[thirdparty/squid.git] / src / security / PeerOptions.h

/*
 * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

#ifndef SQUID_SRC_SECURITY_PEEROPTIONS_H
#define SQUID_SRC_SECURITY_PEEROPTIONS_H

#include "ConfigParser.h"
#include "SBuf.h"
#include "security/Context.h"

namespace Security
{

/// TLS squid.conf settings for a remote server peer
class PeerOptions
{
public:
    PeerOptions() : sslVersion(0), encryptTransport(false) {}

    /// parse a TLS squid.conf option
    void parse(const char *);

    /// reset the configuration details to default
    void clear() {*this = PeerOptions();}

    /// generate a security context from these configured options
    Security::ContextPointer createContext(bool setOptions);

    SBuf certFile;       ///< path of file containing PEM format X509 certificate
    SBuf privateKeyFile; ///< path of file containing private key in PEM format
    SBuf sslOptions;     ///< library-specific options string
    SBuf caFile;         ///< path of file containing trusted Certificate Authority
    SBuf caDir;          ///< path of directory containing a set of trusted Certificate Authorities
    SBuf crlFile;        ///< path of file containing Certificate Revoke List

    SBuf sslCipher;
    SBuf sslFlags;
    SBuf sslDomain;

    long parsedOptions; ///< parsed value of sslOptions

    int sslVersion;

    /// whether transport encryption (TLS/SSL) is to be used on connections to the peer
    bool encryptTransport;
};

/// configuration options for DIRECT server access
extern PeerOptions ProxyOutgoingConfig;

} // namespace Security

// parse the tls_outgoing_options directive
void parse_securePeerOptions(Security::PeerOptions *);
#define free_securePeerOptions(x) Security::ProxyOutgoingConfig.clear()
#define dump_securePeerOptions(e,n,x) // not supported yet

#endif /* SQUID_SRC_SECURITY_PEEROPTIONS_H */
Commit	Line	Data
9a2f63e7	1	/*
be75380c	2	* Copyright (C) 1996-2015 The Squid Software Foundation and contributors
9a2f63e7 AJ	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
	7	*/
	8
cdfb670c AJ	9	#ifndef SQUID_SRC_SECURITY_PEEROPTIONS_H
	10	#define SQUID_SRC_SECURITY_PEEROPTIONS_H
	11
195f8adb	12	#include "ConfigParser.h"
cdfb670c	13	#include "SBuf.h"
9a2f63e7	14	#include "security/Context.h"
cdfb670c AJ	15
	16	namespace Security
	17	{
	18
1f1f29e8	19	/// TLS squid.conf settings for a remote server peer
cdfb670c AJ	20	class PeerOptions
	21	{
	22	public:
1f1f29e8	23	PeerOptions() : sslVersion(0), encryptTransport(false) {}
9a2f63e7	24
0b0e0864 AJ	25	/// parse a TLS squid.conf option
	26	void parse(const char *);
	27
195f8adb AJ	28	/// reset the configuration details to default
	29	void clear() {*this = PeerOptions();}
	30
1f1f29e8	31	/// generate a security context from these configured options
36092741	32	Security::ContextPointer createContext(bool setOptions);
cdfb670c	33
9a2f63e7 AJ	34	SBuf certFile; ///< path of file containing PEM format X509 certificate
	35	SBuf privateKeyFile; ///< path of file containing private key in PEM format
	36	SBuf sslOptions; ///< library-specific options string
	37	SBuf caFile; ///< path of file containing trusted Certificate Authority
1f1f29e8	38	SBuf caDir; ///< path of directory containing a set of trusted Certificate Authorities
9a2f63e7 AJ	39	SBuf crlFile; ///< path of file containing Certificate Revoke List
9a2f63e7 AJ	40
9a2f63e7 AJ	41	SBuf sslCipher;
	42	SBuf sslFlags;
	43	SBuf sslDomain;
1f1f29e8	44
36092741 AJ	45	long parsedOptions; ///< parsed value of sslOptions
36092741 AJ	46
1f1f29e8 AJ	47	int sslVersion;
	48
	49	/// whether transport encryption (TLS/SSL) is to be used on connections to the peer
	50	bool encryptTransport;
cdfb670c AJ	51	};
cdfb670c AJ	52
195f8adb	53	/// configuration options for DIRECT server access
7e62a74f	54	extern PeerOptions ProxyOutgoingConfig;
195f8adb	55
cdfb670c AJ	56	} // namespace Security
cdfb670c AJ	57
195f8adb	58	// parse the tls_outgoing_options directive
1f1f29e8	59	void parse_securePeerOptions(Security::PeerOptions *);
7e62a74f	60	#define free_securePeerOptions(x) Security::ProxyOutgoingConfig.clear()
195f8adb AJ	61	#define dump_securePeerOptions(e,n,x) // not supported yet
195f8adb AJ	62
cdfb670c	63	#endif /* SQUID_SRC_SECURITY_PEEROPTIONS_H */
be75380c	64