2 * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 #ifndef SQUID_SRC_SECURITY_PEEROPTIONS_H
10 #define SQUID_SRC_SECURITY_PEEROPTIONS_H
12 #include "ConfigParser.h"
14 #include "security/forward.h"
21 /// TLS squid.conf settings for a remote server peer
25 PeerOptions() : parsedOptions(0), parsedFlags(0), sslVersion(0), encryptTransport(false) {}
26 PeerOptions(const PeerOptions
&);
28 /// parse a TLS squid.conf option
29 void parse(const char *);
31 /// reset the configuration details to default
32 void clear() {*this = PeerOptions();}
34 /// generate a security client-context from these configured options
35 Security::ContextPointer
createClientContext(bool setOptions
);
37 /// sync the context options with tls-min-version=N configuration
38 void updateTlsVersionLimits();
40 /// output squid.conf syntax with 'pfx' prefix on parameters for the stored settings
41 void dumpCfg(Packable
*, const char *pfx
) const;
48 SBuf certFile
; ///< path of file containing PEM format X509 certificate
49 SBuf privateKeyFile
; ///< path of file containing private key in PEM format
50 SBuf sslOptions
; ///< library-specific options string
51 SBuf caFile
; ///< path of file containing trusted Certificate Authority
52 SBuf caDir
; ///< path of directory containing a set of trusted Certificate Authorities
53 SBuf crlFile
; ///< path of file containing Certificate Revoke List
56 SBuf sslFlags
; ///< flags defining what TLS operations Squid performs
59 SBuf tlsMinVersion
; ///< version label for minimum TLS version to permit
61 long parsedOptions
; ///< parsed value of sslOptions
62 long parsedFlags
; ///< parsed value of sslFlags
68 /// whether transport encryption (TLS/SSL) is to be used on connections to the peer
69 bool encryptTransport
;
72 /// configuration options for DIRECT server access
73 extern PeerOptions ProxyOutgoingConfig
;
75 } // namespace Security
77 // parse the tls_outgoing_options directive
78 void parse_securePeerOptions(Security::PeerOptions
*);
79 #define free_securePeerOptions(x) Security::ProxyOutgoingConfig.clear()
80 #define dump_securePeerOptions(e,n,x) do { (e)->appendf(n); (x).dumpCfg((e),""); (e)->append("\n",1); } while(false)
82 #endif /* SQUID_SRC_SECURITY_PEEROPTIONS_H */