2 * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 #ifndef SQUID_SRC_SECURITY_PEEROPTIONS_H
10 #define SQUID_SRC_SECURITY_PEEROPTIONS_H
12 #include "ConfigParser.h"
14 #include "security/forward.h"
19 /// TLS squid.conf settings for a remote server peer
23 PeerOptions() : parsedOptions(0), sslVersion(0), encryptTransport(false) {}
25 /// parse a TLS squid.conf option
26 void parse(const char *);
28 /// reset the configuration details to default
29 void clear() {*this = PeerOptions();}
31 /// generate a security context from these configured options
32 Security::ContextPointer
createContext(bool setOptions
);
34 SBuf certFile
; ///< path of file containing PEM format X509 certificate
35 SBuf privateKeyFile
; ///< path of file containing private key in PEM format
36 SBuf sslOptions
; ///< library-specific options string
37 SBuf caFile
; ///< path of file containing trusted Certificate Authority
38 SBuf caDir
; ///< path of directory containing a set of trusted Certificate Authorities
39 SBuf crlFile
; ///< path of file containing Certificate Revoke List
45 SBuf tlsMinVersion
; ///< version label for minimum TLS version to permit
47 long parsedOptions
; ///< parsed value of sslOptions
53 /// whether transport encryption (TLS/SSL) is to be used on connections to the peer
54 bool encryptTransport
;
57 /// configuration options for DIRECT server access
58 extern PeerOptions ProxyOutgoingConfig
;
60 } // namespace Security
62 // parse the tls_outgoing_options directive
63 void parse_securePeerOptions(Security::PeerOptions
*);
64 #define free_securePeerOptions(x) Security::ProxyOutgoingConfig.clear()
65 #define dump_securePeerOptions(e,n,x) // not supported yet
67 #endif /* SQUID_SRC_SECURITY_PEEROPTIONS_H */