]>
Commit | Line | Data |
---|---|---|
474f076e | 1 | /* |
4ac4a490 | 2 | * Copyright (C) 1996-2017 The Squid Software Foundation and contributors |
474f076e AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
9 | #ifndef SQUID_SRC_SECURITY_SERVEROPTIONS_H | |
10 | #define SQUID_SRC_SECURITY_SERVEROPTIONS_H | |
11 | ||
c75aba02 | 12 | #include "anyp/forward.h" |
474f076e AJ |
13 | #include "security/PeerOptions.h" |
14 | ||
15 | namespace Security | |
16 | { | |
17 | ||
18 | /// TLS squid.conf settings for a listening port | |
19 | class ServerOptions : public PeerOptions | |
20 | { | |
21 | public: | |
435c72b0 AJ |
22 | ServerOptions() : PeerOptions() { |
23 | // Bug 4005: dynamic contexts use a lot of memory and it | |
24 | // is more secure to have only a small set of trusted CA. | |
25 | flags.tlsDefaultCa.defaultTo(false); | |
26 | } | |
33de409e AJ |
27 | ServerOptions(const ServerOptions &) = default; |
28 | ServerOptions &operator =(const ServerOptions &) = default; | |
29 | ServerOptions(ServerOptions &&) = default; | |
30 | ServerOptions &operator =(ServerOptions &&) = default; | |
474f076e AJ |
31 | virtual ~ServerOptions() = default; |
32 | ||
33 | /* Security::PeerOptions API */ | |
34 | virtual void parse(const char *); | |
35 | virtual void clear() {*this = ServerOptions();} | |
64769c79 | 36 | virtual Security::ContextPointer createBlankContext() const; |
474f076e AJ |
37 | virtual void dumpCfg(Packable *, const char *pfx) const; |
38 | ||
c75aba02 | 39 | /// generate a security server-context from these configured options |
9ad528b8 AJ |
40 | /// the resulting context is stored in staticContext |
41 | /// \returns true if a context could be created | |
42 | bool createStaticServerContext(AnyP::PortCfg &); | |
c75aba02 | 43 | |
474f076e | 44 | /// update the context with DH, EDH, EECDH settings |
b23f5f9c | 45 | void updateContextEecdh(Security::ContextPointer &); |
474f076e | 46 | |
80b5995a AJ |
47 | public: |
48 | /// TLS context to use for HTTPS accelerator or static SSL-Bump | |
49 | Security::ContextPointer staticContext; | |
50 | ||
104deb98 AJ |
51 | private: |
52 | void loadDhParams(); | |
53 | ||
104deb98 | 54 | private: |
80b5995a | 55 | SBuf dh; ///< Diffi-Helman cipher config |
474f076e AJ |
56 | SBuf dhParamsFile; ///< Diffi-Helman ciphers parameter file |
57 | SBuf eecdhCurve; ///< Elliptic curve for ephemeral EC-based DH key exchanges | |
104deb98 AJ |
58 | |
59 | Security::DhePointer parsedDhParams; ///< DH parameters for temporary/ephemeral DH key exchanges | |
474f076e AJ |
60 | }; |
61 | ||
62 | } // namespace Security | |
63 | ||
64 | #endif /* SQUID_SRC_SECURITY_SERVEROPTIONS_H */ | |
3736fdd6 | 65 |