]> git.ipfire.org Git - thirdparty/squid.git/blame - src/security/PeerOptions.h
projects / thirdparty / squid.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
do not bypass hdrCacheInit() when there are no mime headers
[thirdparty/squid.git] / src / security / PeerOptions.h
CommitLineData
9a2f63e7 1/*
be75380c 2 * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
9a2f63e7
AJ		 3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
cdfb670c
AJ		 9#ifndef SQUID_SRC_SECURITY_PEEROPTIONS_H
10#define SQUID_SRC_SECURITY_PEEROPTIONS_H
11
195f8adb 12#include "ConfigParser.h"
cdfb670c 13#include "SBuf.h"
fcfdf7f9 14#include "security/forward.h"
cdfb670c 15
8250ca31
AJ		 16class Packable;
17
cdfb670c
AJ		 18namespace Security
19{
20
1f1f29e8 21/// TLS squid.conf settings for a remote server peer
cdfb670c
AJ		 22class PeerOptions
23{
24public:
44a5e70a 25 PeerOptions() : parsedOptions(0), parsedFlags(0), sslVersion(0), encryptTransport(false) {}
9a622f3e 26 PeerOptions(const PeerOptions &);
9a2f63e7 27
0b0e0864
AJ		 28 /// parse a TLS squid.conf option
29 void parse(const char *);
30
195f8adb
AJ		 31 /// reset the configuration details to default
32 void clear() {*this = PeerOptions();}
33
a465e144
AJ		 34 /// generate a security client-context from these configured options
35 Security::ContextPointer createClientContext(bool setOptions);
cdfb670c 36
585c27eb
AJ		 37 /// sync the context options with tls-min-version=N configuration
38 void updateTlsVersionLimits();
cdfb670c 39
6b19d1f9
AJ		 40 /// setup the CRL details for the given context
41 void updateContextCrl(Security::ContextPointer &);
42
8250ca31
AJ		 43 /// output squid.conf syntax with 'pfx' prefix on parameters for the stored settings
44 void dumpCfg(Packable *, const char *pfx) const;
45
c62717bd
AJ		 46private:
47 long parseOptions();
ec4defdb 48 long parseFlags();
6b19d1f9 49 void loadCrlFile();
c62717bd
AJ		 50
51public:
9a2f63e7
AJ		 52 SBuf certFile; ///< path of file containing PEM format X509 certificate
53 SBuf privateKeyFile; ///< path of file containing private key in PEM format
54 SBuf sslOptions; ///< library-specific options string
55 SBuf caFile; ///< path of file containing trusted Certificate Authority
1f1f29e8 56 SBuf caDir; ///< path of directory containing a set of trusted Certificate Authorities
9a2f63e7
AJ		 57 SBuf crlFile; ///< path of file containing Certificate Revoke List
58
9a2f63e7 59 SBuf sslCipher;
b24e9ae7 60 SBuf sslFlags; ///< flags defining what TLS operations Squid performs
9a2f63e7 61 SBuf sslDomain;
1f1f29e8 62
1cc44095
AJ		 63 SBuf tlsMinVersion; ///< version label for minimum TLS version to permit
64
36092741 65 long parsedOptions; ///< parsed value of sslOptions
b24e9ae7 66 long parsedFlags; ///< parsed value of sslFlags
36092741 67
6b19d1f9
AJ		 68 Security::CertRevokeList parsedCrl; ///< CRL to use when verifying the remote end certificate
69
1cc44095 70private:
1f1f29e8
AJ		 71 int sslVersion;
72
1cc44095 73public:
1f1f29e8
AJ		 74 /// whether transport encryption (TLS/SSL) is to be used on connections to the peer
75 bool encryptTransport;
cdfb670c
AJ		 76};
77
195f8adb 78/// configuration options for DIRECT server access
7e62a74f 79extern PeerOptions ProxyOutgoingConfig;
195f8adb 80
cdfb670c
AJ		 81} // namespace Security
82
195f8adb 83// parse the tls_outgoing_options directive
1f1f29e8 84void parse_securePeerOptions(Security::PeerOptions *);
7e62a74f 85#define free_securePeerOptions(x) Security::ProxyOutgoingConfig.clear()
8250ca31 86#define dump_securePeerOptions(e,n,x) do { (e)->appendf(n); (x).dumpCfg((e),""); (e)->append("\n",1); } while(false)
195f8adb 87
cdfb670c 88#endif /* SQUID_SRC_SECURITY_PEEROPTIONS_H */
be75380c 89
Mirror of https://github.com/squid-cache/squid.git