src/security/Session.h

   1 /*
   2  * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 #ifndef SQUID_SRC_SECURITY_SESSION_H
  10 #define SQUID_SRC_SECURITY_SESSION_H
  11
  12 #include "base/HardFun.h"
  13 #include "comm/forward.h"
  14 #include "security/LockingPointer.h"
  15
  16 #include <memory>
  17
  18 #if USE_OPENSSL
  19 #if HAVE_OPENSSL_SSL_H
  20 #include <openssl/ssl.h>
  21 #endif
  22 #endif
  23
  24 #if USE_GNUTLS
  25 #if HAVE_GNUTLS_GNUTLS_H
  26 #include <gnutls/gnutls.h>
  27 #endif
  28 #endif
  29
  30 namespace Security {
  31
  32 /// Creates TLS Client connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO).
  33 /// On errors, emits DBG_IMPORTANT with details and returns false.
  34 bool CreateClientSession(const Security::ContextPointer &, const Comm::ConnectionPointer &, const char *squidCtx);
  35
  36 /// Creates TLS Server connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO).
  37 /// On errors, emits DBG_IMPORTANT with details and returns false.
  38 bool CreateServerSession(const Security::ContextPointer &, const Comm::ConnectionPointer &, const char *squidCtx);
  39
  40 #if USE_OPENSSL
  41 typedef std::shared_ptr<SSL> SessionPointer;
  42
  43 typedef std::unique_ptr<SSL_SESSION, HardFun<void, SSL_SESSION*, &SSL_SESSION_free>> SessionStatePointer;
  44
  45 #elif USE_GNUTLS
  46 typedef std::shared_ptr<struct gnutls_session_int> SessionPointer;
  47
  48 // wrapper function to get around gnutls_free being a typedef
  49 inline void squid_gnutls_free(void *d) {gnutls_free(d);}
  50 typedef std::unique_ptr<gnutls_datum_t, HardFun<void, void*, &Security::squid_gnutls_free>> SessionStatePointer;
  51
  52 #else
  53 typedef std::shared_ptr<void> SessionPointer;
  54
  55 typedef std::unique_ptr<int> SessionStatePointer;
  56
  57 #endif
  58
  59 /// close an active TLS session.
  60 /// set fdOnError to the connection FD when the session is being closed
  61 /// due to an encryption error, otherwise omit.
  62 void SessionClose(const Security::SessionPointer &, int fdOnError = -1);
  63
  64 /// whether the session is a resumed one
  65 bool SessionIsResumed(const Security::SessionPointer &);
  66
  67 /**
  68  * When the session is not a resumed session, retrieve the details needed to
  69  * resume a later connection and store them in 'data'. This may result in 'data'
  70  * becoming a nil Pointer if no details exist or an error occurs.
  71  *
  72  * When the session is already a resumed session, do nothing and leave 'data'
  73  * unhanged.
  74  * XXX: is this latter behaviour always correct?
  75  */
  76 void MaybeGetSessionResumeData(const Security::SessionPointer &, Security::SessionStatePointer &data);
  77
  78 /// Set the data for resuming a previous session.
  79 /// Needs to be done before using the SessionPointer for a handshake.
  80 void SetSessionResumeData(const Security::SessionPointer &, const Security::SessionStatePointer &);
  81
  82 } // namespace Security
  83
  84 #endif /* SQUID_SRC_SECURITY_SESSION_H */
  85