src/security/forward.h

   1 /*
   2  * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 #ifndef SQUID_SRC_SECURITY_FORWARD_H
  10 #define SQUID_SRC_SECURITY_FORWARD_H
  11
  12 #include "base/CbDataList.h"
  13 #include "security/Context.h"
  14 #include "security/Session.h"
  15
  16 #if USE_GNUTLS
  17 #if HAVE_GNUTLS_X509_H
  18 #include <gnutls/x509.h>
  19 #endif
  20 #endif
  21 #include <list>
  22 #include <unordered_set>
  23
  24 #if USE_OPENSSL
  25 // Macro to be used to define the C++ wrapper functor of the sk_*_pop_free
  26 // OpenSSL family of functions. The C++ functor is suffixed with the _free_wrapper
  27 // extension
  28 #define sk_dtor_wrapper(sk_object, argument_type, freefunction) \
  29         struct sk_object ## _free_wrapper { \
  30             void operator()(argument_type a) { sk_object ## _pop_free(a, freefunction); } \
  31         }
  32 #endif /* USE_OPENSSL */
  33
  34 /* flags a SSL connection can be configured with */
  35 #define SSL_FLAG_NO_DEFAULT_CA      (1<<0)
  36 #define SSL_FLAG_DELAYED_AUTH       (1<<1)
  37 #define SSL_FLAG_DONT_VERIFY_PEER   (1<<2)
  38 #define SSL_FLAG_DONT_VERIFY_DOMAIN (1<<3)
  39 #define SSL_FLAG_NO_SESSION_REUSE   (1<<4)
  40 #define SSL_FLAG_VERIFY_CRL         (1<<5)
  41 #define SSL_FLAG_VERIFY_CRL_ALL     (1<<6)
  42
  43 /// Network/connection security abstraction layer
  44 namespace Security
  45 {
  46
  47 class CertError;
  48 /// Holds a list of X.509 certificate errors
  49 typedef CbDataList<Security::CertError> CertErrors;
  50
  51 #if USE_OPENSSL
  52 CtoCpp1(X509_free, X509 *)
  53 #if defined(CRYPTO_LOCK_X509) // OpenSSL 1.0
  54 inline int X509_up_ref(X509 *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_X509); return 0;}
  55 #endif
  56 typedef Security::LockingPointer<X509, X509_free_cpp, HardFun<int, X509 *, X509_up_ref> > CertPointer;
  57 #elif USE_GNUTLS
  58 CtoCpp1(gnutls_x509_crt_deinit, gnutls_x509_crt_t)
  59 typedef Security::LockingPointer<struct gnutls_x509_crt_int, gnutls_x509_crt_deinit> CertPointer;
  60 #else
  61 typedef void * CertPointer;
  62 #endif
  63
  64 #if USE_OPENSSL
  65 CtoCpp1(X509_CRL_free, X509_CRL *)
  66 #if defined(CRYPTO_LOCK_X509_CRL) // OpenSSL 1.0
  67 inline int X509_CRL_up_ref(X509_CRL *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_X509_CRL); return 0;}
  68 #endif
  69 typedef Security::LockingPointer<X509_CRL, X509_CRL_free_cpp, HardFun<int, X509_CRL *, X509_CRL_up_ref> > CrlPointer;
  70 #elif USE_GNUTLS
  71 CtoCpp1(gnutls_x509_crl_deinit, gnutls_x509_crl_t)
  72 typedef Security::LockingPointer<struct gnutls_x509_crl_int, gnutls_x509_crl_deinit> CrlPointer;
  73 #else
  74 typedef void *CrlPointer;
  75 #endif
  76
  77 typedef std::list<Security::CertPointer> CertList;
  78
  79 typedef std::list<Security::CrlPointer> CertRevokeList;
  80
  81 #if USE_OPENSSL
  82 CtoCpp1(DH_free, DH *);
  83 #if defined(CRYPTO_LOCK_DH) // OpenSSL 1.0
  84 inline int DH_up_ref(DH *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_DH); return 0;}
  85 #endif
  86 typedef Security::LockingPointer<DH, DH_free_cpp, HardFun<int, DH *, DH_up_ref> > DhePointer;
  87 #else
  88 typedef void *DhePointer;
  89 #endif
  90
  91 class EncryptorAnswer;
  92
  93 /// Squid defined error code (<0), an error code returned by X.509 API, or SSL_ERROR_NONE
  94 typedef int ErrorCode;
  95
  96 /// set of Squid defined TLS error codes
  97 /// \note using std::unordered_set ensures values are unique, with fast lookup
  98 typedef std::unordered_set<Security::ErrorCode> Errors;
  99
 100 class KeyData;
 101 class PeerConnector;
 102 class PeerOptions;
 103 class ServerOptions;
 104
 105 } // namespace Security
 106
 107 #endif /* SQUID_SRC_SECURITY_FORWARD_H */
 108