]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/acl/AtStep.cc
c0fbb141c270018ae10701ac3c7471634b8c2660
2 * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
11 #include "acl/AtStep.h"
12 #include "acl/AtStepData.h"
13 #include "acl/FilledChecklist.h"
14 #include "client_side.h"
15 #include "http/Stream.h"
17 #include "ssl/ServerBump.h"
21 ACLAtStepStrategy::match(ACLData
<XactionStep
> * &data
, ACLFilledChecklist
*checklist
)
24 // We use step1 for all these very different cases:
25 // - The transaction is not subject to ssl_bump rules (if any).
26 // - No ssl_bump action has matched yet.
27 // - The ssl_bump client-first action has already matched.
28 // - Another ssl_bump action has already matched, but
29 // ConnStateData::serverBump() has not been built yet.
30 auto currentSslBumpStep
= XactionStep::tlsBump1
;
32 if (const auto mgr
= checklist
->conn()) {
33 if (const auto serverBump
= mgr
->serverBump())
34 currentSslBumpStep
= serverBump
->step
;
37 if (data
->match(currentSslBumpStep
))
41 if (data
->match(XactionStep::generatingConnect
)) {
42 if (!checklist
->request
)
43 return 0; // we have warned about the missing request earlier
45 if (!checklist
->request
->masterXaction
) {
46 debugs(28, DBG_IMPORTANT
, "ERROR: Squid BUG: at_step GeneratingCONNECT ACL is missing master transaction info. Assuming mismatch.");
50 return checklist
->request
->masterXaction
->generatingConnect
? 1 : 0;