ErrorDetail.cc
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #include "squid.h"
10 #include "errorpage.h"
11 #include "fatal.h"
12 #include "ssl/ErrorDetail.h"
13 
14 #include <climits>
15 #include <map>
16 
17 struct SslErrorEntry {
19  const char *name;
20 };
21 
22 static const char *SslErrorDetailDefaultStr = "SSL handshake error (%err_name)";
23 //Use std::map to optimize search
24 typedef std::map<Security::ErrorCode, const SslErrorEntry *> SslErrors;
26 
27 static SslErrorEntry TheSslErrorArray[] = {
29  "SQUID_X509_V_ERR_INFINITE_VALIDATION"
30  },
32  "SQUID_X509_V_ERR_CERT_CHANGE"
33  },
35  "SQUID_ERR_SSL_HANDSHAKE"
36  },
38  "SQUID_X509_V_ERR_DOMAIN_MISMATCH"
39  },
40  { X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT,
41  "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT"
42  },
43  { X509_V_ERR_UNABLE_TO_GET_CRL,
44  "X509_V_ERR_UNABLE_TO_GET_CRL"
45  },
46  { X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE,
47  "X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE"
48  },
49  { X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE,
50  "X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE"
51  },
52  { X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY,
53  "X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY"
54  },
55  { X509_V_ERR_CERT_SIGNATURE_FAILURE,
56  "X509_V_ERR_CERT_SIGNATURE_FAILURE"
57  },
58  { X509_V_ERR_CRL_SIGNATURE_FAILURE,
59  "X509_V_ERR_CRL_SIGNATURE_FAILURE"
60  },
61  { X509_V_ERR_CERT_NOT_YET_VALID,
62  "X509_V_ERR_CERT_NOT_YET_VALID"
63  },
64  { X509_V_ERR_CERT_HAS_EXPIRED,
65  "X509_V_ERR_CERT_HAS_EXPIRED"
66  },
67  { X509_V_ERR_CRL_NOT_YET_VALID,
68  "X509_V_ERR_CRL_NOT_YET_VALID"
69  },
70  { X509_V_ERR_CRL_HAS_EXPIRED,
71  "X509_V_ERR_CRL_HAS_EXPIRED"
72  },
73  { X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD,
74  "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD"
75  },
76  { X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD,
77  "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD"
78  },
79  { X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD,
80  "X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD"
81  },
82  { X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD,
83  "X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD"
84  },
85  { X509_V_ERR_OUT_OF_MEM,
86  "X509_V_ERR_OUT_OF_MEM"
87  },
88  { X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
89  "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT"
90  },
91  { X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN,
92  "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN"
93  },
94  { X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
95  "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY"
96  },
97  { X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE,
98  "X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE"
99  },
100  { X509_V_ERR_CERT_CHAIN_TOO_LONG,
101  "X509_V_ERR_CERT_CHAIN_TOO_LONG"
102  },
103  { X509_V_ERR_CERT_REVOKED,
104  "X509_V_ERR_CERT_REVOKED"
105  },
106  { X509_V_ERR_INVALID_CA,
107  "X509_V_ERR_INVALID_CA"
108  },
109  { X509_V_ERR_PATH_LENGTH_EXCEEDED,
110  "X509_V_ERR_PATH_LENGTH_EXCEEDED"
111  },
112  { X509_V_ERR_INVALID_PURPOSE,
113  "X509_V_ERR_INVALID_PURPOSE"
114  },
115  { X509_V_ERR_CERT_UNTRUSTED,
116  "X509_V_ERR_CERT_UNTRUSTED"
117  },
118  { X509_V_ERR_CERT_REJECTED,
119  "X509_V_ERR_CERT_REJECTED"
120  },
121  { X509_V_ERR_SUBJECT_ISSUER_MISMATCH,
122  "X509_V_ERR_SUBJECT_ISSUER_MISMATCH"
123  },
124  { X509_V_ERR_AKID_SKID_MISMATCH,
