]>
Commit | Line | Data |
---|---|---|
9a2f63e7 | 1 | /* |
be75380c | 2 | * Copyright (C) 1996-2015 The Squid Software Foundation and contributors |
9a2f63e7 AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
cdfb670c AJ |
9 | #ifndef SQUID_SRC_SECURITY_PEEROPTIONS_H |
10 | #define SQUID_SRC_SECURITY_PEEROPTIONS_H | |
11 | ||
195f8adb | 12 | #include "ConfigParser.h" |
cdfb670c | 13 | #include "SBuf.h" |
fcfdf7f9 | 14 | #include "security/forward.h" |
cdfb670c | 15 | |
8250ca31 AJ |
16 | class Packable; |
17 | ||
cdfb670c AJ |
18 | namespace Security |
19 | { | |
20 | ||
1f1f29e8 | 21 | /// TLS squid.conf settings for a remote server peer |
cdfb670c AJ |
22 | class PeerOptions |
23 | { | |
24 | public: | |
44a5e70a | 25 | PeerOptions() : parsedOptions(0), parsedFlags(0), sslVersion(0), encryptTransport(false) {} |
9a622f3e | 26 | PeerOptions(const PeerOptions &); |
9a2f63e7 | 27 | |
0b0e0864 AJ |
28 | /// parse a TLS squid.conf option |
29 | void parse(const char *); | |
30 | ||
195f8adb AJ |
31 | /// reset the configuration details to default |
32 | void clear() {*this = PeerOptions();} | |
33 | ||
a465e144 AJ |
34 | /// generate a security client-context from these configured options |
35 | Security::ContextPointer createClientContext(bool setOptions); | |
cdfb670c | 36 | |
585c27eb AJ |
37 | /// sync the context options with tls-min-version=N configuration |
38 | void updateTlsVersionLimits(); | |
cdfb670c | 39 | |
6b19d1f9 AJ |
40 | /// setup the CRL details for the given context |
41 | void updateContextCrl(Security::ContextPointer &); | |
42 | ||
8250ca31 AJ |
43 | /// output squid.conf syntax with 'pfx' prefix on parameters for the stored settings |
44 | void dumpCfg(Packable *, const char *pfx) const; | |
45 | ||
c62717bd AJ |
46 | private: |
47 | long parseOptions(); | |
ec4defdb | 48 | long parseFlags(); |
6b19d1f9 | 49 | void loadCrlFile(); |
c62717bd AJ |
50 | |
51 | public: | |
9a2f63e7 AJ |
52 | SBuf certFile; ///< path of file containing PEM format X509 certificate |
53 | SBuf privateKeyFile; ///< path of file containing private key in PEM format | |
54 | SBuf sslOptions; ///< library-specific options string | |
55 | SBuf caFile; ///< path of file containing trusted Certificate Authority | |
1f1f29e8 | 56 | SBuf caDir; ///< path of directory containing a set of trusted Certificate Authorities |
9a2f63e7 AJ |
57 | SBuf crlFile; ///< path of file containing Certificate Revoke List |
58 | ||
9a2f63e7 | 59 | SBuf sslCipher; |
b24e9ae7 | 60 | SBuf sslFlags; ///< flags defining what TLS operations Squid performs |
9a2f63e7 | 61 | SBuf sslDomain; |
1f1f29e8 | 62 | |
1cc44095 AJ |
63 | SBuf tlsMinVersion; ///< version label for minimum TLS version to permit |
64 | ||
36092741 | 65 | long parsedOptions; ///< parsed value of sslOptions |
b24e9ae7 | 66 | long parsedFlags; ///< parsed value of sslFlags |
36092741 | 67 | |
6b19d1f9 AJ |
68 | Security::CertRevokeList parsedCrl; ///< CRL to use when verifying the remote end certificate |
69 | ||
1cc44095 | 70 | private: |
1f1f29e8 AJ |
71 | int sslVersion; |
72 | ||
1cc44095 | 73 | public: |
1f1f29e8 AJ |
74 | /// whether transport encryption (TLS/SSL) is to be used on connections to the peer |
75 | bool encryptTransport; | |
cdfb670c AJ |
76 | }; |
77 | ||
195f8adb | 78 | /// configuration options for DIRECT server access |
7e62a74f | 79 | extern PeerOptions ProxyOutgoingConfig; |
195f8adb | 80 | |
cdfb670c AJ |
81 | } // namespace Security |
82 | ||
195f8adb | 83 | // parse the tls_outgoing_options directive |
1f1f29e8 | 84 | void parse_securePeerOptions(Security::PeerOptions *); |
7e62a74f | 85 | #define free_securePeerOptions(x) Security::ProxyOutgoingConfig.clear() |
8250ca31 | 86 | #define dump_securePeerOptions(e,n,x) do { (e)->appendf(n); (x).dumpCfg((e),""); (e)->append("\n",1); } while(false) |
195f8adb | 87 | |
cdfb670c | 88 | #endif /* SQUID_SRC_SECURITY_PEEROPTIONS_H */ |
be75380c | 89 |