]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/security/BlindPeerConnector.cc
1a1a3a3bfce84f7b74842b3763fe1e87a734778d
2 * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
10 #include "CachePeer.h"
11 #include "comm/Connection.h"
12 #include "errorpage.h"
14 #include "HttpRequest.h"
15 #include "neighbors.h"
16 #include "security/BlindPeerConnector.h"
17 #include "security/NegotiationHistory.h"
18 #include "SquidConfig.h"
20 CBDATA_NAMESPACED_CLASS_INIT(Security
, BlindPeerConnector
);
22 Security::ContextPointer
23 Security::BlindPeerConnector::getTlsContext()
25 if (const CachePeer
*peer
= serverConnection()->getPeer()) {
26 assert(peer
->secure
.encryptTransport
);
27 return peer
->sslContext
;
29 return ::Config
.ssl_client
.sslContext
;
33 Security::BlindPeerConnector::initialize(Security::SessionPointer
&serverSession
)
35 if (!Security::PeerConnector::initialize(serverSession
))
38 if (const CachePeer
*peer
= serverConnection()->getPeer()) {
41 // NP: domain may be a raw-IP but it is now always set
42 assert(!peer
->secure
.sslDomain
.isEmpty());
45 // const loss is okay here, ssl_ex_index_server is only read and not assigned a destructor
46 SBuf
*host
= new SBuf(peer
->secure
.sslDomain
);
47 SSL_set_ex_data(serverSession
.get(), ssl_ex_index_server
, host
);
49 Security::SetSessionResumeData(serverSession
, peer
->sslSession
);
51 SBuf
*hostName
= new SBuf(request
->url
.host());
52 SSL_set_ex_data(serverSession
.get(), ssl_ex_index_server
, (void*)hostName
);
59 Security::BlindPeerConnector::noteNegotiationDone(ErrorState
*error
)
62 // XXX: forward.cc calls peerConnectSucceeded() after an OK TCP connect but
63 // we call peerConnectFailed() if SSL failed afterwards. Is that OK?
64 // It is not clear whether we should call peerConnectSucceeded/Failed()
65 // based on TCP results, SSL results, or both. And the code is probably not
66 // consistent in this aspect across tunnelling and forwarding modules.
67 if (CachePeer
*p
= serverConnection()->getPeer())
72 if (auto *peer
= serverConnection()->getPeer()) {
73 const int fd
= serverConnection()->fd
;
74 Security::MaybeGetSessionResumeData(fd_table
[fd
].ssl
, peer
->sslSession
);