src/security/PeerOptions.h

   1 /*
   2  * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 #ifndef SQUID_SRC_SECURITY_PEEROPTIONS_H
  10 #define SQUID_SRC_SECURITY_PEEROPTIONS_H
  11
  12 #include "ConfigParser.h"
  13 #include "SBuf.h"
  14 #include "security/forward.h"
  15
  16 class Packable;
  17
  18 namespace Security
  19 {
  20
  21 /// TLS squid.conf settings for a remote server peer
  22 class PeerOptions
  23 {
  24 public:
  25     PeerOptions() : parsedOptions(0), parsedFlags(0), sslVersion(0), encryptTransport(false) {}
  26     PeerOptions(const PeerOptions &);
  27
  28     /// parse a TLS squid.conf option
  29     void parse(const char *);
  30
  31     /// reset the configuration details to default
  32     void clear() {*this = PeerOptions();}
  33
  34     /// generate a security client-context from these configured options
  35     Security::ContextPointer createClientContext(bool setOptions);
  36
  37     /// sync the context options with tls-min-version=N configuration
  38     void updateTlsVersionLimits();
  39
  40     /// output squid.conf syntax with 'pfx' prefix on parameters for the stored settings
  41     void dumpCfg(Packable *, const char *pfx) const;
  42
  43 private:
  44     long parseOptions();
  45     long parseFlags();
  46
  47 public:
  48     SBuf certFile;       ///< path of file containing PEM format X509 certificate
  49     SBuf privateKeyFile; ///< path of file containing private key in PEM format
  50     SBuf sslOptions;     ///< library-specific options string
  51     SBuf caFile;         ///< path of file containing trusted Certificate Authority
  52     SBuf caDir;          ///< path of directory containing a set of trusted Certificate Authorities
  53     SBuf crlFile;        ///< path of file containing Certificate Revoke List
  54
  55     SBuf sslCipher;
  56     SBuf sslFlags;       ///< flags defining what TLS operations Squid performs
  57     SBuf sslDomain;
  58
  59     SBuf tlsMinVersion;  ///< version label for minimum TLS version to permit
  60
  61     long parsedOptions; ///< parsed value of sslOptions
  62     long parsedFlags;   ///< parsed value of sslFlags
  63
  64 private:
  65     int sslVersion;
  66
  67 public:
  68     /// whether transport encryption (TLS/SSL) is to be used on connections to the peer
  69     bool encryptTransport;
  70 };
  71
  72 /// configuration options for DIRECT server access
  73 extern PeerOptions ProxyOutgoingConfig;
  74
  75 } // namespace Security
  76
  77 // parse the tls_outgoing_options directive
  78 void parse_securePeerOptions(Security::PeerOptions *);
  79 #define free_securePeerOptions(x) Security::ProxyOutgoingConfig.clear()
  80 #define dump_securePeerOptions(e,n,x) do { (e)->appendf(n); (x).dumpCfg((e),""); (e)->append("\n",1); } while(false)
  81
  82 #endif /* SQUID_SRC_SECURITY_PEEROPTIONS_H */
  83