// Fix timeout to request_start_timeout
typedef CommCbMemFunT<ConnStateData, CommTimeoutCbParams> TimeoutDialer;
AsyncCall::Pointer timeoutCall = JobCallback(33, 5,
- TimeoutDialer, this, ConnStateData::requestTimeout);
+ TimeoutDialer, this, ConnStateData::requestTimeout);
commSetConnTimeout(clientConnection, Config.Timeout.request_start_timeout, timeoutCall);
// Also reset receivedFirstByte_ flag to allow this timeout work in the case we have
// a bumbed "connect" request on non transparent port.
return false;
}
-
void ConnStateData::startPeekAndSplice(const bool unsupportedProtocol)
{
if (unsupportedProtocol) {
bio->setReadBufData(inBuf);
bio->hold(true);
- // Here squid should have all of the client hello message so the
+ // Here squid should have all of the client hello message so the
// Squid_SSL_accept should return 0;
// This block exist only to force openSSL parse client hello and detect
// ERR_SECURE_ACCEPT_FAIL error, which should be checked and splice if required.
#include <unordered_set>
namespace Security {
-/*
+/*
* The types below represent various SSL and TLS protocol elements. Most names
* are based on RFC 5264 and RFC 6066 terminology. Objects of these explicit
* types are stored or passed around. Other protocol elements are simply parsed
Must(currentContentType == ContentType::ctChangeCipherSpec);
// We are currently ignoring Change Cipher Spec Protocol messages.
skipMessage("ChangeCipherCpec msg");
-
+
// Everything after the ChangeCipherCpec message may be encrypted.
// Continuing parsing is pointless. Stop here.
ressumingSession = true;
const Handshake message(tkMessages);
switch (message.msg_type) {
- case HandshakeType::hskClientHello:
- Must(state < atHelloReceived);
- Security::HandshakeParser::parseClientHelloHandshakeMessage(message.msg_body);
- state = atHelloReceived;
- done = "ClientHello";
- return;
- case HandshakeType::hskServerHello:
- Must(state < atHelloReceived);
- parseServerHelloHandshakeMessage(message.msg_body);
- state = atHelloReceived;
- return;
- case HandshakeType::hskCertificate:
- Must(state < atCertificatesReceived);
- parseServerCertificates(message.msg_body);
- state = atCertificatesReceived;
- return;
- case HandshakeType::hskServerHelloDone:
- Must(state < atHelloDoneReceived);
- // zero-length
- state = atHelloDoneReceived;
- done = "ServerHelloDone";
- return;
+ case HandshakeType::hskClientHello:
+ Must(state < atHelloReceived);
+ Security::HandshakeParser::parseClientHelloHandshakeMessage(message.msg_body);
+ state = atHelloReceived;
+ done = "ClientHello";
+ return;
+ case HandshakeType::hskServerHello:
+ Must(state < atHelloReceived);
+ parseServerHelloHandshakeMessage(message.msg_body);
+ state = atHelloReceived;
+ return;
+ case HandshakeType::hskCertificate:
+ Must(state < atCertificatesReceived);
+ parseServerCertificates(message.msg_body);
+ state = atCertificatesReceived;
+ return;
+ case HandshakeType::hskServerHelloDone:
+ Must(state < atHelloDoneReceived);
+ // zero-length
+ state = atHelloDoneReceived;
+ done = "ServerHelloDone";
+ return;
}
debugs(83, 5, "ignoring " << message.msg_body.length() << "-byte type-" <<
message.msg_type << " handshake message");
Parser::BinaryTokenizer tk(raw);
while (!tk.atEnd()) {
// RFC 6101 Appendix E, RFC 5246 Appendix E2
- // Unlike TLS, ciphers in SSLv23 Hellos are 3 bytes long and come in
+ // Unlike TLS, ciphers in SSLv23 Hellos are 3 bytes long and come in
// two versions: v2 and v3. The two versions may co-exist in a single
// SSLv23 Hello. Only v3 ciphers have a first byte value of zero.
- // The ciphers are needed for our peeking/staring code that
+ // The ciphers are needed for our peeking/staring code that
// does not support SSLv2, so we ignore v2 ciphers.
const uint8_t prefix = tk.uint8("prefix");
const uint16_t cipher = tk.uint16("cipher");
return Extensions(); // no extensions are supported without OpenSSL
}
#endif
+