/*
- * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
+ * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
*
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
#ifndef SQUID_SRC_SECURITY_PEEROPTIONS_H
#define SQUID_SRC_SECURITY_PEEROPTIONS_H
+#include "base/YesNoNone.h"
#include "ConfigParser.h"
#include "security/KeyData.h"
virtual void clear() {*this = PeerOptions();}
/// generate an unset security context object
- virtual Security::ContextPtr createBlankContext() const;
+ virtual Security::ContextPointer createBlankContext() const;
/// generate a security client-context from these configured options
- Security::ContextPtr createClientContext(bool setOptions);
+ Security::ContextPointer createClientContext(bool setOptions);
/// sync the context options with tls-min-version=N configuration
void updateTlsVersionLimits();
/// setup the NPN extension details for the given context
- void updateContextNpn(Security::ContextPtr &);
+ void updateContextNpn(Security::ContextPointer &);
/// setup the CA details for the given context
- void updateContextCa(Security::ContextPtr &);
+ void updateContextCa(Security::ContextPointer &);
/// setup the CRL details for the given context
- void updateContextCrl(Security::ContextPtr &);
+ void updateContextCrl(Security::ContextPointer &);
/// output squid.conf syntax with 'pfx' prefix on parameters for the stored settings
virtual void dumpCfg(Packable *, const char *pfx) const;
std::list<SBuf> caFiles; ///< paths of files containing trusted Certificate Authority
Security::CertRevokeList parsedCrl; ///< CRL to use when verifying the remote end certificate
-private:
+protected:
int sslVersion;
/// flags governing Squid internal TLS operations
flags_() : tlsDefaultCa(true), tlsNpn(true) {}
/// whether to use the system default Trusted CA when verifying the remote end certificate
- bool tlsDefaultCa;
+ YesNoNone tlsDefaultCa;
/// whether to use the TLS NPN extension on these connections
bool tlsNpn;