]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/security/forward.h
2 * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 #ifndef SQUID_SRC_SECURITY_FORWARD_H
10 #define SQUID_SRC_SECURITY_FORWARD_H
12 #include "base/CbDataList.h"
13 #include "security/Context.h"
14 #include "security/Session.h"
17 #if HAVE_GNUTLS_X509_H
18 #include <gnutls/x509.h>
22 #include <unordered_set>
25 // Macro to be used to define the C++ wrapper functor of the sk_*_pop_free
26 // OpenSSL family of functions. The C++ functor is suffixed with the _free_wrapper
28 #define sk_dtor_wrapper(sk_object, argument_type, freefunction) \
29 struct sk_object ## _free_wrapper { \
30 void operator()(argument_type a) { sk_object ## _pop_free(a, freefunction); } \
32 #endif /* USE_OPENSSL */
34 /* flags a SSL connection can be configured with */
35 #define SSL_FLAG_NO_DEFAULT_CA (1<<0)
36 #define SSL_FLAG_DELAYED_AUTH (1<<1)
37 #define SSL_FLAG_DONT_VERIFY_PEER (1<<2)
38 #define SSL_FLAG_DONT_VERIFY_DOMAIN (1<<3)
39 #define SSL_FLAG_NO_SESSION_REUSE (1<<4)
40 #define SSL_FLAG_VERIFY_CRL (1<<5)
41 #define SSL_FLAG_VERIFY_CRL_ALL (1<<6)
43 /// Network/connection security abstraction layer
48 /// Holds a list of X.509 certificate errors
49 typedef CbDataList
<Security::CertError
> CertErrors
;
52 CtoCpp1(X509_free
, X509
*)
53 #if defined(CRYPTO_LOCK_X509) // OpenSSL 1.0
54 inline int X509_up_ref(X509
*t
) {if (t
) CRYPTO_add(&t
->references
, 1, CRYPTO_LOCK_X509
); return 0;}
56 typedef Security::LockingPointer
<X509
, X509_free_cpp
, HardFun
<int, X509
*, X509_up_ref
> > CertPointer
;
58 CtoCpp1(gnutls_x509_crt_deinit
, gnutls_x509_crt_t
)
59 typedef Security::LockingPointer
<struct gnutls_x509_crt_int
, gnutls_x509_crt_deinit
> CertPointer
;
61 typedef void * CertPointer
;
65 CtoCpp1(X509_CRL_free
, X509_CRL
*)
66 #if defined(CRYPTO_LOCK_X509_CRL) // OpenSSL 1.0
67 inline int X509_CRL_up_ref(X509_CRL
*t
) {if (t
) CRYPTO_add(&t
->references
, 1, CRYPTO_LOCK_X509_CRL
); return 0;}
69 typedef Security::LockingPointer
<X509_CRL
, X509_CRL_free_cpp
, HardFun
<int, X509_CRL
*, X509_CRL_up_ref
> > CrlPointer
;
71 CtoCpp1(gnutls_x509_crl_deinit
, gnutls_x509_crl_t
)
72 typedef Security::LockingPointer
<struct gnutls_x509_crl_int
, gnutls_x509_crl_deinit
> CrlPointer
;
74 typedef void *CrlPointer
;
77 typedef std::list
<Security::CertPointer
> CertList
;
79 typedef std::list
<Security::CrlPointer
> CertRevokeList
;
82 CtoCpp1(DH_free
, DH
*);
83 #if defined(CRYPTO_LOCK_DH) // OpenSSL 1.0
84 inline int DH_up_ref(DH
*t
) {if (t
) CRYPTO_add(&t
->references
, 1, CRYPTO_LOCK_DH
); return 0;}
86 typedef Security::LockingPointer
<DH
, DH_free_cpp
, HardFun
<int, DH
*, DH_up_ref
> > DhePointer
;
88 typedef void *DhePointer
;
91 class EncryptorAnswer
;
93 /// Squid defined error code (<0), an error code returned by X.509 API, or SSL_ERROR_NONE
94 typedef int ErrorCode
;
96 /// set of Squid defined TLS error codes
97 /// \note using std::unordered_set ensures values are unique, with fast lookup
98 typedef std::unordered_set
<Security::ErrorCode
> Errors
;
105 } // namespace Security
107 #endif /* SQUID_SRC_SECURITY_FORWARD_H */