#include <ErrorDetail.h>


Public Types | |
typedef ErrorDetailPointer | Pointer |
Public Member Functions | |
ErrorDetail (ErrorCode err_no, const CertPointer &peer, const CertPointer &broken, const char *aReason=nullptr) | |
ErrorDetail (ErrorCode anErrorCode, int anIoErrorNo, int aSysErrorNo) | |
SBuf | brief () const override |
SBuf | verbose (const HttpRequestPointer &) const override |
ErrorCode | errorNo () const |
int | sysError () const |
Certificate * | peerCert () |
the peer certificate (or nil) More... | |
Certificate * | brokenCert () |
peer or intermediate certificate that failed validation (or nil) More... | |
void | setPeerCertificate (const CertPointer &) |
Private Types | |
using | ErrorDetailEntry = Ssl::ErrorDetailEntry |
Private Member Functions | |
MEMPROXY_CLASS (Security::ErrorDetail) | |
ErrorDetail (ErrorCode err, int aSysErrorNo) | |
helper constructor implementing the logic shared by the two public ones More... | |
const char * | subject () const |
textual representation of the subject of the broken certificate More... | |
const char * | ca_name () const |
the issuer of the broken certificate More... | |
const char * | cn () const |
a list of the broken certificates CN and alternate names More... | |
const char * | notbefore () const |
textual representation of the "not before" field of the broken certificate More... | |
const char * | notafter () const |
textual representation of the "not after" field of the broken certificate More... | |
const char * | err_code () const |
textual representation of error_no More... | |
const char * | err_descr () const |
short description of error_no More... | |
const char * | err_lib_error () const |
textual representation of lib_error_no More... | |
size_t | convert (const char *code, const char **value) const |
Private Attributes | |
CertPointer | peer_cert |
A pointer to the peer certificate. More... | |
CertPointer | broken_cert |
A pointer to the broken certificate (peer or intermediate) More... | |
ErrorCode | error_no = 0 |
Squid-discovered error, validation error, or zero;. More... | |
LibErrorCode | lib_error_no = 0 |
TLS library-reported non-validation error or zero;. More... | |
int | sysErrorNo = 0 |
errno(3); system call failure code or zero More... | |
int | ioErrorNo = 0 |
ErrorDetailEntry | detailEntry |
String | errReason |
a custom reason for the error More... | |
Detailed Description
Details a TLS-related error. Two kinds of errors can be detailed:
- certificate validation errors (including built-in and helper-driven) and
- TLS logic and I/O errors (detected by Squid or the TLS library).
The following details may be available (only the first one is required):
- for all errors: problem classification (
- See also
- ErrorCode)
- for all errors: peer certificate
- for certificate validation errors: the broken certificate
- for certificate validation errors: validation failure reason
- for non-validation errors: TLS library-reported error(s)
- for non-validation errors: system call errno(3)
Definition at line 35 of file ErrorDetail.h.
Member Typedef Documentation
◆ ErrorDetailEntry
|
private |
Definition at line 113 of file ErrorDetail.h.
◆ Pointer
Definition at line 40 of file ErrorDetail.h.
Constructor & Destructor Documentation
◆ ErrorDetail() [1/3]
ErrorDetail::ErrorDetail | ( | ErrorCode | err_no, |
const CertPointer & | peer, | ||
const CertPointer & | broken, | ||
const char * | aReason = nullptr |
||
) |
Details a server-side certificate verification failure. If broken
is nil, then the broken certificate is the peer certificate.
Definition at line 465 of file ErrorDetail.cc.
References broken_cert, errReason, and peer_cert.
◆ ErrorDetail() [2/3]
Details (or starts detailing) a non-validation failure.
- Parameters
-
anIoErrorNo TLS I/O function outcome;
- See also
- ErrorDetail::ioErrorNo
- Parameters
-
aSysErrorNo saved errno(3);
- See also
- ErrorDetail::sysErrorNo
Definition at line 474 of file ErrorDetail.cc.
References ioErrorNo.
◆ ErrorDetail() [3/3]
Extract and remember errors stored internally by the TLS library.
Definition at line 444 of file ErrorDetail.cc.
References asHex(), debugs, Security::ForgetErrors(), and lib_error_no.
Member Function Documentation
◆ brief()
|
overridevirtual |
- Returns
- a single "token" summarizing available details suitable as an access.log field and similar output processed by programs
Implements ErrorDetail.
Definition at line 499 of file ErrorDetail.cc.
References SBuf::append(), SysErrorDetail::Brief(), and ToSBuf().
◆ brokenCert()
|
inline |
Definition at line 74 of file ErrorDetail.h.
References broken_cert, and Security::LockingPointer< T, UnLocker, Locker >::get().
