#include <ErrorDetail.h>

Inheritance diagram for Security::ErrorDetail:
Collaboration diagram for Security::ErrorDetail:

Public Types

typedef ErrorDetailPointer Pointer
 

Public Member Functions

 ErrorDetail (ErrorCode err_no, const CertPointer &peer, const CertPointer &broken, const char *aReason=nullptr)
 
 ErrorDetail (ErrorCode anErrorCode, int anIoErrorNo, int aSysErrorNo)
 
SBuf brief () const override
 
SBuf verbose (const HttpRequestPointer &) const override
 
ErrorCode errorNo () const
 
int sysError () const
 
CertificatepeerCert ()
 the peer certificate (or nil) More...
 
CertificatebrokenCert ()
 peer or intermediate certificate that failed validation (or nil) More...
 
void setPeerCertificate (const CertPointer &)
 

Private Types

using ErrorDetailEntry = Ssl::ErrorDetailEntry
 

Private Member Functions

 MEMPROXY_CLASS (Security::ErrorDetail)
 
 ErrorDetail (ErrorCode err, int aSysErrorNo)
 helper constructor implementing the logic shared by the two public ones More...
 
const char * subject () const
 textual representation of the subject of the broken certificate More...
 
const char * ca_name () const
 the issuer of the broken certificate More...
 
const char * cn () const
 a list of the broken certificates CN and alternate names More...
 
const char * notbefore () const
 textual representation of the "not before" field of the broken certificate More...
 
const char * notafter () const
 textual representation of the "not after" field of the broken certificate More...
 
const char * err_code () const
 textual representation of error_no More...
 
const char * err_descr () const
 short description of error_no More...
 
const char * err_lib_error () const
 textual representation of lib_error_no More...
 
size_t convert (const char *code, const char **value) const
 

Private Attributes

CertPointer peer_cert
 A pointer to the peer certificate. More...
 
CertPointer broken_cert
 A pointer to the broken certificate (peer or intermediate) More...
 
ErrorCode error_no = 0
 Squid-discovered error, validation error, or zero;. More...
 
LibErrorCode lib_error_no = 0
 TLS library-reported non-validation error or zero;. More...
 
int sysErrorNo = 0
 errno(3); system call failure code or zero More...
 
int ioErrorNo = 0
 
ErrorDetailEntry detailEntry
 
String errReason
 a custom reason for the error More...
 

Detailed Description

Details a TLS-related error. Two kinds of errors can be detailed:

  • certificate validation errors (including built-in and helper-driven) and
  • TLS logic and I/O errors (detected by Squid or the TLS library).

The following details may be available (only the first one is required):

  • for all errors: problem classification (
    See also
    ErrorCode)
  • for all errors: peer certificate
  • for certificate validation errors: the broken certificate
  • for certificate validation errors: validation failure reason
  • for non-validation errors: TLS library-reported error(s)
  • for non-validation errors: system call errno(3)

Definition at line 35 of file ErrorDetail.h.

Member Typedef Documentation

◆ ErrorDetailEntry

◆ Pointer

Constructor & Destructor Documentation

◆ ErrorDetail() [1/3]

ErrorDetail::ErrorDetail ( ErrorCode  err_no,
const CertPointer peer,
const CertPointer broken,
const char *  aReason = nullptr 
)

Details a server-side certificate verification failure. If broken is nil, then the broken certificate is the peer certificate.

Definition at line 465 of file ErrorDetail.cc.

References broken_cert, errReason, and peer_cert.

◆ ErrorDetail() [2/3]

ErrorDetail::ErrorDetail ( ErrorCode  anErrorCode,
int  anIoErrorNo,
int  aSysErrorNo 
)

Details (or starts detailing) a non-validation failure.

Parameters
anIoErrorNoTLS I/O function outcome;
See also
ErrorDetail::ioErrorNo
Parameters
aSysErrorNosaved errno(3);
See also
ErrorDetail::sysErrorNo

Definition at line 474 of file ErrorDetail.cc.

References ioErrorNo.

◆ ErrorDetail() [3/3]

ErrorDetail::ErrorDetail ( ErrorCode  err,
int  aSysErrorNo 
)
private

Extract and remember errors stored internally by the TLS library.

Definition at line 444 of file ErrorDetail.cc.

References asHex(), debugs, Security::ForgetErrors(), and lib_error_no.

Member Function Documentation

◆ brief()

SBuf ErrorDetail::brief ( ) const
overridevirtual
Returns
a single "token" summarizing available details suitable as an access.log field and similar output processed by programs

Implements ErrorDetail.

Definition at line 499 of file ErrorDetail.cc.

References SBuf::append(), SysErrorDetail::Brief(), and ToSBuf().

◆ brokenCert()

Certificate * Security::ErrorDetail::brokenCert ( )
inline

◆ ca_name()

const char * ErrorDetail::ca_name ( ) const
private

Definition at line 614 of file ErrorDetail.cc.

References html_quote(), and Security::IssuerName().

Referenced by convert().