125  "X509_V_ERR_AKID_SKID_MISMATCH"
126  },
127  { X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH,
128  "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH"
129  },
130  { X509_V_ERR_KEYUSAGE_NO_CERTSIGN,
131  "X509_V_ERR_KEYUSAGE_NO_CERTSIGN"
132  },
133 #if defined(X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER)
134  {
135  X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, //33
136  "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER"
137  },
138 #endif
139 #if defined(X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION)
140  {
141  X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION, //34
142  "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION"
143  },
144 #endif
145 #if defined(X509_V_ERR_KEYUSAGE_NO_CRL_SIGN)
146  {
147  X509_V_ERR_KEYUSAGE_NO_CRL_SIGN, //35
148  "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN"
149  },
150 #endif
151 #if defined(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION)
152  {
153  X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION, //36
154  "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION"
155  },
156 #endif
157 #if defined(X509_V_ERR_INVALID_NON_CA)
158  {
159  X509_V_ERR_INVALID_NON_CA, //37
160  "X509_V_ERR_INVALID_NON_CA"
161  },
162 #endif
163 #if defined(X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED)
164  {
165  X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED, //38
166  "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED"
167  },
168 #endif
169 #if defined(X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE)
170  {
171  X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE, //39
172  "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE"
173  },
174 #endif
175 #if defined(X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED)
176  {
177  X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED, //40
178  "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED"
179  },
180 #endif
181 #if defined(X509_V_ERR_INVALID_EXTENSION)
182  {
183  X509_V_ERR_INVALID_EXTENSION, //41
184  "X509_V_ERR_INVALID_EXTENSION"
185  },
186 #endif
187 #if defined(X509_V_ERR_INVALID_POLICY_EXTENSION)
188  {
189  X509_V_ERR_INVALID_POLICY_EXTENSION, //42
190  "X509_V_ERR_INVALID_POLICY_EXTENSION"
191  },
192 #endif
193 #if defined(X509_V_ERR_NO_EXPLICIT_POLICY)
194  {
195  X509_V_ERR_NO_EXPLICIT_POLICY, //43
196  "X509_V_ERR_NO_EXPLICIT_POLICY"
197  },
198 #endif
199 #if defined(X509_V_ERR_DIFFERENT_CRL_SCOPE)
200  {
201  X509_V_ERR_DIFFERENT_CRL_SCOPE, //44
202  "X509_V_ERR_DIFFERENT_CRL_SCOPE"
203  },
204 #endif
205 #if defined(X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE)
206  {
207  X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE, //45
208  "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE"
209  },
210 #endif
211 #if defined(X509_V_ERR_UNNESTED_RESOURCE)
212  {
213  X509_V_ERR_UNNESTED_RESOURCE, //46
214  "X509_V_ERR_UNNESTED_RESOURCE"
215  },
216 #endif
217 #if defined(X509_V_ERR_PERMITTED_VIOLATION)
218  {
219  X509_V_ERR_PERMITTED_VIOLATION, //47
220  "X509_V_ERR_PERMITTED_VIOLATION"
221  },
222 #endif
223 #if defined(X509_V_ERR_EXCLUDED_VIOLATION)
224  {
225  X509_V_ERR_EXCLUDED_VIOLATION, //48
226  "X509_V_ERR_EXCLUDED_VIOLATION"
227  },
228 #endif
229 #if defined(X509_V_ERR_SUBTREE_MINMAX)
230  {
231  X509_V_ERR_SUBTREE_MINMAX, //49
232  "X509_V_ERR_SUBTREE_MINMAX"
233  },
234 #endif
235 #if defined(X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE)
236  {
237  X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE, //51
