/*
- * Copyright (C) 1996-2018 The Squid Software Foundation and contributors
+ * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
*
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
#include "base/YesNoNone.h"
#include "ConfigParser.h"
+#include "security/forward.h"
#include "security/KeyData.h"
class Packable;
/// parse a TLS squid.conf option
virtual void parse(const char *);
+ /// parse and verify the [tls-]options= string in sslOptions
+ void parseOptions();
+
/// reset the configuration details to default
virtual void clear() {*this = PeerOptions();}
void updateTlsVersionLimits();
/// Setup the library specific 'options=' parameters for the given context.
- void updateContextOptions(Security::ContextPointer &) const;
+ void updateContextOptions(Security::ContextPointer &);
/// setup the NPN extension details for the given context
void updateContextNpn(Security::ContextPointer &);
/// setup the CRL details for the given context
void updateContextCrl(Security::ContextPointer &);
+ /// decide which CAs to trust
+ void updateContextTrust(Security::ContextPointer &);
+
/// setup any library-specific options that can be set for the given session
void updateSessionOptions(Security::SessionPointer &);
virtual void dumpCfg(Packable *, const char *pfx) const;
private:
- void parseOptions(); ///< parsed value of sslOptions
- long parseFlags();
+ ParsedPortFlags parseFlags();
void loadCrlFile();
void loadKeysFile();
SBuf tlsMinVersion; ///< version label for minimum TLS version to permit
- Security::ParsedOptions parsedOptions; ///< parsed value of sslOptions
- long parsedFlags = 0; ///< parsed value of sslFlags
+private:
+ /// Library-specific options string generated from tlsMinVersion.
+ /// Call updateTlsVersionLimits() to regenerate this string.
+ SBuf tlsMinOptions;
+
+ /// Parsed value of sslOptions + tlsMinOptions settings.
+ /// Set optsReparse=true to have this re-parsed before next use.
+ Security::ParsedOptions parsedOptions;
+
+ /// whether parsedOptions content needs to be regenerated
+ bool optsReparse = true;
+
+public:
+ ParsedPortFlags parsedFlags = 0; ///< parsed value of sslFlags
std::list<Security::KeyData> certs; ///< details from the cert= and file= config parameters
std::list<SBuf> caFiles; ///< paths of files containing trusted Certificate Authority
template<typename T>
Security::ContextPointer convertContextFromRawPtr(T ctx) const {
#if USE_OPENSSL
+ debugs(83, 5, "SSL_CTX construct, this=" << (void*)ctx);
return ContextPointer(ctx, [](SSL_CTX *p) {
- debugs(83, 5, "SSL_free ctx=" << (void*)p);
+ debugs(83, 5, "SSL_CTX destruct, this=" << (void*)p);
SSL_CTX_free(p);
});
#elif USE_GNUTLS
+ debugs(83, 5, "gnutls_certificate_credentials construct, this=" << (void*)ctx);
return Security::ContextPointer(ctx, [](gnutls_certificate_credentials_t p) {
- debugs(83, 5, "gnutls_certificate_free_credentials ctx=" << (void*)p);
+ debugs(83, 5, "gnutls_certificate_credentials destruct, this=" << (void*)p);
gnutls_certificate_free_credentials(p);
});
#else
projects / thirdparty / squid.git / blobdiff