ErrorDetail.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2025 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SRC_SECURITY_ERRORDETAIL_H
10 #define SQUID_SRC_SECURITY_ERRORDETAIL_H
11 
12 #include "base/RefCount.h"
13 #include "error/Detail.h"
14 #include "http/forward.h"
15 #include "security/forward.h"
16 #include "SquidString.h"
17 
18 #if USE_OPENSSL
19 #include "ssl/ErrorDetailManager.h"
20 #endif
21 
22 #if USE_OPENSSL
23 #include <optional>
24 #endif
25 
26 namespace Security {
27 
39 class ErrorDetail: public ::ErrorDetail
40 {
41  MEMPROXY_CLASS(Security::ErrorDetail);
42 
43 public:
44  typedef ErrorDetailPointer Pointer;
45 
48  ErrorDetail(ErrorCode err_no, const CertPointer &peer, const CertPointer &broken, const char *aReason = nullptr);
49 
50 #if USE_OPENSSL
51  ErrorDetail(ErrorCode anErrorCode, int anIoErrorNo, int aSysErrorNo);
55 #elif HAVE_LIBGNUTLS
56  ErrorDetail(ErrorCode anErrorCode, LibErrorCode aLibErrorNo, int aSysErrorNo);
60 #endif
61 
62  /* ErrorDetail API */
63  SBuf brief() const override;
64  SBuf verbose(const HttpRequestPointer &) const override;
65 
67  ErrorCode errorNo() const { return error_no; }
68 
70  int sysError() const { return sysErrorNo; }
71 
72  /* Certificate manipulation API. TODO: Add GnuTLS implementations, users. */
73 
75  Certificate *peerCert() { return peer_cert.get(); }
76 
78  Certificate *brokenCert() {return broken_cert.get(); }
79 
82  void setPeerCertificate(const CertPointer &);
83 
84 private:
85  ErrorDetail(ErrorCode err, int aSysErrorNo);
86 
87  /* methods for formatting error details using admin-configurable %codes */
88  void printSubject(std::ostream &os) const;
89  void printCaName(std::ostream &os) const;
90  void printCommonName(std::ostream &os) const;
91  void printNotBefore(std::ostream &os) const;
92  void printNotAfter(std::ostream &os) const;
93  void printErrorCode(std::ostream &os) const;
94  void printErrorDescription(std::ostream &os) const;
95  void printErrorLibError(std::ostream &os) const;
96  size_t convertErrorCodeToDescription(const char *code, std::ostream &os) const;
97 
98  CertPointer peer_cert;
99  CertPointer broken_cert;
100 
102  ErrorCode error_no = 0;
103 
105  LibErrorCode lib_error_no = 0;
106 
108  int sysErrorNo = 0;
109 
110 #if USE_OPENSSL
111  int ioErrorNo = 0;
116 
117  using ErrorDetailEntry = Ssl::ErrorDetailEntry;
118  mutable std::optional<ErrorDetailEntry> detailEntry;
119 #else
120  // other TLS libraries do not use custom ErrorDetail members
121 #endif
122 
123  String errReason;
124 };
125 
127 ErrorCode ErrorCodeFromName(const char *name);
128 
131 const char *ErrorNameFromCode(ErrorCode err, bool prefixRawCode = false);
132 
137 inline std::ostream &
138 operator <<(std::ostream &os, const ErrorDetail::Pointer &p)
139 {
140  return operator <<(os, ::ErrorDetail::Pointer(p));
141 }
142 
143 } // namespace Security
144 
145 #endif /* SQUID_SRC_SECURITY_ERRORDETAIL_H */
146 
Security::ErrorCodeFromName
ErrorCode ErrorCodeFromName(const char *name)
Definition: ErrorDetail.cc:410
Security::ErrorDetail::printSubject
void printSubject(std::ostream &os) const
textual representation of the subject of the broken certificate
Definition: ErrorDetail.cc:561
Security::ErrorCode
int ErrorCode
Squid-defined error code (<0), an error code returned by X.509 API, or zero.
Definition: forward.h:131
Security::ErrorDetail::verbose
SBuf verbose(const HttpRequestPointer &) const override
Definition: ErrorDetail.cc:534
Security::ErrorDetail::peerCert
Certificate * peerCert()
the peer certificate (or nil)
Definition: ErrorDetail.h:75
Security::ErrorDetail::printCommonName
void printCommonName(std::ostream &os) const
a list of the broken certificates CN and alternate names
