diff --git a/src/security/Context.h b/src/security/Context.h index a2b87782639..2120e5350e7 100644 --- a/src/security/Context.h +++ b/src/security/Context.h @@ -26,18 +26,14 @@ namespace Security { #if USE_OPENSSL -typedef std::shared_ptr ContextPointer; - +using ContextPointer = std::shared_ptr; #elif HAVE_LIBGNUTLS -typedef std::shared_ptr ContextPointer; - +using ContextPointer = std::shared_ptr; #else // use void* so we can check against nullptr -typedef std::shared_ptr ContextPointer; - +using ContextPointer = std::shared_ptr; #endif } // namespace Security #endif /* SQUID_SRC_SECURITY_CONTEXT_H */ - diff --git a/src/security/ErrorDetail.cc b/src/security/ErrorDetail.cc index afe9fd2e0eb..f47358da5d6 100644 --- a/src/security/ErrorDetail.cc +++ b/src/security/ErrorDetail.cc @@ -31,7 +31,7 @@ namespace Security { // we use std::map to optimize search; TODO: Use std::unordered_map instead? -typedef std::map ErrorCodeNames; +using ErrorCodeNames = std::map; static const ErrorCodeNames TheErrorCodeNames = { { SQUID_TLS_ERR_ACCEPT, "SQUID_TLS_ERR_ACCEPT" diff --git a/src/security/ErrorDetail.h b/src/security/ErrorDetail.h index b027ca80b34..120bca8240a 100644 --- a/src/security/ErrorDetail.h +++ b/src/security/ErrorDetail.h @@ -41,7 +41,7 @@ class ErrorDetail: public ::ErrorDetail MEMPROXY_CLASS(Security::ErrorDetail); public: - typedef ErrorDetailPointer Pointer; + using Pointer = ErrorDetailPointer; /// Details an origin or cache_peer certificate verification failure or mismatch. /// \param peer is an origin server or cache_peer certificate diff --git a/src/security/Handshake.cc b/src/security/Handshake.cc index 78f1be8c23a..8b2077f81c6 100644 --- a/src/security/Handshake.cc +++ b/src/security/Handshake.cc @@ -91,7 +91,8 @@ static const uint64_t HelloRandomSize = 32; class Extension { public: - typedef uint16_t Type; + using Type = uint16_t; + explicit Extension(Parser::BinaryTokenizer &tk); /// whether this extension is supported by Squid and, hence, may be bumped @@ -103,7 +104,7 @@ class Extension }; /// Extension types optimized for fast lookups. -typedef std::unordered_set Extensions; +using Extensions = std::unordered_set; static Extensions SupportedExtensions(); /// parse TLS ProtocolVersion (uint16) and convert it to AnyP::ProtocolVersion diff --git a/src/security/Handshake.h b/src/security/Handshake.h index bb2985e98d4..6ef9068b662 100644 --- a/src/security/Handshake.h +++ b/src/security/Handshake.h @@ -22,7 +22,8 @@ namespace Security class TlsDetails: public RefCountable { public: - typedef RefCount Pointer; + using Ciphers = std::unordered_set; + using Pointer = RefCount; TlsDetails(); /// Prints to os stream a human readable form of TlsDetails object @@ -45,8 +46,6 @@ class TlsDetails: public RefCountable /// The client random number SBuf clientRandom; SBuf sessionId; - - typedef std::unordered_set Ciphers; Ciphers ciphers; }; diff --git a/src/security/Io.cc b/src/security/Io.cc index ea5aeb87c56..ed2076baaa0 100644 --- a/src/security/Io.cc +++ b/src/security/Io.cc @@ -19,7 +19,7 @@ namespace Security { template static IoResult Handshake(Comm::Connection &, ErrorCode, Fun); -typedef SessionPointer::element_type *ConnectionPointer; +using ConnectionPointer = SessionPointer::element_type *; } // namespace Security diff --git a/src/security/Io.h b/src/security/Io.h index 4f7648d8061..5257e3ef667 100644 --- a/src/security/Io.h +++ b/src/security/Io.h @@ -18,7 +18,7 @@ namespace Security { /// a summary a TLS I/O operation outcome class IoResult: public RefCountable { public: - typedef RefCount Pointer; + using Pointer = RefCount; /// all possible outcome cases typedef enum { ioSuccess, ioWantRead, ioWantWrite, ioError } Category; diff --git a/src/security/KeyLogger.h b/src/security/KeyLogger.h index 4258a3d1d14..1cee7962baf 100644 --- a/src/security/KeyLogger.h +++ b/src/security/KeyLogger.h @@ -15,7 +15,7 @@ #include class MasterXaction; -typedef RefCount