projects / thirdparty / squid.git / blame
| Commit | Line | Data |
|---|---|---|
| 474f076e | 1 | /* |
| 4ac4a490 | 2 | * Copyright (C) 1996-2017 The Squid Software Foundation and contributors |
| 474f076e AJ |
3 | * |
| 4 | * Squid software is distributed under GPLv2+ license and includes | |
| 5 | * contributions from numerous individuals and organizations. | |
| 6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
| 7 | */ | |
| 8 | ||
| 9 | #ifndef SQUID_SRC_SECURITY_SERVEROPTIONS_H | |
| 10 | #define SQUID_SRC_SECURITY_SERVEROPTIONS_H | |
| 11 | ||
| c75aba02 | 12 | #include "anyp/forward.h" |
| 474f076e AJ |
13 | #include "security/PeerOptions.h" |
| 14 | ||
| 15 | namespace Security | |
| 16 | { | |
| 17 | ||
| 18 | /// TLS squid.conf settings for a listening port | |
| 19 | class ServerOptions : public PeerOptions | |
| 20 | { | |
| 21 | public: | |
| 435c72b0 AJ |
22 | ServerOptions() : PeerOptions() { |
| 23 | // Bug 4005: dynamic contexts use a lot of memory and it | |
| 24 | // is more secure to have only a small set of trusted CA. | |
| 25 | flags.tlsDefaultCa.defaultTo(false); | |
| 26 | } | |
| 33de409e AJ |
27 | ServerOptions(const ServerOptions &) = default; |
| 28 | ServerOptions &operator =(const ServerOptions &) = default; | |
| 29 | ServerOptions(ServerOptions &&) = default; | |
| 30 | ServerOptions &operator =(ServerOptions &&) = default; | |
| 474f076e AJ |
31 | virtual ~ServerOptions() = default; |
| 32 | ||
| 33 | /* Security::PeerOptions API */ | |
| 34 | virtual void parse(const char *); | |
| 35 | virtual void clear() {*this = ServerOptions();} | |
| 64769c79 | 36 | virtual Security::ContextPointer createBlankContext() const; |
| 474f076e AJ |
37 | virtual void dumpCfg(Packable *, const char *pfx) const; |
| 38 | ||
| c75aba02 | 39 | /// generate a security server-context from these configured options |
| 9ad528b8 AJ |
40 | /// the resulting context is stored in staticContext |
| 41 | /// \returns true if a context could be created | |
| 42 | bool createStaticServerContext(AnyP::PortCfg &); | |
| c75aba02 | 43 | |
| 474f076e | 44 | /// update the context with DH, EDH, EECDH settings |
| b23f5f9c | 45 | void updateContextEecdh(Security::ContextPointer &); |
| 474f076e | 46 | |
| 80b5995a AJ |
47 | public: |
| 48 | /// TLS context to use for HTTPS accelerator or static SSL-Bump | |
| 49 | Security::ContextPointer staticContext; | |
| 50 | ||
| 104deb98 AJ |
51 | private: |
| 52 | void loadDhParams(); | |
| 53 | ||
| 104deb98 | 54 | private: |
| 80b5995a | 55 | SBuf dh; ///< Diffi-Helman cipher config |
| 474f076e AJ |
56 | SBuf dhParamsFile; ///< Diffi-Helman ciphers parameter file |
| 57 | SBuf eecdhCurve; ///< Elliptic curve for ephemeral EC-based DH key exchanges | |
| 104deb98 AJ |
58 | |
| 59 | Security::DhePointer parsedDhParams; ///< DH parameters for temporary/ephemeral DH key exchanges | |
| 474f076e AJ |
60 | }; |
| 61 | ||
| 62 | } // namespace Security | |
| 63 | ||
| 64 | #endif /* SQUID_SRC_SECURITY_SERVEROPTIONS_H */ | |
| 3736fdd6 | 65 |