◆ cn()

const char * ErrorDetail::cn ( ) const
private

◆ convert()

size_t ErrorDetail::convert ( const char *  code,
const char **  value 
) const
private

Converts the code to a string value. Supported formatting codes are:

Error meta information: err_name: The name of a high-level SSL error (e.g., X509_V_ERR_*) ssl_error_descr: A short description of the SSL error ssl_lib_error: human-readable low-level error string by ErrorString()

Certificate information extracted from broken (not necessarily peer!) cert ssl_cn: The comma-separated list of common and alternate names ssl_subject: The certificate subject ssl_ca_name: The certificate issuer name ssl_notbefore: The certificate "not before" field ssl_notafter: The certificate "not after" field

Returns
the length of the code (the number of characters to be replaced by value)
Return values
0for unsupported codes

Definition at line 717 of file ErrorDetail.cc.

References ca_name(), cn(), code, err_code(), err_descr(), err_lib_error(), notafter(), notbefore(), and subject().

◆ err_code()

const char * ErrorDetail::err_code ( ) const
private

Definition at line 661 of file ErrorDetail.cc.

References Security::ErrorNameFromCode().

Referenced by convert().

◆ err_descr()

const char * ErrorDetail::err_descr ( ) const
private

Definition at line 674 of file ErrorDetail.cc.

Referenced by convert().

◆ err_lib_error()

const char * ErrorDetail::err_lib_error ( ) const
private

Definition at line 687 of file ErrorDetail.cc.

References Security::ErrorString().

Referenced by convert().

◆ errorNo()

ErrorCode Security::ErrorDetail::errorNo ( ) const
inline
Returns
error category;
See also
ErrorCode

Definition at line 63 of file ErrorDetail.h.

References error_no.

◆ MEMPROXY_CLASS()

Security::ErrorDetail::MEMPROXY_CLASS ( Security::ErrorDetail  )
private

◆ notafter()

const char * ErrorDetail::notafter ( ) const
private

Definition at line 645 of file ErrorDetail.cc.

References Ssl::asn1timeToString(), and X509_getm_notAfter.

Referenced by convert().

◆ notbefore()

const char * ErrorDetail::notbefore ( ) const
private

Definition at line 629 of file ErrorDetail.cc.

References Ssl::asn1timeToString(), and X509_getm_notBefore.

Referenced by convert().

◆ peerCert()

Certificate * Security::ErrorDetail::peerCert ( )
inline

◆ setPeerCertificate()

void ErrorDetail::setPeerCertificate ( const CertPointer cert)

remember the SSL certificate of our peer; requires nil peerCert() unlike the cert-setting constructor, does not assume the cert is bad

Definition at line 489 of file ErrorDetail.cc.

References assert.

◆ subject()

const char * ErrorDetail::subject ( ) const
private

Definition at line 563 of file ErrorDetail.cc.

References html_quote(), and Security::SubjectName().

Referenced by convert().

◆ sysError()

int Security::ErrorDetail::sysError ( ) const
inline
Returns
the previously saved errno(3) or zero

Definition at line 66 of file ErrorDetail.h.

References sysErrorNo.

Referenced by Security::PeerConnector::noteNegotiationError().

◆ verbose()

SBuf ErrorDetail::verbose ( const HttpRequestPointer ) const
overridevirtual
Returns
all available details; may be customized for the given request suitable for error pages and other output meant for human consumption

Implements ErrorDetail.

Definition at line 532 of file ErrorDetail.cc.

References SBuf::append(), assert, and Ssl::ErrorDetailsManager::GetInstance().

Member Data Documentation

◆ broken_cert

CertPointer Security::ErrorDetail::broken_cert
private

Definition at line 95 of file ErrorDetail.h.

Referenced by ErrorDetail(), and brokenCert().

◆ detailEntry

ErrorDetailEntry Security::ErrorDetail::detailEntry
mutableprivate

Definition at line 114 of file ErrorDetail.h.

◆ error_no

ErrorCode Security::ErrorDetail::error_no = 0
private
See also
ErrorCode

Definition at line 98 of file ErrorDetail.h.

Referenced by errorNo().

◆ errReason

String Security::ErrorDetail::errReason
private

Definition at line 119 of file ErrorDetail.h.

Referenced by ErrorDetail().

◆ ioErrorNo

int Security::ErrorDetail::ioErrorNo = 0
private

OpenSSL-specific (first-level or intermediate) TLS I/O operation result reported by SSL_get_error(3SSL) (e.g., SSL_ERROR_SYSCALL) or zero. Unlike lib_error_no, this error is mostly meant for I/O control and has no OpenSSL-provided human-friendly text representation.

Definition at line 111 of file ErrorDetail.h.

Referenced by ErrorDetail().

◆ lib_error_no

LibErrorCode Security::ErrorDetail::lib_error_no = 0
private
See also
LibErrorCode

Definition at line 101 of file ErrorDetail.h.

Referenced by ErrorDetail().

◆ peer_cert

CertPointer Security::ErrorDetail::peer_cert
private

Definition at line 94 of file ErrorDetail.h.

Referenced by ErrorDetail(), and peerCert().

◆ sysErrorNo

int Security::ErrorDetail::sysErrorNo = 0
private

Definition at line 104 of file ErrorDetail.h.

Referenced by sysError().


The documentation for this class was generated from the following files:

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors