL version " << version_ << | |
71 | " negotiated cipher " << cipherName()); | |
2bcab852 | 72 | #endif |
33cc0629 | 73 | } |
2bcab852 | 74 | |
3cae14a6 CT |
75 | void |
76 | Security::NegotiationHistory::fillWith(Security::TlsDetails::Pointer const &details) | |
77 | { | |
78 | helloVersion_ = details->tlsVersion; | |
79 | supportedVersion_ = details->tlsSupportedVersion; | |
80 | } | |
81 | ||
2bcab852 CT |
82 | const char * |
83 | Security::NegotiationHistory::cipherName() const | |
84 | { | |
85 | #if USE_OPENSSL | |
86 | if (!cipher) | |
87 | return nullptr; | |
88 | ||
89 | return SSL_CIPHER_get_name(cipher); | |
90 | #else | |
91 | return nullptr; | |
92 | #endif | |
93 | } | |
4b307ad4 | 94 |