Definition: ErrorDetail.cc:628
SBuf
Definition: SBuf.h:93
Security::ErrorDetail::MEMPROXY_CLASS
MEMPROXY_CLASS(Security::ErrorDetail)
Security::ErrorDetail::printNotBefore
void printNotBefore(std::ostream &os) const
textual representation of the "not before" field of the broken certificate
Definition: ErrorDetail.cc:659
Security::ErrorDetail::detailEntry
std::optional< ErrorDetailEntry > detailEntry
Definition: ErrorDetail.h:118
Security::ErrorDetail::broken_cert
CertPointer broken_cert
A pointer to the broken certificate (peer or intermediate)
Definition: ErrorDetail.h:99
Security::ErrorDetail::brief
SBuf brief() const override
Definition: ErrorDetail.cc:500
Security::ErrorDetail::sysError
int sysError() const
Definition: ErrorDetail.h:70
Security::ErrorDetail::printNotAfter
void printNotAfter(std::ostream &os) const
textual representation of the "not after" field of the broken certificate
Definition: ErrorDetail.cc:677
Security::ErrorDetail::Pointer
ErrorDetailPointer Pointer
Definition: ErrorDetail.h:44
Security::ErrorDetail::setPeerCertificate
void setPeerCertificate(const CertPointer &)
Definition: ErrorDetail.cc:490
Security::ErrorDetail::ErrorDetail
ErrorDetail(ErrorCode err_no, const CertPointer &peer, const CertPointer &broken, const char *aReason=nullptr)
Definition: ErrorDetail.cc:466
Security::operator<<
std::ostream & operator<<(std::ostream &, const EncryptorAnswer &)
Definition: EncryptorAnswer.cc:20
Security::ErrorDetail::printErrorLibError
void printErrorLibError(std::ostream &os) const
textual representation of lib_error_no
Definition: ErrorDetail.cc:728
Security::ErrorDetail::brokenCert
Certificate * brokenCert()
peer or intermediate certificate that failed validation (or nil)
Definition: ErrorDetail.h:78
Security::ErrorDetail::printCaName
void printCaName(std::ostream &os) const
the issuer of the broken certificate
Definition: ErrorDetail.cc:643
Security::ErrorDetail::printErrorDescription
void printErrorDescription(std::ostream &os) const
short description of error_no
Definition: ErrorDetail.cc:709
Security::ErrorNameFromCode
const char * ErrorNameFromCode(ErrorCode err, bool prefixRawCode=false)
Definition: ErrorDetail.cc:430
Security::ErrorDetail::sysErrorNo
int sysErrorNo
errno(3); system call failure code or zero
Definition: ErrorDetail.h:108
code
int code
Definition: smb-errors.c:145
Security::Certificate
X509 Certificate
Definition: forward.h:79
Security::ErrorDetail::errorNo
ErrorCode errorNo() const
Definition: ErrorDetail.h:67
Security::ErrorDetail::error_no
ErrorCode error_no
Squid-discovered error, validation error, or zero;.
Definition: ErrorDetail.h:102
Security::ErrorDetail::errReason
String errReason
a custom reason for the error
Definition: ErrorDetail.h:123
Security::ErrorDetail::printErrorCode
void printErrorCode(std::ostream &os) const
textual representation of error_no
Definition: ErrorDetail.cc:695
Security::ErrorDetail::convertErrorCodeToDescription
size_t convertErrorCodeToDescription(const char *code, std::ostream &os) const
Definition: ErrorDetail.cc:757
Security::ErrorDetail::peer_cert
CertPointer peer_cert
A pointer to the peer certificate.
Definition: ErrorDetail.h:98
Security
Network/connection security abstraction layer.
Definition: Connection.h:33
Security::ErrorDetail::lib_error_no
LibErrorCode lib_error_no
TLS library-reported non-validation error or zero;.
Definition: ErrorDetail.h:105
Security::LockingPointer::get
T * get() const
Returns raw and possibly nullptr pointer.
Definition: LockingPointer.h:103
Security::LibErrorCode
unsigned long LibErrorCode
TLS library-reported non-validation error.
Definition: forward.h:141

 

Introduction

Documentation

Support

Miscellaneous