acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpServerFirst));
Security::SessionPointer session(fd_table[serverConn->fd].ssl);
BIO *b = SSL_get_rbio(session.get());
- Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(b->ptr);
+ Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(BIO_get_data(b));
if (!srvBio->canSplice())
acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpSplice));
if (!srvBio->canBump())
{
Security::SessionPointer session(fd_table[serverConn->fd].ssl);
BIO *b = SSL_get_rbio(session.get());
- Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(b->ptr);
+ Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(BIO_get_data(b));
debugs(83,5, "Will check for peek and splice on FD " << serverConn->fd);
Ssl::BumpMode finalAction = action;
auto clientSession = fd_table[clientConn->fd].ssl.get();
Must(clientSession);
BIO *bc = SSL_get_rbio(clientSession);
- Ssl::ClientBio *cltBio = static_cast<Ssl::ClientBio *>(bc->ptr);
+ Ssl::ClientBio *cltBio = static_cast<Ssl::ClientBio *>(BIO_get_data(bc));
Must(cltBio);
if (details && details->tlsVersion.protocol != AnyP::PROTO_NONE) {
applyTlsDetailsToSSL(serverSession.get(), details, csd->sslBumpMode);
// Should we allow it for all protocols?
if (details->tlsVersion.protocol == AnyP::PROTO_TLS || details->tlsVersion == AnyP::ProtocolVersion(AnyP::PROTO_SSL, 3, 0)) {
BIO *b = SSL_get_rbio(serverSession.get());
- Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(b->ptr);
+ Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(BIO_get_data(b));
// Inherite client features, like SSL version, SNI and other
srvBio->setClientFeatures(details, cltBio->rBufData());
srvBio->recordInput(true);
const int fd = serverConnection()->fd;
Security::SessionPointer session(fd_table[fd].ssl);
BIO *b = SSL_get_rbio(session.get());
- Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(b->ptr);
+ Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(BIO_get_data(b));
if ((srvBio->bumpMode() == Ssl::bumpPeek || srvBio->bumpMode() == Ssl::bumpStare) && srvBio->holdWrite()) {
debugs(81, 3, "hold write on SSL connection on FD " << fd);
const int fd = serverConnection()->fd;
Security::SessionPointer session(fd_table[fd].ssl);
BIO *b = SSL_get_rbio(session.get());
- Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(b->ptr);
+ Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(BIO_get_data(b));
// In Peek mode, the ClientHello message sent to the server. If the
// server resuming a previous (spliced) SSL session with the client,
/* SSL callbacks */
static void squid_ssl_info(const SSL *ssl, int where, int ret);
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
/// Initialization structure for the BIO table with
/// Squid-specific methods and BIO method wrappers.
static BIO_METHOD SquidMethods = {
squid_bio_destroy,
NULL // squid_callback_ctrl not supported
};
+#else
+static BIO_METHOD *SquidMethods = NULL;
+#endif
BIO *
Ssl::Bio::Create(const int fd, Ssl::Bio::Type type)
{
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
if (BIO *bio = BIO_new(&SquidMethods)) {
BIO_int_ctrl(bio, BIO_C_SET_FD, type, fd);
return bio;
}
+#else
+ if (!SquidMethods) {
+ SquidMethods = BIO_meth_new(BIO_TYPE_SOCKET, "squid");
+ BIO_meth_set_write(SquidMethods, squid_bio_write);
+ BIO_meth_set_read(SquidMethods, squid_bio_read);
+ BIO_meth_set_puts(SquidMethods, squid_bio_puts);
+ BIO_meth_set_gets(SquidMethods, NULL);
+ BIO_meth_set_ctrl(SquidMethods, squid_bio_ctrl);
+ BIO_meth_set_create(SquidMethods, squid_bio_create);
+ BIO_meth_set_destroy(SquidMethods, squid_bio_destroy);
+ }
+#endif
return NULL;
}
SSL_state_string(ssl) << " (" << SSL_state_string_long(ssl) << ")");
}
-bool
-Ssl::ClientBio::isClientHello(int state)
-{
- return (
- state == SSL3_ST_SR_CLNT_HELLO_A ||
- state == SSL23_ST_SR_CLNT_HELLO_A ||
- state == SSL23_ST_SR_CLNT_HELLO_B ||
- state == SSL3_ST_SR_CLNT_HELLO_B ||
- state == SSL3_ST_SR_CLNT_HELLO_C
- );
-}
-
void
Ssl::ClientBio::stateChanged(const SSL *ssl, int where, int ret)
{
static int
squid_bio_create(BIO *bi)
{
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
bi->init = 0; // set when we store Bio object and socket fd (BIO_C_SET_FD)
bi->num = 0;
- bi->ptr = NULL;
bi->flags = 0;
+#else
+ // No need to set more, openSSL initialize BIO memory to zero.
