src/security/Session.h

   1 /*
   2  * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 #ifndef SQUID_SRC_SECURITY_SESSION_H
  10 #define SQUID_SRC_SECURITY_SESSION_H
  11
  12 #include "base/HardFun.h"
  13 #include "comm/forward.h"
  14 #include "security/LockingPointer.h"
  15
  16 #include <memory>
  17
  18 #if USE_OPENSSL
  19 #if HAVE_OPENSSL_SSL_H
  20 #include <openssl/ssl.h>
  21 #endif
  22 #endif
  23
  24 #if USE_GNUTLS
  25 #if HAVE_GNUTLS_GNUTLS_H
  26 #include <gnutls/gnutls.h>
  27 #endif
  28 #endif
  29
  30 namespace Security {
  31
  32 /// Creates TLS Client connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO).
  33 /// On errors, emits DBG_IMPORTANT with details and returns false.
  34 bool CreateClientSession(const Security::ContextPointer &, const Comm::ConnectionPointer &, const char *squidCtx);
  35
  36 /// Creates TLS Server connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO).
  37 /// On errors, emits DBG_IMPORTANT with details and returns false.
  38 bool CreateServerSession(const Security::ContextPointer &, const Comm::ConnectionPointer &, const char *squidCtx);
  39
  40 #if USE_OPENSSL
  41 typedef std::shared_ptr<SSL> SessionPointer;
  42
  43 typedef std::unique_ptr<SSL_SESSION, HardFun<void, SSL_SESSION*, &SSL_SESSION_free>> SessionStatePointer;
  44
  45 #elif USE_GNUTLS
  46 typedef std::shared_ptr<struct gnutls_session_int> SessionPointer;
  47
  48 // wrapper function to get around gnutls_free being a typedef
  49 inline void squid_gnutls_free(void *d) {gnutls_free(d);}
  50 typedef std::unique_ptr<gnutls_datum_t, HardFun<void, void*, &Security::squid_gnutls_free>> SessionStatePointer;
  51
  52 #else
  53 typedef std::shared_ptr<void> SessionPointer;
  54
  55 typedef std::unique_ptr<int> SessionStatePointer;
  56
  57 #endif
  58
  59 /// send the shutdown/bye notice for an active TLS session.
  60 void SessionSendGoodbye(const Security::SessionPointer &);
  61
  62 /// whether the session is a resumed one
  63 bool SessionIsResumed(const Security::SessionPointer &);
  64
  65 /**
  66  * When the session is not a resumed session, retrieve the details needed to
  67  * resume a later connection and store them in 'data'. This may result in 'data'
  68  * becoming a nil Pointer if no details exist or an error occurs.
  69  *
  70  * When the session is already a resumed session, do nothing and leave 'data'
  71  * unhanged.
  72  * XXX: is this latter behaviour always correct?
  73  */
  74 void MaybeGetSessionResumeData(const Security::SessionPointer &, Security::SessionStatePointer &data);
  75
  76 /// Set the data for resuming a previous session.
  77 /// Needs to be done before using the SessionPointer for a handshake.
  78 void SetSessionResumeData(const Security::SessionPointer &, const Security::SessionStatePointer &);
  79
  80 #if USE_OPENSSL
  81 /// Helper function to retrieve a (non-locked) ContextPointer from a SessionPointer
  82 inline Security::ContextPointer
  83 GetFrom(Security::SessionPointer &s)
  84 {
  85     auto *ctx = SSL_get_SSL_CTX(s.get());
  86     return Security::ContextPointer(ctx, [](SSL_CTX *) {/* nothing to unlock/free */});
  87 }
  88
  89 /// \deprecated use the PeerOptions/ServerOptions API methods instead.
  90 /// Wraps SessionPointer value creation to reduce risk of
  91 /// a nasty hack in ssl/support.cc.
  92 Security::SessionPointer NewSessionObject(const Security::ContextPointer &);
  93 #endif
  94
  95 } // namespace Security
  96
  97 #endif /* SQUID_SRC_SECURITY_SESSION_H */
  98