]>
Commit | Line | Data |
---|---|---|
3aac8c26 | 1 | /* |
f70aedc4 | 2 | * Copyright (C) 1996-2021 The Squid Software Foundation and contributors |
3aac8c26 AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
9 | #ifndef SQUID_SRC_SECURITY_SESSION_H | |
10 | #define SQUID_SRC_SECURITY_SESSION_H | |
11 | ||
5d9a65df | 12 | #include "base/HardFun.h" |
86f77270 | 13 | #include "comm/forward.h" |
33cc0629 AJ |
14 | #include "security/LockingPointer.h" |
15 | ||
3ec728ac AJ |
16 | #include <memory> |
17 | ||
3aac8c26 | 18 | #if USE_OPENSSL |
24b30fdc | 19 | #include "compat/openssl.h" |
3aac8c26 AJ |
20 | #if HAVE_OPENSSL_SSL_H |
21 | #include <openssl/ssl.h> | |
22 | #endif | |
23 | #endif | |
24 | ||
25 | #if USE_GNUTLS | |
26 | #if HAVE_GNUTLS_GNUTLS_H | |
27 | #include <gnutls/gnutls.h> | |
28 | #endif | |
29 | #endif | |
30 | ||
31 | namespace Security { | |
32 | ||
86f77270 AJ |
33 | /// Creates TLS Client connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO). |
34 | /// On errors, emits DBG_IMPORTANT with details and returns false. | |
35 | bool CreateClientSession(const Security::ContextPointer &, const Comm::ConnectionPointer &, const char *squidCtx); | |
36 | ||
60fcfadf AJ |
37 | class PeerOptions; |
38 | ||
86f77270 AJ |
39 | /// Creates TLS Server connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO). |
40 | /// On errors, emits DBG_IMPORTANT with details and returns false. | |
60fcfadf | 41 | bool CreateServerSession(const Security::ContextPointer &, const Comm::ConnectionPointer &, Security::PeerOptions &, const char *squidCtx); |
86f77270 | 42 | |
3aac8c26 | 43 | #if USE_OPENSSL |
800967af CT |
44 | typedef SSL Connection; |
45 | ||
9c8549cf | 46 | typedef std::shared_ptr<SSL> SessionPointer; |
3aac8c26 | 47 | |
5d9a65df AJ |
48 | typedef std::unique_ptr<SSL_SESSION, HardFun<void, SSL_SESSION*, &SSL_SESSION_free>> SessionStatePointer; |
49 | ||
3aac8c26 | 50 | #elif USE_GNUTLS |
9c8549cf | 51 | typedef std::shared_ptr<struct gnutls_session_int> SessionPointer; |
3aac8c26 | 52 | |
5d9a65df AJ |
53 | // wrapper function to get around gnutls_free being a typedef |
54 | inline void squid_gnutls_free(void *d) {gnutls_free(d);} | |
55 | typedef std::unique_ptr<gnutls_datum_t, HardFun<void, void*, &Security::squid_gnutls_free>> SessionStatePointer; | |
56 | ||
3aac8c26 | 57 | #else |
800967af CT |
58 | typedef std::nullptr_t Connection; |
59 | ||
9c8549cf | 60 | typedef std::shared_ptr<void> SessionPointer; |
33cc0629 | 61 | |
5d9a65df AJ |
62 | typedef std::unique_ptr<int> SessionStatePointer; |
63 | ||
3aac8c26 AJ |
64 | #endif |
65 | ||
03e0e0e4 AJ |
66 | /// send the shutdown/bye notice for an active TLS session. |
67 | void SessionSendGoodbye(const Security::SessionPointer &); | |
087b94cb | 68 | |
5d9a65df AJ |
69 | /// whether the session is a resumed one |
70 | bool SessionIsResumed(const Security::SessionPointer &); | |
71 | ||
72 | /** | |
73 | * When the session is not a resumed session, retrieve the details needed to | |
74 | * resume a later connection and store them in 'data'. This may result in 'data' | |
75 | * becoming a nil Pointer if no details exist or an error occurs. | |
76 | * | |
77 | * When the session is already a resumed session, do nothing and leave 'data' | |
78 | * unhanged. | |
79 | * XXX: is this latter behaviour always correct? | |
80 | */ | |
81 | void MaybeGetSessionResumeData(const Security::SessionPointer &, Security::SessionStatePointer &data); | |
82 | ||
83 | /// Set the data for resuming a previous session. | |
84 | /// Needs to be done before using the SessionPointer for a handshake. | |
85 | void SetSessionResumeData(const Security::SessionPointer &, const Security::SessionStatePointer &); | |
86 | ||
c96b5508 | 87 | #if USE_OPENSSL |
cf487124 | 88 | // TODO: remove from public API. It is only public because of Security::ServerOptions::updateContextConfig |
301a17d1 AJ |
89 | /// Setup the given TLS context with callbacks used to manage the session cache |
90 | void SetSessionCacheCallbacks(Security::ContextPointer &); | |
91 | ||
1c1fae0f AJ |
92 | /// Helper function to retrieve a (non-locked) ContextPointer from a SessionPointer |
93 | inline Security::ContextPointer | |
94 | GetFrom(Security::SessionPointer &s) | |
95 | { | |
96 | auto *ctx = SSL_get_SSL_CTX(s.get()); | |
97 | return Security::ContextPointer(ctx, [](SSL_CTX *) {/* nothing to unlock/free */}); | |
98 | } | |
99 | ||
c96b5508 AJ |
100 | /// \deprecated use the PeerOptions/ServerOptions API methods instead. |
101 | /// Wraps SessionPointer value creation to reduce risk of | |
102 | /// a nasty hack in ssl/support.cc. | |
103 | Security::SessionPointer NewSessionObject(const Security::ContextPointer &); | |
104 | #endif | |
105 | ||
3aac8c26 AJ |
106 | } // namespace Security |
107 | ||
108 | #endif /* SQUID_SRC_SECURITY_SESSION_H */ | |
109 |