+#endif
+
+ BIO_set_data(bi, NULL);
return 1;
}
static int
squid_bio_destroy(BIO *table)
{
- delete static_cast<Ssl::Bio*>(table->ptr);
- table->ptr = NULL;
+ delete static_cast<Ssl::Bio*>(BIO_get_data(table));
+ BIO_set_data(table, NULL);
return 1;
}
static int
squid_bio_write(BIO *table, const char *buf, int size)
{
- Ssl::Bio *bio = static_cast<Ssl::Bio*>(table->ptr);
+ Ssl::Bio *bio = static_cast<Ssl::Bio*>(BIO_get_data(table));
assert(bio);
return bio->write(buf, size, table);
}
static int
squid_bio_read(BIO *table, char *buf, int size)
{
- Ssl::Bio *bio = static_cast<Ssl::Bio*>(table->ptr);
+ Ssl::Bio *bio = static_cast<Ssl::Bio*>(BIO_get_data(table));
assert(bio);
return bio->read(buf, size, table);
}
bio = new Ssl::ServerBio(fd);
else
bio = new Ssl::ClientBio(fd);
- assert(!table->ptr);
- table->ptr = bio;
- table->init = 1;
+ assert(!BIO_get_data(table));
+ BIO_set_data(table, bio);
+ BIO_set_init(table, 1);
return 0;
}
case BIO_C_GET_FD:
- if (table->init) {
- Ssl::Bio *bio = static_cast<Ssl::Bio*>(table->ptr);
+ if (BIO_get_init(table)) {
+ Ssl::Bio *bio = static_cast<Ssl::Bio*>(BIO_get_data(table));
assert(bio);
if (arg2)
*static_cast<int*>(arg2) = bio->fd();
return 0;
case BIO_CTRL_FLUSH:
- if (table->init) {
- Ssl::Bio *bio = static_cast<Ssl::Bio*>(table->ptr);
+ if (BIO_get_init(table)) {
+ Ssl::Bio *bio = static_cast<Ssl::Bio*>(BIO_get_data(table));
assert(bio);
bio->flush(table);
return 1;
squid_ssl_info(const SSL *ssl, int where, int ret)
{
if (BIO *table = SSL_get_rbio(ssl)) {
- if (Ssl::Bio *bio = static_cast<Ssl::Bio*>(table->ptr))
+ if (Ssl::Bio *bio = static_cast<Ssl::Bio*>(BIO_get_data(table)))
bio->stateChanged(ssl, where, ret);
}
}
cbytes[0] = (cipherId >> 8) & 0xFF;
cbytes[1] = cipherId & 0xFF;
cbytes[2] = 0;
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
- const SSL_METHOD *method = TLS_method();
-#else
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
const SSL_METHOD *method = SSLv23_method();
-#endif
const SSL_CIPHER *c = method->get_cipher_by_char(cbytes);
+#else
+ const SSL_CIPHER *c = SSL_CIPHER_find(ssl, cbytes);
+#endif
if (c != NULL) {
if (!strCiphers.isEmpty())
strCiphers.append(":");
- strCiphers.append(c->name);
+ strCiphers.append(SSL_CIPHER_get_name(c));
}
}
if (!strCiphers.isEmpty())
/// by the caller.
void setReadBufData(SBuf &data) {rbuf = data;}
private:
- /// True if the SSL state corresponds to a hello message
- bool isClientHello(int state);
bool holdRead_; ///< The read hold state of the bio.
bool holdWrite_; ///< The write hold state of the bio.
int helloSize; ///< The SSL hello message sent by client size
void
applyTlsDetailsToSSL(SSL *ssl, Security::TlsDetails::Pointer const &details, Ssl::BumpMode bumpMode);
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+// OpenSSL v1.0 bio compatibility functions
+inline void *BIO_get_data(BIO *table) { return table->ptr; }
+inline void BIO_set_data(BIO *table, void *data) { table->ptr = data; }
+inline int BIO_get_init(BIO *table) { return table->init; }
+inline void BIO_set_init(BIO *table, int init) { table->init = init; }
+#endif
+
#endif /* SQUID_SSL_BIO_H */
projects / thirdparty / squid.git / commitdiff