238  "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE"
239  },
240 #endif
241 #if defined(X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX)
242  {
243  X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX, //52
244  "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX"
245  },
246 #endif
247 #if defined(X509_V_ERR_UNSUPPORTED_NAME_SYNTAX)
248  {
249  X509_V_ERR_UNSUPPORTED_NAME_SYNTAX, //53
250  "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX"
251  },
252 #endif
253 #if defined(X509_V_ERR_CRL_PATH_VALIDATION_ERROR)
254  {
255  X509_V_ERR_CRL_PATH_VALIDATION_ERROR, //54
256  "X509_V_ERR_CRL_PATH_VALIDATION_ERROR"
257  },
258 #endif
259  { X509_V_ERR_APPLICATION_VERIFICATION,
260  "X509_V_ERR_APPLICATION_VERIFICATION"
261  },
262  { SSL_ERROR_NONE, "SSL_ERROR_NONE"},
263  {SSL_ERROR_NONE, NULL}
264 };
265 
266 static const char *OptionalSslErrors[] = {
267  "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER",
268  "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION",
269  "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN",
270  "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION",
271  "X509_V_ERR_INVALID_NON_CA",
272  "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED",
273  "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE",
274  "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED",
275  "X509_V_ERR_INVALID_EXTENSION",
276  "X509_V_ERR_INVALID_POLICY_EXTENSION",
277  "X509_V_ERR_NO_EXPLICIT_POLICY",
278  "X509_V_ERR_DIFFERENT_CRL_SCOPE",
279  "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE",
280  "X509_V_ERR_UNNESTED_RESOURCE",
281  "X509_V_ERR_PERMITTED_VIOLATION",
282  "X509_V_ERR_EXCLUDED_VIOLATION",
283  "X509_V_ERR_SUBTREE_MINMAX",
284  "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE",
285  "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX",
286  "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX",
287  "X509_V_ERR_CRL_PATH_VALIDATION_ERROR",
288  NULL
289 };
290 
292  const char *name;
294 };
295 
296 static const Security::ErrorCode hasExpired[] = {X509_V_ERR_CERT_HAS_EXPIRED, SSL_ERROR_NONE};
297 static const Security::ErrorCode notYetValid[] = {X509_V_ERR_CERT_NOT_YET_VALID, SSL_ERROR_NONE};
299 static const Security::ErrorCode certUntrusted[] = {X509_V_ERR_INVALID_CA,
300  X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN,
301  X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE,
302  X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT,
303  X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
304  X509_V_ERR_CERT_UNTRUSTED, SSL_ERROR_NONE
305  };
306 static const Security::ErrorCode certSelfSigned[] = {X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, SSL_ERROR_NONE};
307 
308 // The list of error name shortcuts for use with ssl_error acls.
309 // The keys without the "ssl::" scope prefix allow shorter error
310 // names within the SSL options scope. This is easier than
311 // carefully stripping the scope prefix in Ssl::ParseErrorString().
312 static SslErrorAlias TheSslErrorShortcutsArray[] = {
313  {"ssl::certHasExpired", hasExpired},
314  {"certHasExpired", hasExpired},
315  {"ssl::certNotYetValid", notYetValid},
316  {"certNotYetValid", notYetValid},
317  {"ssl::certDomainMismatch", domainMismatch},
318  {"certDomainMismatch", domainMismatch},
319  {"ssl::certUntrusted", certUntrusted},
320  {"certUntrusted", certUntrusted},
321  {"ssl::certSelfSigned", certSelfSigned},
322  {"certSelfSigned", certSelfSigned},
323  {NULL, NULL}
324 };
325 
326 // Use std::map to optimize search.
