[thirdparty/squid.git] / src / security / PeerOptions.h

/*
 * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

#ifndef SQUID_SRC_SECURITY_PEEROPTIONS_H
#define SQUID_SRC_SECURITY_PEEROPTIONS_H

#include "ConfigParser.h"
#include "SBuf.h"
#include "security/Context.h"

namespace Security
{

class PeerOptions
{
public:
    PeerOptions() : ssl(false), sslVersion(0) {}

    /// parse a TLS squid.conf option
    void parse(const char *);

    /// reset the configuration details to default
    void clear() {*this = PeerOptions();}

    /// generate a security context from the configured options
    Security::ContextPointer createContext();

    bool ssl;   ///< whether SSL is to be used on this connection

    SBuf certFile;       ///< path of file containing PEM format X509 certificate
    SBuf privateKeyFile; ///< path of file containing private key in PEM format
    SBuf sslOptions;     ///< library-specific options string
    SBuf caFile;         ///< path of file containing trusted Certificate Authority
    SBuf caDir;          ///< path of directory containign a set of trusted Certificate Authorities
    SBuf crlFile;        ///< path of file containing Certificate Revoke List

    int sslVersion;
    SBuf sslCipher;
    SBuf sslFlags;
    SBuf sslDomain;
};

/// configuration options for DIRECT server access
extern PeerOptions ProxyOutgoingConfig;

} // namespace Security

// parse the tls_outgoing_options directive
inline void
parse_securePeerOptions(Security::PeerOptions *opt)
{
    while(const char *token = ConfigParser::NextToken()) {
        opt->parse(token);
    }
}

#define free_securePeerOptions(x) Security::ProxyOutgoingConfig.clear()
#define dump_securePeerOptions(e,n,x) // not supported yet

#endif /* SQUID_SRC_SECURITY_PEEROPTIONS_H */
Commit	Line	Data
9a2f63e7 AJ	1	/*
	2	* Copyright (C) 1996-2014 The Squid Software Foundation and contributors
	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
	7	*/
	8
cdfb670c AJ	9	#ifndef SQUID_SRC_SECURITY_PEEROPTIONS_H
	10	#define SQUID_SRC_SECURITY_PEEROPTIONS_H
	11
195f8adb	12	#include "ConfigParser.h"
cdfb670c	13	#include "SBuf.h"
9a2f63e7	14	#include "security/Context.h"
cdfb670c AJ	15
	16	namespace Security
	17	{
	18
	19	class PeerOptions
	20	{
	21	public:
9a2f63e7 AJ	22	PeerOptions() : ssl(false), sslVersion(0) {}
9a2f63e7 AJ	23
0b0e0864 AJ	24	/// parse a TLS squid.conf option
	25	void parse(const char *);
	26
195f8adb AJ	27	/// reset the configuration details to default
	28	void clear() {*this = PeerOptions();}
	29
9a2f63e7 AJ	30	/// generate a security context from the configured options
9a2f63e7 AJ	31	Security::ContextPointer createContext();
cdfb670c	32
cdfb670c	33	bool ssl; ///< whether SSL is to be used on this connection
9a2f63e7 AJ	34
	35	SBuf certFile; ///< path of file containing PEM format X509 certificate
	36	SBuf privateKeyFile; ///< path of file containing private key in PEM format
	37	SBuf sslOptions; ///< library-specific options string
	38	SBuf caFile; ///< path of file containing trusted Certificate Authority
	39	SBuf caDir; ///< path of directory containign a set of trusted Certificate Authorities
	40	SBuf crlFile; ///< path of file containing Certificate Revoke List
	41
	42	int sslVersion;
	43	SBuf sslCipher;
	44	SBuf sslFlags;
	45	SBuf sslDomain;
cdfb670c AJ	46	};
cdfb670c AJ	47
195f8adb	48	/// configuration options for DIRECT server access
7e62a74f	49	extern PeerOptions ProxyOutgoingConfig;
195f8adb	50
cdfb670c AJ	51	} // namespace Security
cdfb670c AJ	52
195f8adb AJ	53	// parse the tls_outgoing_options directive
	54	inline void
	55	parse_securePeerOptions(Security::PeerOptions *opt)
	56	{
	57	while(const char *token = ConfigParser::NextToken()) {
	58	opt->parse(token);
	59	}
	60	}
	61
7e62a74f	62	#define free_securePeerOptions(x) Security::ProxyOutgoingConfig.clear()
195f8adb AJ	63	#define dump_securePeerOptions(e,n,x) // not supported yet
195f8adb AJ	64
cdfb670c	65	#endif /* SQUID_SRC_SECURITY_PEEROPTIONS_H */