MasterXactionPointer; +using MasterXactionPointer = RefCount; namespace Security { diff --git a/src/security/LockingPointer.h b/src/security/LockingPointer.h index e7881039d9a..4985dfee3f3 100644 --- a/src/security/LockingPointer.h +++ b/src/security/LockingPointer.h @@ -34,7 +34,7 @@ namespace Security { inline bool nilFunction(const void *) { return false; } -typedef HardFun NilFunctor; +using NilFunctor = HardFun; /** * A shared pointer to a reference-counting Object with library-specific @@ -51,7 +51,7 @@ class LockingPointer { public: /// a helper label to simplify this objects API definitions below - typedef Security::LockingPointer SelfType; + using SelfType = Security::LockingPointer; /// constructs a nil smart pointer constexpr LockingPointer(): raw(nullptr) {} diff --git a/src/security/PeerConnector.cc b/src/security/PeerConnector.cc index 811d264d6d7..953cc72db76 100644 --- a/src/security/PeerConnector.cc +++ b/src/security/PeerConnector.cc @@ -53,7 +53,7 @@ Security::PeerConnector::PeerConnector(const Comm::ConnectionPointer &aServerCon // watch for external connection closures Must(Comm::IsConnOpen(serverConn)); Must(!fd_table[serverConn->fd].closing()); - typedef CommCbMemFunT Dialer; + using Dialer = CommCbMemFunT; closeHandler = JobCallback(9, 5, Dialer, this, Security::PeerConnector::commCloseHandler); comm_add_close_handler(serverConn->fd, closeHandler); } @@ -395,16 +395,15 @@ Security::PeerConnector::sslCrtvdCheckForErrors(Ssl::CertValidationResponse cons } Security::CertErrors *errs = nullptr; - typedef Ssl::CertValidationResponse::RecvdErrors::const_iterator SVCRECI; - for (SVCRECI i = resp.errors.begin(); i != resp.errors.end(); ++i) { - debugs(83, 7, "Error item: " << i->error_no << " " << i->error_reason); + for (const auto &itr : resp.errors) { + debugs(83, 7, "Error item: " << itr.error_no << " " << itr.error_reason); - assert(i->error_no != SSL_ERROR_NONE); + assert(itr.error_no != SSL_ERROR_NONE); if (!errDetails) { bool allowed = false; if (check) { - const auto sslErrors = std::make_unique(Security::CertError(i->error_no, i->cert, i->error_depth)); + const auto sslErrors = std::make_unique(Security::CertError(itr.error_no, itr.cert, itr.error_depth)); check->sslErrors = sslErrors.get(); if (check->fastCheck().allowed()) allowed = true; @@ -414,26 +413,26 @@ Security::PeerConnector::sslCrtvdCheckForErrors(Ssl::CertValidationResponse cons // and the first error will cause the error page if (allowed) { - debugs(83, 3, "bypassing SSL error " << i->error_no << " in " << "buffer"); + debugs(83, 3, "bypassing SSL error " << itr.error_no << " in " << "buffer"); } else { - debugs(83, 5, "confirming SSL error " << i->error_no); + debugs(83, 5, "confirming SSL error " << itr.error_no); Security::CertPointer peerCert(SSL_get_peer_certificate(session.get())); // Features/SslServerCertValidator docs do not specify whether // error_cert_ID is an optional helper response field. For now, // to preserve initial implementation behavior, we assume that // it is optional and that it defaults to peerCert. - const auto &brokenCert = i->cert ? i->cert : peerCert; + const auto &brokenCert = itr.cert ? itr.cert : peerCert; - const char *aReason = i->error_reason.empty() ? nullptr : i->error_reason.c_str(); - errDetails = new ErrorDetail(i->error_no, peerCert, brokenCert, aReason); + const char *aReason = itr.error_reason.empty() ? nullptr : itr.error_reason.c_str(); + errDetails = new ErrorDetail(itr.error_no, peerCert, brokenCert, aReason); } } if (!errs) - errs = new Security::CertErrors(Security::CertError(i->error_no, i->cert, i->error_depth)); + errs = new Security::CertErrors(Security::CertError(itr.error_no, itr.cert, itr.error_depth)); else - errs->push_back_unique(Security::CertError(i->error_no, i->cert, i->error_depth)); + errs->push_back_unique(Security::CertError(itr.error_no, itr.cert, itr.error_depth)); } return errs; @@ -467,9 +466,8 @@ Security::PeerConnector::noteWantRead() const