#include "ssl/PeerConnector.h"
#include "ssl/ServerBump.h"
#include "ssl/support.h"
+#else
+#include "security/EncryptorAnswer.h"
#endif
#include <cerrno>
class FwdStatePeerAnswerDialer: public CallDialer, public Ssl::PeerConnector::CbDialer
{
public:
- typedef void (FwdState::*Method)(Ssl::PeerConnectorAnswer &);
+ typedef void (FwdState::*Method)(Security::EncryptorAnswer &);
FwdStatePeerAnswerDialer(Method method, FwdState *fwd):
method_(method), fwd_(fwd), answer_() {}
}
/* Ssl::PeerConnector::CbDialer API */
- virtual Ssl::PeerConnectorAnswer &answer() { return answer_; }
+ virtual Security::EncryptorAnswer &answer() { return answer_; }
private:
Method method_;
CbcPointer<FwdState> fwd_;
- Ssl::PeerConnectorAnswer answer_;
+ Security::EncryptorAnswer answer_;
};
#endif
}
#endif
- // should reach ConnStateData before the dispatched Client job starts
- CallJobHere1(17, 4, request->clientConnectionManager, ConnStateData,
- ConnStateData::notePeerConnection, serverConnection());
-
- dispatch();
+ // if not encrypting just run the post-connect actions
+ Security::EncryptorAnswer nil;
+ connectedToPeer(nil);
}
-#if USE_OPENSSL
void
-FwdState::connectedToPeer(Ssl::PeerConnectorAnswer &answer)
+FwdState::connectedToPeer(Security::EncryptorAnswer &answer)
{
if (ErrorState *error = answer.error.get()) {
fail(error);
return;
}
+ // should reach ConnStateData before the dispatched Client job starts
+ CallJobHere1(17, 4, request->clientConnectionManager, ConnStateData,
+ ConnStateData::notePeerConnection, serverConnection());
+
dispatch();
}
-#endif
void
FwdState::connectTimeout(int fd)
#include "fde.h"
#include "http/StatusCode.h"
#include "ip/Address.h"
+#include "security/forward.h"
#if USE_OPENSSL
#include "ssl/support.h"
#endif
{
class ErrorDetail;
class CertValidationResponse;
-class PeerConnectorAnswer;
};
#endif
void completed();
void retryOrBail();
ErrorState *makeConnectingError(const err_type type) const;
-#if USE_OPENSSL
- void connectedToPeer(Ssl::PeerConnectorAnswer &answer);
-#endif
+ void connectedToPeer(Security::EncryptorAnswer &answer);
static void RegisterWithCacheManager(void);
/// stops monitoring server connection for closure and updates pconn stats
#include "SquidTime.h"
#if USE_OPENSSL
#include "ssl/PeerConnector.h"
+#else
+#include "security/EncryptorAnswer.h"
#endif
CBDATA_CLASS_INIT(PeerPoolMgr);
#if USE_OPENSSL
/// Gives Ssl::PeerConnector access to Answer in the PeerPoolMgr callback dialer.
-class MyAnswerDialer: public UnaryMemFunT<PeerPoolMgr, Ssl::PeerConnectorAnswer, Ssl::PeerConnectorAnswer&>,
+class MyAnswerDialer: public UnaryMemFunT<PeerPoolMgr, Security::EncryptorAnswer, Security::EncryptorAnswer&>,
public Ssl::PeerConnector::CbDialer
{
public:
MyAnswerDialer(const JobPointer &aJob, Method aMethod):
- UnaryMemFunT<PeerPoolMgr, Ssl::PeerConnectorAnswer, Ssl::PeerConnectorAnswer&>(aJob, aMethod, Ssl::PeerConnectorAnswer()) {}
+ UnaryMemFunT<PeerPoolMgr, Security::EncryptorAnswer, Security::EncryptorAnswer&>(aJob, aMethod, Security::EncryptorAnswer()) {}
/* Ssl::PeerConnector::CbDialer API */
- virtual Ssl::PeerConnectorAnswer &answer() { return arg1; }
+ virtual Security::EncryptorAnswer &answer() { return arg1; }
};
#endif
// push() will trigger a checkpoint()
}
-#if USE_OPENSSL
void
-PeerPoolMgr::handleSecuredPeer(Ssl::PeerConnectorAnswer &answer)
+PeerPoolMgr::handleSecuredPeer(Security::EncryptorAnswer &answer)
{
Must(securer != NULL);
securer = NULL;
// allow the closing connection to fully close before we check again
Checkpoint(this, "conn closure while securing");
}
-#endif
void
PeerPoolMgr::openNewConnection()
#include "base/AsyncJob.h"
#include "comm/forward.h"
+#include "security/forward.h"
class HttpRequest;
class CachePeer;
class CommConnectCbParams;
-#if USE_OPENSSL
-namespace Ssl
-{
-class PeerConnectorAnswer;
-}
-#endif
-
/// Maintains an fixed-size "standby" PconnPool for a single CachePeer.
