]>
Commit | Line | Data |
---|---|---|
3aac8c26 | 1 | /* |
4ac4a490 | 2 | * Copyright (C) 1996-2017 The Squid Software Foundation and contributors |
3aac8c26 AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
9 | #ifndef SQUID_SRC_SECURITY_SESSION_H | |
10 | #define SQUID_SRC_SECURITY_SESSION_H | |
11 | ||
5d9a65df | 12 | #include "base/HardFun.h" |
86f77270 | 13 | #include "comm/forward.h" |
33cc0629 AJ |
14 | #include "security/LockingPointer.h" |
15 | ||
3ec728ac AJ |
16 | #include <memory> |
17 | ||
3aac8c26 AJ |
18 | #if USE_OPENSSL |
19 | #if HAVE_OPENSSL_SSL_H | |
20 | #include <openssl/ssl.h> | |
21 | #endif | |
22 | #endif | |
23 | ||
24 | #if USE_GNUTLS | |
25 | #if HAVE_GNUTLS_GNUTLS_H | |
26 | #include <gnutls/gnutls.h> | |
27 | #endif | |
28 | #endif | |
29 | ||
30 | namespace Security { | |
31 | ||
86f77270 AJ |
32 | /// Creates TLS Client connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO). |
33 | /// On errors, emits DBG_IMPORTANT with details and returns false. | |
34 | bool CreateClientSession(const Security::ContextPointer &, const Comm::ConnectionPointer &, const char *squidCtx); | |
35 | ||
36 | /// Creates TLS Server connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO). | |
37 | /// On errors, emits DBG_IMPORTANT with details and returns false. | |
38 | bool CreateServerSession(const Security::ContextPointer &, const Comm::ConnectionPointer &, const char *squidCtx); | |
39 | ||
3aac8c26 | 40 | #if USE_OPENSSL |
9c8549cf | 41 | typedef std::shared_ptr<SSL> SessionPointer; |
3aac8c26 | 42 | |
5d9a65df AJ |
43 | typedef std::unique_ptr<SSL_SESSION, HardFun<void, SSL_SESSION*, &SSL_SESSION_free>> SessionStatePointer; |
44 | ||
3aac8c26 | 45 | #elif USE_GNUTLS |
9c8549cf | 46 | typedef std::shared_ptr<struct gnutls_session_int> SessionPointer; |
3aac8c26 | 47 | |
5d9a65df AJ |
48 | // wrapper function to get around gnutls_free being a typedef |
49 | inline void squid_gnutls_free(void *d) {gnutls_free(d);} | |
50 | typedef std::unique_ptr<gnutls_datum_t, HardFun<void, void*, &Security::squid_gnutls_free>> SessionStatePointer; | |
51 | ||
3aac8c26 | 52 | #else |
9c8549cf | 53 | typedef std::shared_ptr<void> SessionPointer; |
33cc0629 | 54 | |
5d9a65df AJ |
55 | typedef std::unique_ptr<int> SessionStatePointer; |
56 | ||
3aac8c26 AJ |
57 | #endif |
58 | ||
03e0e0e4 AJ |
59 | /// send the shutdown/bye notice for an active TLS session. |
60 | void SessionSendGoodbye(const Security::SessionPointer &); | |
087b94cb | 61 | |
5d9a65df AJ |
62 | /// whether the session is a resumed one |
63 | bool SessionIsResumed(const Security::SessionPointer &); | |
64 | ||
65 | /** | |
66 | * When the session is not a resumed session, retrieve the details needed to | |
67 | * resume a later connection and store them in 'data'. This may result in 'data' | |
68 | * becoming a nil Pointer if no details exist or an error occurs. | |
69 | * | |
70 | * When the session is already a resumed session, do nothing and leave 'data' | |
71 | * unhanged. | |
72 | * XXX: is this latter behaviour always correct? | |
73 | */ | |
74 | void MaybeGetSessionResumeData(const Security::SessionPointer &, Security::SessionStatePointer &data); | |
75 | ||
76 | /// Set the data for resuming a previous session. | |
77 | /// Needs to be done before using the SessionPointer for a handshake. | |
78 | void SetSessionResumeData(const Security::SessionPointer &, const Security::SessionStatePointer &); | |
79 | ||
c96b5508 | 80 | #if USE_OPENSSL |
301a17d1 AJ |
81 | // TODO: remove from public API. It is only public because of configureSslContext() in ssl/support.cc |
82 | /// Setup the given TLS context with callbacks used to manage the session cache | |
83 | void SetSessionCacheCallbacks(Security::ContextPointer &); | |
84 | ||
1c1fae0f AJ |
85 | /// Helper function to retrieve a (non-locked) ContextPointer from a SessionPointer |
86 | inline Security::ContextPointer | |
87 | GetFrom(Security::SessionPointer &s) | |
88 | { | |
89 | auto *ctx = SSL_get_SSL_CTX(s.get()); | |
90 | return Security::ContextPointer(ctx, [](SSL_CTX *) {/* nothing to unlock/free */}); | |
91 | } | |
92 | ||
c96b5508 AJ |
93 | /// \deprecated use the PeerOptions/ServerOptions API methods instead. |
94 | /// Wraps SessionPointer value creation to reduce risk of | |
95 | /// a nasty hack in ssl/support.cc. | |
96 | Security::SessionPointer NewSessionObject(const Security::ContextPointer &); | |
97 | #endif | |
98 | ||
3aac8c26 AJ |
99 | } // namespace Security |
100 | ||
101 | #endif /* SQUID_SRC_SECURITY_SESSION_H */ | |
102 |