◆ ca_name()
|
private |
Definition at line 614 of file ErrorDetail.cc.
References html_quote(), and Security::IssuerName().
Referenced by convert().
◆ cn()
|
private |
Definition at line 595 of file ErrorDetail.cc.
References String::clean(), copy_cn(), html_quote(), Ssl::matchX509CommonNames(), String::size(), and String::termedBuf().
Referenced by convert().
◆ convert()
|
private |
Converts the code to a string value. Supported formatting codes are:
Error meta information: err_name: The name of a high-level SSL error (e.g., X509_V_ERR_*) ssl_error_descr: A short description of the SSL error ssl_lib_error: human-readable low-level error string by ErrorString()
Certificate information extracted from broken (not necessarily peer!) cert ssl_cn: The comma-separated list of common and alternate names ssl_subject: The certificate subject ssl_ca_name: The certificate issuer name ssl_notbefore: The certificate "not before" field ssl_notafter: The certificate "not after" field
- Returns
- the length of the code (the number of characters to be replaced by value)
- Return values
-
0 for unsupported codes
Definition at line 717 of file ErrorDetail.cc.
References ca_name(), cn(), code, err_code(), err_descr(), err_lib_error(), notafter(), notbefore(), and subject().
◆ err_code()
|
private |
Definition at line 661 of file ErrorDetail.cc.
References Security::ErrorNameFromCode().
Referenced by convert().
◆ err_descr()
|
private |
Definition at line 674 of file ErrorDetail.cc.
Referenced by convert().
◆ err_lib_error()
|
private |
Definition at line 687 of file ErrorDetail.cc.
References Security::ErrorString().
Referenced by convert().
◆ errorNo()
|
inline |
- Returns
- error category;
- See also
- ErrorCode
Definition at line 63 of file ErrorDetail.h.
References error_no.
◆ MEMPROXY_CLASS()
|
private |
◆ notafter()
|
private |
Definition at line 645 of file ErrorDetail.cc.
References Ssl::asn1timeToString(), and X509_getm_notAfter.
Referenced by convert().
◆ notbefore()
|
private |
Definition at line 629 of file ErrorDetail.cc.
References Ssl::asn1timeToString(), and X509_getm_notBefore.
Referenced by convert().
◆ peerCert()
|
inline |
Definition at line 71 of file ErrorDetail.h.
References Security::LockingPointer< T, UnLocker, Locker >::get(), and peer_cert.
◆ setPeerCertificate()
void ErrorDetail::setPeerCertificate | ( | const CertPointer & | cert | ) |
remember the SSL certificate of our peer; requires nil peerCert() unlike the cert-setting constructor, does not assume the cert is bad
Definition at line 489 of file ErrorDetail.cc.
References assert.
◆ subject()
|
private |
Definition at line 563 of file ErrorDetail.cc.
References html_quote(), and Security::SubjectName().
Referenced by convert().
◆ sysError()
|
inline |
- Returns
- the previously saved errno(3) or zero
Definition at line 66 of file ErrorDetail.h.
References sysErrorNo.
Referenced by Security::PeerConnector::noteNegotiationError().
◆ verbose()
|
overridevirtual |
- Returns
- all available details; may be customized for the given request suitable for error pages and other output meant for human consumption
Implements ErrorDetail.
Definition at line 532 of file ErrorDetail.cc.
References SBuf::append(), assert, and Ssl::ErrorDetailsManager::GetInstance().
Member Data Documentation
◆ broken_cert
|
private |
Definition at line 95 of file ErrorDetail.h.
Referenced by ErrorDetail(), and brokenCert().
◆ detailEntry
|
mutableprivate |
Definition at line 114 of file ErrorDetail.h.
◆ error_no
|
private |
◆ errReason
|
private |
Definition at line 119 of file ErrorDetail.h.
Referenced by ErrorDetail().
◆ ioErrorNo
|
private |
OpenSSL-specific (first-level or intermediate) TLS I/O operation result reported by SSL_get_error(3SSL) (e.g., SSL_ERROR_SYSCALL) or zero. Unlike lib_error_no, this error is mostly meant for I/O control and has no OpenSSL-provided human-friendly text representation.
Definition at line 111 of file ErrorDetail.h.
Referenced by ErrorDetail().
◆ lib_error_no
|
private |
◆ peer_cert
|
private |
Definition at line 94 of file ErrorDetail.h.
Referenced by ErrorDetail(), and peerCert().
◆ sysErrorNo
|
private |
Definition at line 104 of file ErrorDetail.h.
Referenced by sysError().
The documentation for this class was generated from the following files:
- src/security/ErrorDetail.h
- src/security/ErrorDetail.cc