]>
Commit | Line | Data |
---|---|---|
9a2f63e7 AJ |
1 | /* |
2 | * Copyright (C) 1996-2014 The Squid Software Foundation and contributors | |
3 | * | |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
cdfb670c AJ |
9 | #ifndef SQUID_SRC_SECURITY_PEEROPTIONS_H |
10 | #define SQUID_SRC_SECURITY_PEEROPTIONS_H | |
11 | ||
195f8adb | 12 | #include "ConfigParser.h" |
cdfb670c | 13 | #include "SBuf.h" |
9a2f63e7 | 14 | #include "security/Context.h" |
cdfb670c AJ |
15 | |
16 | namespace Security | |
17 | { | |
18 | ||
1f1f29e8 | 19 | /// TLS squid.conf settings for a remote server peer |
cdfb670c AJ |
20 | class PeerOptions |
21 | { | |
22 | public: | |
1f1f29e8 | 23 | PeerOptions() : sslVersion(0), encryptTransport(false) {} |
9a2f63e7 | 24 | |
0b0e0864 AJ |
25 | /// parse a TLS squid.conf option |
26 | void parse(const char *); | |
27 | ||
195f8adb AJ |
28 | /// reset the configuration details to default |
29 | void clear() {*this = PeerOptions();} | |
30 | ||
1f1f29e8 | 31 | /// generate a security context from these configured options |
36092741 | 32 | Security::ContextPointer createContext(bool setOptions); |
cdfb670c | 33 | |
9a2f63e7 AJ |
34 | SBuf certFile; ///< path of file containing PEM format X509 certificate |
35 | SBuf privateKeyFile; ///< path of file containing private key in PEM format | |
36 | SBuf sslOptions; ///< library-specific options string | |
37 | SBuf caFile; ///< path of file containing trusted Certificate Authority | |
1f1f29e8 | 38 | SBuf caDir; ///< path of directory containing a set of trusted Certificate Authorities |
9a2f63e7 AJ |
39 | SBuf crlFile; ///< path of file containing Certificate Revoke List |
40 | ||
9a2f63e7 AJ |
41 | SBuf sslCipher; |
42 | SBuf sslFlags; | |
43 | SBuf sslDomain; | |
1f1f29e8 | 44 | |
36092741 AJ |
45 | long parsedOptions; ///< parsed value of sslOptions |
46 | ||
1f1f29e8 AJ |
47 | int sslVersion; |
48 | ||
49 | /// whether transport encryption (TLS/SSL) is to be used on connections to the peer | |
50 | bool encryptTransport; | |
cdfb670c AJ |
51 | }; |
52 | ||
195f8adb | 53 | /// configuration options for DIRECT server access |
7e62a74f | 54 | extern PeerOptions ProxyOutgoingConfig; |
195f8adb | 55 | |
cdfb670c AJ |
56 | } // namespace Security |
57 | ||
195f8adb | 58 | // parse the tls_outgoing_options directive |
1f1f29e8 | 59 | void parse_securePeerOptions(Security::PeerOptions *); |
7e62a74f | 60 | #define free_securePeerOptions(x) Security::ProxyOutgoingConfig.clear() |
195f8adb AJ |
61 | #define dump_securePeerOptions(e,n,x) // not supported yet |
62 | ||
cdfb670c | 63 | #endif /* SQUID_SRC_SECURITY_PEEROPTIONS_H */ |