int fd = serverConnection()->fd; // read timeout to avoid getting stuck while reading from a silent server - typedef CommCbMemFunT TimeoutDialer; - AsyncCall::Pointer timeoutCall = JobCallback(83, 5, - TimeoutDialer, this, Security::PeerConnector::commTimeoutHandler); + using TimeoutDialer = CommCbMemFunT; + AsyncCall::Pointer timeoutCall = JobCallback(83, 5, TimeoutDialer, this, Security::PeerConnector::commTimeoutHandler); const auto timeout = Comm::MortalReadTimeout(startTime, negotiationTimeout); commSetConnTimeout(serverConnection(), timeout, timeoutCall); diff --git a/src/security/PeerConnector.h b/src/security/PeerConnector.h index f0b0fd2a97a..b00641eab0f 100644 --- a/src/security/PeerConnector.h +++ b/src/security/PeerConnector.h @@ -29,7 +29,7 @@ class Downloader; class DownloaderAnswer; class AccessLogEntry; -typedef RefCount AccessLogEntryPointer; +using AccessLogEntryPointer = RefCount; namespace Security { diff --git a/src/security/PeerOptions.cc b/src/security/PeerOptions.cc index fe42948e240..4e412bcf9e7 100644 --- a/src/security/PeerOptions.cc +++ b/src/security/PeerOptions.cc @@ -601,7 +601,7 @@ Security::PeerOptions::parseFlags() SSL_FLAG_DONT_VERIFY_PEER| SSL_FLAG_DELAYED_AUTH| SSL_FLAG_CONDITIONAL_AUTH; - typedef std::bitset ParsedPortFlagBits; + using ParsedPortFlagBits = std::bitset; if (ParsedPortFlagBits(fl & mutuallyExclusive).count() > 1) { if (fl & SSL_FLAG_CONDITIONAL_AUTH) throw TextException("CONDITIONAL_AUTH is not compatible with NO_DEFAULT_CA and DELAYED_AUTH flags", Here()); diff --git a/src/security/ServerOptions.h b/src/security/ServerOptions.h index 9525ea381a1..1925d009da4 100644 --- a/src/security/ServerOptions.h +++ b/src/security/ServerOptions.h @@ -27,7 +27,7 @@ class ServerOptions : public PeerOptions public: #if USE_OPENSSL sk_dtor_wrapper(sk_X509_NAME, STACK_OF(X509_NAME) *, X509_NAME_free); - typedef std::unique_ptr X509_NAME_STACK_Pointer; + using X509_NAME_STACK_Pointer = std::unique_ptr; #endif ServerOptions() : PeerOptions() { diff --git a/src/security/Session.h b/src/security/Session.h index deda8830435..639582fbb86 100644 --- a/src/security/Session.h +++ b/src/security/Session.h @@ -46,36 +46,26 @@ class PeerOptions; bool CreateServerSession(const Security::ContextPointer &, const Comm::ConnectionPointer &, Security::PeerOptions &, const char *squidCtx); #if USE_OPENSSL -typedef SSL Connection; - +using Connection = SSL; using Session = SSL_SESSION; - -typedef std::shared_ptr SessionPointer; - -typedef std::unique_ptr> SessionStatePointer; +using SessionPointer = std::shared_ptr; +using SessionStatePointer = std::unique_ptr>; #elif HAVE_LIBGNUTLS -// to be finalized when it is actually needed/used -struct Connection {}; - -// to be finalized when it is actually needed/used -struct Session {}; +struct Connection {}; // to be finalized when it is actually needed/used +struct Session {}; // to be finalized when it is actually needed/used -typedef std::shared_ptr SessionPointer; +using SessionPointer = std::shared_ptr; // wrapper function to get around gnutls_free being a typedef inline void squid_gnutls_free(void *d) {gnutls_free(d);} -typedef std::unique_ptr> SessionStatePointer; +using SessionStatePointer = std::unique_ptr>; #else -typedef std::nullptr_t Connection; - +using Connection = std::nullptr_t; struct Session {}; - -typedef std::shared_ptr SessionPointer; - -typedef std::unique_ptr SessionStatePointer; - +using SessionPointer = std::shared_ptr; +using SessionStatePointer = std::unique_ptr; #endif /// send the shutdown/bye notice for an active TLS session. diff --git a/src/security/forward.h b/src/security/forward.h index 14e02e25aa4..1958b3a4aa0 100644 --- a/src/security/forward.h +++ b/src/security/forward.h @@ -73,38 +73,37 @@ namespace Security class CertError; /// Holds a list of X.509 certificate errors -typedef CbDataList CertErrors; +using CertErrors = CbDataList; #if USE_OPENSSL -typedef