327 typedef std::map<std::string, const Security::ErrorCode *> SslErrorShortcuts;
329 
330 static void loadSslErrorMap()
331 {
332  assert(TheSslErrors.empty());
333  for (int i = 0; TheSslErrorArray[i].name; ++i) {
334  TheSslErrors[TheSslErrorArray[i].value] = &TheSslErrorArray[i];
335  }
336 }
337 
339 {
340  assert(TheSslErrorShortcuts.empty());
341  for (int i = 0; TheSslErrorShortcutsArray[i].name; ++i)
342  TheSslErrorShortcuts[TheSslErrorShortcutsArray[i].name] = TheSslErrorShortcutsArray[i].errors;
343 }
344 
346 {
347  //TODO: use a std::map?
348  for (int i = 0; TheSslErrorArray[i].name != NULL; ++i) {
349  if (strcmp(name, TheSslErrorArray[i].name) == 0)
350  return TheSslErrorArray[i].value;
351  }
352  return SSL_ERROR_NONE;
353 }
354 
355 bool
356 Ssl::ParseErrorString(const char *name, Security::Errors &errors)
357 {
358  assert(name);
359 
360  const Security::ErrorCode ssl_error = GetErrorCode(name);
361  if (ssl_error != SSL_ERROR_NONE) {
362  errors.emplace(ssl_error);
363  return true;
364  }
365 
366  if (xisdigit(*name)) {
367  const long int value = strtol(name, NULL, 0);
368  if (SQUID_SSL_ERROR_MIN <= value && value <= SQUID_SSL_ERROR_MAX) {
369  errors.emplace(value);
370  return true;
371  }
372  fatalf("Too small or too big TLS error code '%s'", name);
373  }
374 
375  if (TheSslErrorShortcuts.empty())
377 
378  const SslErrorShortcuts::const_iterator it = TheSslErrorShortcuts.find(name);
379  if (it != TheSslErrorShortcuts.end()) {
380  // Should not be empty...
381  assert(it->second[0] != SSL_ERROR_NONE);
382  for (int i = 0; it->second[i] != SSL_ERROR_NONE; ++i) {
383  errors.emplace(it->second[i]);
384  }
385  return true;
386  }
387 
388  fatalf("Unknown TLS error name '%s'", name);
389  return false; // not reached
390 }
391 
393 {
394  if (TheSslErrors.empty())
395  loadSslErrorMap();
396 
397  const SslErrors::const_iterator it = TheSslErrors.find(value);
398  if (it != TheSslErrors.end())
399  return it->second->name;
400 
401  return NULL;
402 }
403 
404 bool
405 Ssl::ErrorIsOptional(const char *name)
406 {
407  for (int i = 0; OptionalSslErrors[i] != NULL; ++i) {
408  if (strcmp(name, OptionalSslErrors[i]) == 0)
409  return true;
410  }
411  return false;
412 }
413 
414 const char *
416 {
417  return ErrorDetailsManager::GetInstance().getDefaultErrorDescr(value);
418 }
419 
420 Ssl::ErrorDetail::err_frm_code Ssl::ErrorDetail::ErrorFormatingCodes[] = {
421  {"ssl_subject", &Ssl::ErrorDetail::subject},
422  {"ssl_ca_name", &Ssl::ErrorDetail::ca_name},
423  {"ssl_cn", &Ssl::ErrorDetail::cn},
424  {"ssl_notbefore", &Ssl::ErrorDetail::notbefore},
425  {"ssl_notafter", &Ssl::ErrorDetail::notafter},
426  {"err_name", &Ssl::ErrorDetail::err_code},
427  {"ssl_error_descr", &Ssl::ErrorDetail::err_descr},
428  {"ssl_lib_error", &Ssl::ErrorDetail::err_lib_error},
429  {NULL,NULL}
430 };
431 
435 const char *Ssl::ErrorDetail::subject() const
436 {
437  if (broken_cert.get()) {
438  static char tmpBuffer[256]; // A temporary buffer
439  if (X509_NAME_oneline(X509_get_subject_name(broken_cert.get()), tmpBuffer, sizeof(tmpBuffer)))
440  return tmpBuffer;
441  }
442  return "[Not available]";
443 }
444 
445 // helper function to be used with Ssl::matchX509CommonNames