class PeerPoolMgr: public AsyncJob
{
/// Comm::ConnOpener calls this when done opening a connection for us
void handleOpenedConnection(const CommConnectCbParams ¶ms);
-#if USE_OPENSSL
+
/// Ssl::PeerConnector callback
- void handleSecuredPeer(Ssl::PeerConnectorAnswer &answer);
+ void handleSecuredPeer(Security::EncryptorAnswer &answer);
+
/// called when the connection we are trying to secure is closed by a 3rd party
void handleSecureClosure(const CommCloseCbParams ¶ms);
-#endif
+
/// the final step in connection opening (and, optionally, securing) sequence
void pushNewConnection(const Comm::ConnectionPointer &conn);
--- /dev/null
+/*
+ * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
+ *
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
+ */
+
+#include "squid.h"
+#include "comm/Connection.h"
+#include "errorpage.h"
+#include "security/EncryptorAnswer.h"
+
+Security::EncryptorAnswer::~EncryptorAnswer()
+{
+ delete error.get();
+}
+
+std::ostream &
+Security::operator <<(std::ostream &os, const Security::EncryptorAnswer &answer)
+{
+ return os << answer.conn << ", " << answer.error;
+}
+
--- /dev/null
+/*
+ * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
+ *
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
+ */
+
+#ifndef SQUID_SECURITY_ENCRYPTORANSWER_H
+#define SQUID_SECURITY_ENCRYPTORANSWER_H
+
+#include "base/CbcPointer.h"
+#include "comm/forward.h"
+
+class ErrorState;
+
+namespace Security {
+
+/// Peer encrypted connection setup results (supplied via a callback).
+/// The connection to peer was secured if and only if the error member is nil.
+class EncryptorAnswer
+{
+public:
+ ~EncryptorAnswer(); ///< deletes error if it is still set
+ Comm::ConnectionPointer conn; ///< peer connection (secured on success)
+
+ /// answer recepients must clear the error member in order to keep its info
+ /// XXX: We should refcount ErrorState instead of cbdata-protecting it.
+ CbcPointer<ErrorState> error; ///< problem details (nil on success)
+};
+
+std::ostream &operator <<(std::ostream &, const Security::EncryptorAnswer &);
+
+} // namepace Security
+
+#endif /* SQUID_SECURITY_ENCRYPTORANSWER_H */
+
libsecurity_la_SOURCES= \
Context.h \
+ EncryptorAnswer.cc \
+ EncryptorAnswer.h \
+ forward.h \
PeerOptions.cc \
PeerOptions.h
#include "ConfigParser.h"
#include "SBuf.h"
-#include "security/Context.h"
+#include "security/forward.h"
namespace Security
{
--- /dev/null
+/*
+ * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
+ *
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
+ */
+
+#ifndef SQUID_SRC_SECURITY_FORWARD_H
+#define SQUID_SRC_SECURITY_FORWARD_H
+
+#include "security/Context.h"
+
+/// Network/connection security abstraction layer
+namespace Security
+{
+
+class EncryptorAnswer;
+class PeerOptions;
+
+} // namespace Security
+
+#endif /* SQUID_SRC_SECURITY_FORWARD_H */
+
return buf.content();
}
-/* PeerConnectorAnswer */
-
-Ssl::PeerConnectorAnswer::~PeerConnectorAnswer()
-{
- delete error.get();
-}
-
-std::ostream &
-Ssl::operator <<(std::ostream &os, const Ssl::PeerConnectorAnswer &answer)
-{
- return os << answer.conn << ", " << answer.error;
-}
-
#include "acl/Acl.h"
#include "base/AsyncCbdataCalls.h"
#include "base/AsyncJob.h"
+#include "security/EncryptorAnswer.h"
#include "ssl/support.h"
#include <iosfwd>
class ErrorDetail;
class CertValidationResponse;
-/// PeerConnector results (supplied via a callback).
-/// The connection to peer was secured if and only if the error member is nil.
-class PeerConnectorAnswer
-{
-public:
- ~PeerConnectorAnswer(); ///< deletes error if it is still set
- Comm::ConnectionPointer conn; ///< peer connection (secured on success)
-
- /// answer recepients must clear the error member in order to keep its info
- /// XXX: We should refcount ErrorState instead of cbdata-protecting it.
