]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/security/Session.h
2 * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 #ifndef SQUID_SRC_SECURITY_SESSION_H
10 #define SQUID_SRC_SECURITY_SESSION_H
12 #include "base/HardFun.h"
13 #include "comm/forward.h"
14 #include "security/LockingPointer.h"
19 #if HAVE_OPENSSL_SSL_H
20 #include <openssl/ssl.h>
25 #if HAVE_GNUTLS_GNUTLS_H
26 #include <gnutls/gnutls.h>
32 /// Creates TLS Client connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO).
33 /// On errors, emits DBG_IMPORTANT with details and returns false.
34 bool CreateClientSession(const Security::ContextPointer
&, const Comm::ConnectionPointer
&, const char *squidCtx
);
36 /// Creates TLS Server connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO).
37 /// On errors, emits DBG_IMPORTANT with details and returns false.
38 bool CreateServerSession(const Security::ContextPointer
&, const Comm::ConnectionPointer
&, const char *squidCtx
);
41 typedef std::shared_ptr
<SSL
> SessionPointer
;
43 typedef std::unique_ptr
<SSL_SESSION
, HardFun
<void, SSL_SESSION
*, &SSL_SESSION_free
>> SessionStatePointer
;
46 typedef std::shared_ptr
<struct gnutls_session_int
> SessionPointer
;
48 // wrapper function to get around gnutls_free being a typedef
49 inline void squid_gnutls_free(void *d
) {gnutls_free(d
);}
50 typedef std::unique_ptr
<gnutls_datum_t
, HardFun
<void, void*, &Security::squid_gnutls_free
>> SessionStatePointer
;
53 typedef std::shared_ptr
<void> SessionPointer
;
55 typedef std::unique_ptr
<int> SessionStatePointer
;
59 /// send the shutdown/bye notice for an active TLS session.
60 void SessionSendGoodbye(const Security::SessionPointer
&);
62 /// whether the session is a resumed one
63 bool SessionIsResumed(const Security::SessionPointer
&);
66 * When the session is not a resumed session, retrieve the details needed to
67 * resume a later connection and store them in 'data'. This may result in 'data'
68 * becoming a nil Pointer if no details exist or an error occurs.
70 * When the session is already a resumed session, do nothing and leave 'data'
72 * XXX: is this latter behaviour always correct?
74 void MaybeGetSessionResumeData(const Security::SessionPointer
&, Security::SessionStatePointer
&data
);
76 /// Set the data for resuming a previous session.
77 /// Needs to be done before using the SessionPointer for a handshake.
78 void SetSessionResumeData(const Security::SessionPointer
&, const Security::SessionStatePointer
&);
81 /// Helper function to retrieve a (non-locked) ContextPointer from a SessionPointer
82 inline Security::ContextPointer
83 GetFrom(Security::SessionPointer
&s
)
85 auto *ctx
= SSL_get_SSL_CTX(s
.get());
86 return Security::ContextPointer(ctx
, [](SSL_CTX
*) {/* nothing to unlock/free */});
89 /// \deprecated use the PeerOptions/ServerOptions API methods instead.
90 /// Wraps SessionPointer value creation to reduce risk of
91 /// a nasty hack in ssl/support.cc.
92 Security::SessionPointer
NewSessionObject(const Security::ContextPointer
&);
95 } // namespace Security
97 #endif /* SQUID_SRC_SECURITY_SESSION_H */