446 static int copy_cn(void *check_data, ASN1_STRING *cn_data)
447 {
448  String *str = (String *)check_data;
449  if (!str) // no data? abort
450  return 0;
451  if (cn_data && cn_data->length) {
452  if (str->size() > 0)
453  str->append(", ");
454  str->append((const char *)cn_data->data, cn_data->length);
455  }
456  return 1;
457 }
458 
462 const char *Ssl::ErrorDetail::cn() const
463 {
464  if (broken_cert.get()) {
465  static String tmpStr;
466  tmpStr.clean();
467  Ssl::matchX509CommonNames(broken_cert.get(), &tmpStr, copy_cn);
468  if (tmpStr.size())
469  return tmpStr.termedBuf();
470  }
471  return "[Not available]";
472 }
473 
477 const char *Ssl::ErrorDetail::ca_name() const
478 {
479  if (broken_cert.get()) {
480  static char tmpBuffer[256]; // A temporary buffer
481  if (X509_NAME_oneline(X509_get_issuer_name(broken_cert.get()), tmpBuffer, sizeof(tmpBuffer)))
482  return tmpBuffer;
483  }
484  return "[Not available]";
485 }
486 
490 const char *Ssl::ErrorDetail::notbefore() const
491 {
492  if (broken_cert.get()) {
493  if (ASN1_UTCTIME * tm = X509_get_notBefore(broken_cert.get())) {
494  static char tmpBuffer[256]; // A temporary buffer
495  Ssl::asn1timeToString(tm, tmpBuffer, sizeof(tmpBuffer));
496  return tmpBuffer;
497  }
498  }
499  return "[Not available]";
500 }
501 
505 const char *Ssl::ErrorDetail::notafter() const
506 {
507  if (broken_cert.get()) {
508  if (ASN1_UTCTIME * tm = X509_get_notAfter(broken_cert.get())) {
509  static char tmpBuffer[256]; // A temporary buffer
510  Ssl::asn1timeToString(tm, tmpBuffer, sizeof(tmpBuffer));
511  return tmpBuffer;
512  }
513  }
514  return "[Not available]";
515 }
516 
520 const char *Ssl::ErrorDetail::err_code() const
521 {
522  static char tmpBuffer[64];
523  // We can use the GetErrorName but using the detailEntry is faster,
524  // so try it first.
525  const char *err = detailEntry.name.termedBuf();
526 
527  // error details not loaded yet or not defined in error_details.txt,
528  // try the GetErrorName...
529  if (!err)
530  err = GetErrorName(error_no);
531 
532  if (!err) {
533  snprintf(tmpBuffer, 64, "%d", (int)error_no);
534  err = tmpBuffer;
535  }
536  return err;
537 }
538 
542 const char *Ssl::ErrorDetail::err_descr() const
543 {
544  if (error_no == SSL_ERROR_NONE)
545  return "[No Error]";
546  if (const char *err = detailEntry.descr.termedBuf())
547  return err;
548  return "[Not available]";
549 }
550 
552 {
553  if (errReason.size() > 0)
554  return errReason.termedBuf();
555  else if (lib_error_no != SSL_ERROR_NONE)
556  return Security::ErrorString(lib_error_no);
557  else
558  return "[No Error]";
559 }
560 
578 int Ssl::ErrorDetail::convert(const char *code, const char **value) const
579 {
580  *value = "-";
581  for (int i=0; ErrorFormatingCodes[i].code!=NULL; ++i) {
582  const int len = strlen(ErrorFormatingCodes[i].code);
583  if (strncmp(code,ErrorFormatingCodes[i].code, len)==0) {
584  ErrorDetail::fmt_action_t action = ErrorFormatingCodes[i].fmt_action;
585  *value = (this->*action)();
586  return len;
587  }
588  }
589  return 0;
590 }
591 
599 {
600  char const *s = NULL;
601  char const *p;
602  char const *t;
603  int code_len = 0;
604 
605  if (ErrorDetailsManager::GetInstance().getErrorDetail(error_no, request, detailEntry))