- CbcPointer<ErrorState> error; ///< problem details (nil on success)
-};
-
/**
\par
* Connects Squid client-side to an SSL peer (cache_peer ... ssl).
* Used by TunnelStateData, FwdState, and PeerPoolMgr to start talking to an
* SSL peer.
\par
- * The caller receives a call back with PeerConnectorAnswer. If answer.error
+ * The caller receives a call back with Security::EncryptorAnswer. If answer.error
* is not nil, then there was an error and the SSL connection to the SSL peer
* was not fully established. The error object is suitable for error response
* generation.
public:
virtual ~CbDialer() {}
/// gives PeerConnector access to the in-dialer answer
- virtual PeerConnectorAnswer &answer() = 0;
+ virtual Security::EncryptorAnswer &answer() = 0;
};
typedef RefCount<HttpRequest> HttpRequestPointer;
bool splice; ///< Whether we are going to splice or not
};
-std::ostream &operator <<(std::ostream &os, const Ssl::PeerConnectorAnswer &a);
-
} // namespace Ssl
#endif /* SQUID_PEER_CONNECTOR_H */
*/
#include "squid.h"
+#include "comm/Connection.h"
#define STUB_API "security/libsecurity.la"
#include "tests/STUB.h"
+#include "security/EncryptorAnswer.h"
+Security::EncryptorAnswer::~EncryptorAnswer() {}
+std::ostream &Security::operator <<(std::ostream &os, const Security::EncryptorAnswer &) STUB_RETVAL(os)
+
#include "security/PeerOptions.h"
Security::PeerOptions Security::ProxyOutgoingConfig;
void Security::PeerOptions::parse(char const*) STUB
#include "ssl/bio.h"
#include "ssl/PeerConnector.h"
#include "ssl/ServerBump.h"
+#else
+#include "security/EncryptorAnswer.h"
#endif
#include "tools.h"
#if USE_DELAY_POOLS
class MyAnswerDialer: public CallDialer, public Ssl::PeerConnector::CbDialer
{
public:
- typedef void (TunnelStateData::*Method)(Ssl::PeerConnectorAnswer &);
+ typedef void (TunnelStateData::*Method)(Security::EncryptorAnswer &);
MyAnswerDialer(Method method, TunnelStateData *tunnel):
method_(method), tunnel_(tunnel), answer_() {}
}
/* Ssl::PeerConnector::CbDialer API */
- virtual Ssl::PeerConnectorAnswer &answer() { return answer_; }
+ virtual Security::EncryptorAnswer &answer() { return answer_; }
private:
Method method_;
CbcPointer<TunnelStateData> tunnel_;
- Ssl::PeerConnectorAnswer answer_;
+ Security::EncryptorAnswer answer_;
};
-
- void connectedToPeer(Ssl::PeerConnectorAnswer &answer);
#endif
+ /// callback handler after connection setup (including any encryption)
+ void connectedToPeer(Security::EncryptorAnswer &answer);
+
public:
bool keepGoingAfterRead(size_t len, Comm::Flag errcode, int xerrno, Connection &from, Connection &to);
void copy(size_t len, Connection &from, Connection &to, IOCB *);
void
TunnelStateData::connectToPeer()
{
- const Comm::ConnectionPointer &srv = server.conn;
-
#if USE_OPENSSL
- if (CachePeer *p = srv->getPeer()) {
+ if (CachePeer *p = server.conn->getPeer()) {
if (p->secure.encryptTransport) {
AsyncCall::Pointer callback = asyncCall(5,4,
"TunnelStateData::ConnectedToPeer",
MyAnswerDialer(&TunnelStateData::connectedToPeer, this));
Ssl::PeerConnector *connector =
- new Ssl::PeerConnector(request, srv, client.conn, callback);
+ new Ssl::PeerConnector(request, server.conn, client.conn, callback);
AsyncJob::Start(connector); // will call our callback
return;
}
}
#endif
- tunnelRelayConnectRequest(srv, this);
+ Security::EncryptorAnswer nil;
+ connectedToPeer(nil);
}
-#if USE_OPENSSL
-/// Ssl::PeerConnector callback
void
-TunnelStateData::connectedToPeer(Ssl::PeerConnectorAnswer &answer)
+TunnelStateData::connectedToPeer(Security::EncryptorAnswer &answer)
{
if (ErrorState *error = answer.error.get()) {
*status_ptr = error->httpStatus;
tunnelRelayConnectRequest(server.conn, this);
}
-#endif
static void
tunnelRelayConnectRequest(const Comm::ConnectionPointer &srv, void *data)
projects / thirdparty / squid.git / commitdiff
