src/security/forward.h

   1 /*
   2  * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 #ifndef SQUID_SRC_SECURITY_FORWARD_H
  10 #define SQUID_SRC_SECURITY_FORWARD_H
  11
  12 #include "security/Context.h"
  13 #include "security/Session.h"
  14
  15 #if USE_GNUTLS
  16 #if HAVE_GNUTLS_X509_H
  17 #include <gnutls/x509.h>
  18 #endif
  19 #endif
  20 #include <list>
  21 #include <unordered_set>
  22
  23 #if USE_OPENSSL
  24 // Macro to be used to define the C++ wrapper functor of the sk_*_pop_free
  25 // OpenSSL family of functions. The C++ functor is suffixed with the _free_wrapper
  26 // extension
  27 #define sk_dtor_wrapper(sk_object, argument_type, freefunction) \
  28         struct sk_object ## _free_wrapper { \
  29             void operator()(argument_type a) { sk_object ## _pop_free(a, freefunction); } \
  30         }
  31 #endif /* USE_OPENSSL */
  32
  33 /* flags a SSL connection can be configured with */
  34 #define SSL_FLAG_NO_DEFAULT_CA      (1<<0)
  35 #define SSL_FLAG_DELAYED_AUTH       (1<<1)
  36 #define SSL_FLAG_DONT_VERIFY_PEER   (1<<2)
  37 #define SSL_FLAG_DONT_VERIFY_DOMAIN (1<<3)
  38 #define SSL_FLAG_NO_SESSION_REUSE   (1<<4)
  39 #define SSL_FLAG_VERIFY_CRL         (1<<5)
  40 #define SSL_FLAG_VERIFY_CRL_ALL     (1<<6)
  41
  42 /// Network/connection security abstraction layer
  43 namespace Security
  44 {
  45
  46 #if USE_OPENSSL
  47 CtoCpp1(X509_free, X509 *)
  48 typedef Security::LockingPointer<X509, X509_free_cpp, CRYPTO_LOCK_X509> CertPointer;
  49 #elif USE_GNUTLS
  50 CtoCpp1(gnutls_x509_crt_deinit, gnutls_x509_crt_t)
  51 typedef Security::LockingPointer<struct gnutls_x509_crt_int, gnutls_x509_crt_deinit, -1> CertPointer;
  52 #else
  53 typedef void * CertPointer;
  54 #endif
  55
  56 #if USE_OPENSSL
  57 CtoCpp1(X509_CRL_free, X509_CRL *)
  58 typedef LockingPointer<X509_CRL, X509_CRL_free_cpp, CRYPTO_LOCK_X509_CRL> CrlPointer;
  59 #elif USE_GNUTLS
  60 CtoCpp1(gnutls_x509_crl_deinit, gnutls_x509_crl_t)
  61 typedef Security::LockingPointer<struct gnutls_x509_crl_int, gnutls_x509_crl_deinit, -1> CrlPointer;
  62 #else
  63 typedef void *CrlPointer;
  64 #endif
  65
  66 typedef std::list<Security::CertPointer> CertList;
  67
  68 typedef std::list<Security::CrlPointer> CertRevokeList;
  69
  70 #if USE_OPENSSL
  71 CtoCpp1(DH_free, DH *);
  72 typedef Security::LockingPointer<DH, DH_free_cpp, CRYPTO_LOCK_DH> DhePointer;
  73 #else
  74 typedef void *DhePointer;
  75 #endif
  76
  77 class EncryptorAnswer;
  78
  79 /// Squid defined error code (<0), an error code returned by X.509 API, or SSL_ERROR_NONE
  80 typedef int ErrorCode;
  81
  82 /// set of Squid defined TLS error codes
  83 /// \note using std::unordered_set ensures values are unique, with fast lookup
  84 typedef std::unordered_set<Security::ErrorCode> Errors;
  85
  86 class KeyData;
  87 class PeerConnector;
  88 class PeerOptions;
  89 class ServerOptions;
  90
  91 } // namespace Security
  92
  93 #endif /* SQUID_SRC_SECURITY_FORWARD_H */
  94