606  s = detailEntry.detail.termedBuf();
607 
608  if (!s)
610 
611  assert(s);
612  while ((p = strchr(s, '%'))) {
613  errDetailStr.append(s, p - s);
614  code_len = convert(++p, &t);
615  if (code_len)
616  errDetailStr.append(t);
617  else
618  errDetailStr.append("%");
619  s = p + code_len;
620  }
621  errDetailStr.append(s, strlen(s));
622 }
623 
625 {
626  if (errDetailStr.size() == 0)
627  buildDetail();
628  return errDetailStr;
629 }
630 
631 Ssl::ErrorDetail::ErrorDetail( Security::ErrorCode err_no, X509 *cert, X509 *broken, const char *aReason): error_no (err_no), lib_error_no(SSL_ERROR_NONE), errReason(aReason)
632 {
633  if (cert)
634  peer_cert.resetAndLock(cert);
635 
636  if (broken)
637  broken_cert.resetAndLock(broken);
638  else
639  broken_cert.resetAndLock(cert);
640 
641  detailEntry.error_no = SSL_ERROR_NONE;
642 }
643 
645 {
646  error_no = anErrDetail.error_no;
647  request = anErrDetail.request;
648 
649  if (anErrDetail.peer_cert.get()) {
650  peer_cert.resetAndLock(anErrDetail.peer_cert.get());
651  }
652 
653  if (anErrDetail.broken_cert.get()) {
654  broken_cert.resetAndLock(anErrDetail.broken_cert.get());
655  }
656 
657  detailEntry = anErrDetail.detailEntry;
658 
659  lib_error_no = anErrDetail.lib_error_no;
660 }
661 
static const Security::ErrorCode certUntrusted[]
Definition: ErrorDetail.cc:299
HttpRequest::Pointer request
Definition: ErrorDetail.h:92
static void loadSslErrorShortcutsMap()
Definition: ErrorDetail.cc:338
#define assert(EX)
Definition: assert.h:17
static const Security::ErrorCode hasExpired[]
Definition: ErrorDetail.cc:296
std::map< Security::ErrorCode, const SslErrorEntry * > SslErrors
Definition: ErrorDetail.cc:24
const char * GetErrorName(Security::ErrorCode value)
The string representation of the TLS error "value".
Definition: ErrorDetail.cc:392
static ErrorDetailsManager & GetInstance()
Instance class.
static const Security::ErrorCode certSelfSigned[]
Definition: ErrorDetail.cc:306
const char * GetErrorDescr(Security::ErrorCode value)
A short description of the TLS error "value".
Definition: ErrorDetail.cc:415
const char * ca_name() const
Definition: ErrorDetail.cc:477
const char * name
Definition: ErrorDetail.cc:19
struct _request * request(char *urlin)
Definition: tcp-banger2.c:291
const char * subject() const
Definition: ErrorDetail.cc:435
int i
Definition: membanger.c:49
#define SQUID_X509_V_ERR_DOMAIN_MISMATCH
Definition: support.h:43
int convert(const char *code, const char **value) const
Definition: ErrorDetail.cc:578
#define SQUID_X509_V_ERR_CERT_CHANGE
Definition: support.h:41
Security::ErrorCode GetErrorCode(const char *name)
The Security::ErrorCode code of the error described by "name".
Definition: ErrorDetail.cc:345
SslErrors TheSslErrors
Definition: ErrorDetail.cc:25
unsigned long lib_error_no
low-level error returned by OpenSSL ERR_get_error(3SSL)
Definition: ErrorDetail.h:87
char * p
Definition: membanger.c:43
size_type size() const
Definition: SquidString.h:71
bool ErrorIsOptional(const char *name)
Definition: ErrorDetail.cc:405
void append(char const *buf, int len)
Definition: String.cc:161
ErrorDetailEntry detailEntry
Definition: ErrorDetail.h:91
void fatalf(const char *fmt,...)