X509 Certificate; +using Certificate = X509; #elif HAVE_LIBGNUTLS -typedef struct gnutls_x509_crt_int Certificate; +using Certificate = struct gnutls_x509_crt_int; #else -typedef struct notls_x509 Certificate; +using Certificate = struct notls_x509; #endif #if USE_OPENSSL CtoCpp1(X509_free, X509 *); -typedef Security::LockingPointer > CertPointer; +using CertPointer = Security::LockingPointer>; #elif HAVE_LIBGNUTLS -typedef std::shared_ptr CertPointer; +using CertPointer = std::shared_ptr; #else -typedef std::shared_ptr CertPointer; +using CertPointer = std::shared_ptr; #endif #if USE_OPENSSL CtoCpp1(X509_CRL_free, X509_CRL *); -typedef Security::LockingPointer > CrlPointer; +using CrlPointer = Security::LockingPointer>; #elif HAVE_LIBGNUTLS CtoCpp1(gnutls_x509_crl_deinit, gnutls_x509_crl_t); -typedef Security::LockingPointer CrlPointer; +using CrlPointer = Security::LockingPointer; #else -typedef void *CrlPointer; +using CrlPointer = void *; #endif -typedef std::list CertList; - -typedef std::list CertRevokeList; +using CertList = std::list; +using CertRevokeList = std::list; #if USE_OPENSSL CtoCpp1(EVP_PKEY_free, EVP_PKEY *) @@ -118,7 +117,7 @@ using PrivateKeyPointer = std::shared_ptr; #if USE_OPENSSL #if OPENSSL_VERSION_MAJOR < 3 CtoCpp1(DH_free, DH *); -typedef Security::LockingPointer > DhePointer; +using DhePointer = Security::LockingPointer>; #else using DhePointer = PrivateKeyPointer; #endif @@ -131,21 +130,21 @@ using DhePointer = void *; class EncryptorAnswer; /// Squid-defined error code (<0), an error code returned by X.509 API, or zero -typedef int ErrorCode; +using ErrorCode = int; /// TLS library-reported non-validation error #if USE_OPENSSL /// the result of the first ERR_get_error(3SSL) call after a library call; /// `openssl errstr` expands these numbers into human-friendlier strings like /// `error:1408F09C:SSL routines:ssl3_get_record:http request` -typedef unsigned long LibErrorCode; +using LibErrorCode = unsigned long; #elif HAVE_LIBGNUTLS /// the result of an API function like gnutls_handshake() (e.g., /// GNUTLS_E_WARNING_ALERT_RECEIVED) -typedef int LibErrorCode; +using LibErrorCode = int; #else /// should always be zero and virtually unused -typedef int LibErrorCode; +using LibErrorCode = int; #endif /// converts numeric LibErrorCode into a human-friendlier string @@ -162,7 +161,7 @@ inline const char *ErrorString(const LibErrorCode code) { /// set of Squid defined TLS error codes /// \note using std::unordered_set ensures values are unique, with fast lookup -typedef std::unordered_set Errors; +using Errors = std::unordered_set; namespace Io { @@ -193,7 +192,7 @@ class KeyLog; #if USE_OPENSSL using ParsedOptions = uint64_t; #elif HAVE_LIBGNUTLS -typedef std::shared_ptr ParsedOptions; +using ParsedOptions = std::shared_ptr; #else class ParsedOptions {}; // we never parse/use TLS options in this case #endif @@ -201,7 +200,7 @@ class ParsedOptions {}; // we never parse/use TLS options in this case /// bitmask representing configured http(s)_port `sslflags` /// as well tls_outgoing_options `flags`, cache_peer `sslflags`, and /// icap_service `tls-flags` -typedef long ParsedPortFlags; +using ParsedPortFlags = long; class PeerConnector; class BlindPeerConnector; @@ -212,7 +211,7 @@ class ServerOptions; class FuturePeerContext; class ErrorDetail; -typedef RefCount ErrorDetailPointer; +using ErrorDetailPointer = RefCount; std::ostream &operator <<(std::ostream &, const KeyLog &); @@ -227,7 +226,7 @@ void CloseLogs(); ///< closes logs opened by OpenLogs() /// supplement official certificate validation errors to cover special cases. /// We use negative values, assuming that those official errors are positive. enum { - SQUID_TLS_ERR_OFFSET = std::numeric_limits::min(), + SQUID_TLS_ERR_OFFSET = std::numeric_limits::min(), /* TLS library calls/contexts other than validation (e.g., I/O) */ SQUID_TLS_ERR_ACCEPT, ///< failure to accept a connection from a TLS client