projects / thirdparty / squid.git / blame
| Commit | Line | Data |
|---|---|---|
| 0461fde7 AJ |
1 | /* |
| 2 | * Copyright (C) 1996-2016 The Squid Software Foundation and contributors | |
| 3 | * | |
| 4 | * Squid software is distributed under GPLv2+ license and includes | |
| 5 | * contributions from numerous individuals and organizations. | |
| 6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
| 7 | */ | |
| 8 | ||
| 2bcab852 CT |
9 | #include "squid.h" |
| 10 | #include "MemBuf.h" | |
| 11 | #include "security/NegotiationHistory.h" | |
| 12 | #include "SquidConfig.h" | |
| 10f0e358 | 13 | #if USE_OPENSSL |
| 2bcab852 CT |
14 | #include "ssl/bio.h" |
| 15 | #include "ssl/support.h" | |
| 10f0e358 CT |
16 | #endif |
| 17 | ||
| 18 | Security::NegotiationHistory::NegotiationHistory(): | |
| 19 | helloVersion_(-1), | |
| 20 | supportedVersion_(-1), | |
| 21 | version_(-1) | |
| 22 | #if USE_OPENSSL | |
| 23 | , cipher(NULL) | |
| 24 | #endif | |
| 25 | { | |
| 26 | } | |
| 2bcab852 CT |
27 | |
| 28 | const char * | |
| 29 | Security::NegotiationHistory::printTlsVersion(int v) const | |
| 30 | { | |
| 31 | #if USE_OPENSSL | |
| 32 | switch(v) { | |
| 33 | #if OPENSSL_VERSION_NUMBER >= 0x10001000L | |
| 34 | case TLS1_2_VERSION: | |
| 35 | return "TLS/1.2"; | |
| 36 | case TLS1_1_VERSION: | |
| 37 | return "TLS/1.1"; | |
| 38 | #endif | |
| 39 | case TLS1_VERSION: | |
| 40 | return "TLS/1.0"; | |
| 41 | case SSL3_VERSION: | |
| 42 | return "SSL/3.0"; | |
| 43 | case SSL2_VERSION: | |
| 44 | return "SSL/2.0"; | |
| 45 | default: | |
| 46 | return nullptr; | |
| 47 | } | |
| 48 | #else | |
| 49 | return nullptr; | |
| 50 | #endif | |
| 51 | } | |
| 52 | ||
| 53 | #if USE_OPENSSL | |
| 54 | void | |
| 55 | Security::NegotiationHistory::fillWith(SSL *ssl) | |
| 56 | { | |
| 57 | if ((cipher = SSL_get_current_cipher(ssl)) != NULL) { | |
| 58 | // Set the negotiated version only if the cipher negotiated | |
| 59 | // else probably the negotiation is not completed and version | |
| 60 | // is not the final negotiated version | |
| 61 | version_ = ssl->version; | |
| 62 | } | |
| 63 | ||
| 64 | BIO *b = SSL_get_rbio(ssl); | |
| 65 | Ssl::Bio *bio = static_cast<Ssl::Bio *>(b->ptr); | |
| 66 | ||
| 67 | if (::Config.onoff.logTlsServerHelloDetails) { | |
| 68 | if (Ssl::ServerBio *srvBio = dynamic_cast<Ssl::ServerBio *>(bio)) | |
| 69 | srvBio->extractHelloFeatures(); | |
| 70 | } | |
| 71 | ||
| 72 | const Ssl::Bio::sslFeatures &features = bio->receivedHelloFeatures(); | |
| 73 | helloVersion_ = features.sslHelloVersion; | |
| 74 | supportedVersion_ = features.sslVersion; | |
| 75 | ||
| 76 | debugs(83, 5, "SSL connection info on FD " << bio->fd() << | |
| 77 | " SSL version " << version_ << | |
| 78 | " negotiated cipher " << cipherName()); | |
| 79 | } | |
| 80 | #endif | |
| 81 | ||
| 82 | const char * | |
| 83 | Security::NegotiationHistory::cipherName() const | |
| 84 | { | |
| 85 | #if USE_OPENSSL | |
| 86 | if (!cipher) | |
| 87 | return nullptr; | |
| 88 | ||
| 89 | return SSL_CIPHER_get_name(cipher); | |
| 90 | #else | |
| 91 | return nullptr; | |
| 92 | #endif | |
| 93 | } | |
| 4b307ad4 | 94 |