Definition: fatal.cc:79
const char * err_descr() const
Definition: ErrorDetail.cc:542
void buildDetail() const
Definition: ErrorDetail.cc:598
static void loadSslErrorMap()
Definition: ErrorDetail.cc:330
const Security::ErrorCode * errors
Definition: ErrorDetail.cc:293
static const char * OptionalSslErrors[]
Definition: ErrorDetail.cc:266
const char * cn() const
Definition: ErrorDetail.cc:462
int ErrorCode
Squid defined error code (<0), an error code returned by X.509 API, or SSL_ERROR_NONE.
Definition: forward.h:116
char const * termedBuf() const
Definition: SquidString.h:90
#define SQUID_SSL_ERROR_MIN
Definition: support.h:45
const char * err_lib_error() const
Definition: ErrorDetail.cc:551
const String & toString() const
An error detail string to embed in squid error pages.
Definition: ErrorDetail.cc:624
const char * err_code() const
Definition: ErrorDetail.cc:520
int unsigned int const char *desc STUB void int len
Definition: stub_fd.cc:20
unsigned char code
Definition: html_quote.c:20
static const Security::ErrorCode notYetValid[]
Definition: ErrorDetail.cc:297
bool action(int fd, size_t metasize, const char *fn, const char *url, const SquidMetaList &meta)
Definition: purge.cc:311
#define SQUID_ERR_SSL_HANDSHAKE
Definition: support.h:42
Security::ErrorCode error_no
The SSL error code.
const char * name
Definition: ErrorDetail.cc:292
Security::CertPointer broken_cert
A pointer to the broken certificate (peer or intermediate)
Definition: ErrorDetail.h:89
Security::ErrorCode value
Definition: ErrorDetail.cc:18
Security::CertPointer peer_cert
A pointer to the peer certificate.
Definition: ErrorDetail.h:88
#define SQUID_X509_V_ERR_INFINITE_VALIDATION
Definition: support.h:40
Security::ErrorCode error_no
The error code.
Definition: ErrorDetail.h:86
SslErrorShortcuts TheSslErrorShortcuts
Definition: ErrorDetail.cc:328
static const char * SslErrorDetailDefaultStr
Definition: ErrorDetail.cc:22
#define xisdigit(x)
Definition: xis.h:20
#define SQUID_SSL_ERROR_MAX
Definition: support.h:46
std::unordered_set< Security::ErrorCode > Errors
Definition: forward.h:133
const char * notafter() const
Definition: ErrorDetail.cc:505
int asn1timeToString(ASN1_TIME *tm, char *buf, int len)
Definition: support.cc:158
bool ParseErrorString(const char *name, Security::Errors &)
Definition: ErrorDetail.cc:356
const char * notbefore() const
Definition: ErrorDetail.cc:490
ErrorDetail(Security::ErrorCode err_no, X509 *peer, X509 *broken, const char *aReason=NULL)
Definition: ErrorDetail.cc:631
int matchX509CommonNames(X509 *peer_cert, void *check_data, int(*check_func)(void *check_data, ASN1_STRING *cn_data))
Definition: support.cc:172
void clean()
Definition: String.cc:125
const char *(ErrorDetail::* fmt_action_t)() const
Definition: ErrorDetail.h:61
static const Security::ErrorCode domainMismatch[]
Definition: ErrorDetail.cc:298
const char * ErrorString(const ErrorCode code)
Definition: forward.h:121
std::map< std::string, const Security::ErrorCode * > SslErrorShortcuts
Definition: ErrorDetail.cc:327
#define NULL
Definition: types.h:166
static int copy_cn(void *check_data, ASN1_STRING *cn_data)
Definition: ErrorDetail.cc:446

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors