]>
Commit | Line | Data |
---|---|---|
3aac8c26 | 1 | /* |
4ac4a490 | 2 | * Copyright (C) 1996-2017 The Squid Software Foundation and contributors |
3aac8c26 AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
9 | #ifndef SQUID_SRC_SECURITY_SESSION_H | |
10 | #define SQUID_SRC_SECURITY_SESSION_H | |
11 | ||
5d9a65df | 12 | #include "base/HardFun.h" |
86f77270 | 13 | #include "comm/forward.h" |
33cc0629 AJ |
14 | #include "security/LockingPointer.h" |
15 | ||
3ec728ac AJ |
16 | #include <memory> |
17 | ||
3aac8c26 AJ |
18 | #if USE_OPENSSL |
19 | #if HAVE_OPENSSL_SSL_H | |
20 | #include <openssl/ssl.h> | |
21 | #endif | |
22 | #endif | |
23 | ||
24 | #if USE_GNUTLS | |
25 | #if HAVE_GNUTLS_GNUTLS_H | |
26 | #include <gnutls/gnutls.h> | |
27 | #endif | |
28 | #endif | |
29 | ||
30 | namespace Security { | |
31 | ||
86f77270 AJ |
32 | /// Creates TLS Client connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO). |
33 | /// On errors, emits DBG_IMPORTANT with details and returns false. | |
34 | bool CreateClientSession(const Security::ContextPointer &, const Comm::ConnectionPointer &, const char *squidCtx); | |
35 | ||
36 | /// Creates TLS Server connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO). | |
37 | /// On errors, emits DBG_IMPORTANT with details and returns false. | |
38 | bool CreateServerSession(const Security::ContextPointer &, const Comm::ConnectionPointer &, const char *squidCtx); | |
39 | ||
3aac8c26 | 40 | #if USE_OPENSSL |
9c8549cf | 41 | typedef std::shared_ptr<SSL> SessionPointer; |
3aac8c26 | 42 | |
5d9a65df AJ |
43 | typedef std::unique_ptr<SSL_SESSION, HardFun<void, SSL_SESSION*, &SSL_SESSION_free>> SessionStatePointer; |
44 | ||
3aac8c26 | 45 | #elif USE_GNUTLS |
9c8549cf | 46 | typedef std::shared_ptr<struct gnutls_session_int> SessionPointer; |
3aac8c26 | 47 | |
5d9a65df AJ |
48 | // wrapper function to get around gnutls_free being a typedef |
49 | inline void squid_gnutls_free(void *d) {gnutls_free(d);} | |
50 | typedef std::unique_ptr<gnutls_datum_t, HardFun<void, void*, &Security::squid_gnutls_free>> SessionStatePointer; | |
51 | ||
3aac8c26 | 52 | #else |
9c8549cf | 53 | typedef std::shared_ptr<void> SessionPointer; |
33cc0629 | 54 | |
5d9a65df AJ |
55 | typedef std::unique_ptr<int> SessionStatePointer; |
56 | ||
3aac8c26 AJ |
57 | #endif |
58 | ||
9c8549cf AJ |
59 | /// close an active TLS session. |
60 | /// set fdOnError to the connection FD when the session is being closed | |
61 | /// due to an encryption error, otherwise omit. | |
62 | void SessionClose(const Security::SessionPointer &, int fdOnError = -1); | |
087b94cb | 63 | |
5d9a65df AJ |
64 | /// whether the session is a resumed one |
65 | bool SessionIsResumed(const Security::SessionPointer &); | |
66 | ||
67 | /** | |
68 | * When the session is not a resumed session, retrieve the details needed to | |
69 | * resume a later connection and store them in 'data'. This may result in 'data' | |
70 | * becoming a nil Pointer if no details exist or an error occurs. | |
71 | * | |
72 | * When the session is already a resumed session, do nothing and leave 'data' | |
73 | * unhanged. | |
74 | * XXX: is this latter behaviour always correct? | |
75 | */ | |
76 | void MaybeGetSessionResumeData(const Security::SessionPointer &, Security::SessionStatePointer &data); | |
77 | ||
78 | /// Set the data for resuming a previous session. | |
79 | /// Needs to be done before using the SessionPointer for a handshake. | |
80 | void SetSessionResumeData(const Security::SessionPointer &, const Security::SessionStatePointer &); | |
81 | ||
3aac8c26 AJ |
82 | } // namespace Security |
83 | ||
84 | #endif /* SQUID_SRC_SECURITY_SESSION_H */ | |
85 |