/*
- * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
+ * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
*
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
#include "squid.h"
-#if USE_OPENSSL
-
#include "acl/AtStep.h"
#include "acl/AtStepData.h"
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
#include "client_side.h"
+#include "http/Stream.h"
+#if USE_OPENSSL
#include "ssl/ServerBump.h"
+#endif
int
-ACLAtStepStrategy::match (ACLData<Ssl::BumpStep> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLAtStepStrategy::match(ACLData<XactionStep> * &data, ACLFilledChecklist *checklist)
{
- Ssl::ServerBump *bump = NULL;
- if (checklist->conn() != NULL && (bump = checklist->conn()->serverBump()))
- return data->match(bump->step);
- else
- return data->match(Ssl::bumpStep1);
- return 0;
-}
+#if USE_OPENSSL
+ // We use step1 for all these very different cases:
+ // - The transaction is not subject to ssl_bump rules (if any).
+ // - No ssl_bump action has matched yet.
+ // - The ssl_bump client-first action has already matched.
+ // - Another ssl_bump action has already matched, but
+ // ConnStateData::serverBump() has not been built yet.
+ auto currentSslBumpStep = XactionStep::tlsBump1;
+
+ if (const auto mgr = checklist->conn()) {
+ if (const auto serverBump = mgr->serverBump())
+ currentSslBumpStep = serverBump->step;
+ }
+
+ if (data->match(currentSslBumpStep))
+ return 1;
+#endif // USE_OPENSSL
+
+ if (data->match(XactionStep::generatingConnect)) {
+ if (!checklist->request)
+ return 0; // we have warned about the missing request earlier
+
+ if (!checklist->request->masterXaction) {
+ debugs(28, DBG_IMPORTANT, "BUG: at_step GeneratingCONNECT ACL is missing master transaction info. Assuming mismatch.");
+ return 0;
+ }
+
+ return checklist->request->masterXaction->generatingConnect ? 1 : 0;
+ }
-ACLAtStepStrategy *
-ACLAtStepStrategy::Instance()
-{
- return &Instance_;
+ return 0;
}
-ACLAtStepStrategy ACLAtStepStrategy::Instance_;
-
-#endif /* USE_OPENSSL */
-