Separate SSL error detail name and message Currently, SSL error detail in Squid-generated error pages (%D) contains both the error name and the explanation text. Some folks using this feature want to render the two pieces of information differently because the error name is not something most end-users should read or focus on. This patch adds the "%x" error page formating code which prints the error name, and removes the error name (%err_name) from SSL error detail messages. === modified file 'src/errorpage.cc' --- src/errorpage.cc 2011-05-07 03:08:02 +0000 +++ src/errorpage.cc 2011-05-10 13:18:21 +0000 @@ -922,6 +922,12 @@ no_urlescape = 1; break; + case 'x': + if (detail) + mb.Printf("%s", detail->errorName()); + else + p = "[Unknown Error Code]"; + break; case 'z': if (building_deny_info_url) break; if (dnsError.size() > 0) === modified file 'src/errorpage.h' --- src/errorpage.h 2011-02-11 12:53:06 +0000 +++ src/errorpage.h 2011-05-10 13:14:19 +0000 @@ -80,6 +80,7 @@ u - URL with password x w - cachemgr email address x W - error data (to be included in the mailto links) + x - error name x z - dns server error message x Z - Preformatted error message x \endverbatim === modified file 'src/ssl/ErrorDetail.cc' --- src/ssl/ErrorDetail.cc 2011-03-31 05:53:26 +0000 +++ src/ssl/ErrorDetail.cc 2011-05-10 13:14:19 +0000 @@ -19,133 +19,133 @@ static SslErrorDetailEntry TheSslDetailArray[] = { {X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT, "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT", - "%err_name: SSL Certficate error: certificate issuer (CA) not known: %ssl_ca_name", + "SSL Certficate error: certificate issuer (CA) not known: %ssl_ca_name", "Unable to get issuer certificate"}, {X509_V_ERR_UNABLE_TO_GET_CRL, "X509_V_ERR_UNABLE_TO_GET_CRL", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Unable to get certificate CRL"}, {X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE, "X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Unable to decrypt certificate's signature"}, {X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, "X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Unable to decrypt CRL's signature"}, {X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, "X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY", - "%err_name: Unable to decode issuer (CA) public key: %ssl_ca_name", + "Unable to decode issuer (CA) public key: %ssl_ca_name", "Unable to decode issuer public key"}, {X509_V_ERR_CERT_SIGNATURE_FAILURE, "X509_V_ERR_CERT_SIGNATURE_FAILURE", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Certificate signature failure"}, {X509_V_ERR_CRL_SIGNATURE_FAILURE, "X509_V_ERR_CRL_SIGNATURE_FAILURE", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "CRL signature failure"}, {X509_V_ERR_CERT_NOT_YET_VALID, "X509_V_ERR_CERT_NOT_YET_VALID", - "%err_name: SSL Certficate is not valid before: %ssl_notbefore", + "SSL Certficate is not valid before: %ssl_notbefore", "Certificate is not yet valid"}, {X509_V_ERR_CERT_HAS_EXPIRED, "X509_V_ERR_CERT_HAS_EXPIRED", - "%err_name: SSL Certificate expired on: %ssl_notafter", + "SSL Certificate expired on: %ssl_notafter", "Certificate has expired"}, {X509_V_ERR_CRL_NOT_YET_VALID, "X509_V_ERR_CRL_NOT_YET_VALID", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "CRL is not yet valid"}, {X509_V_ERR_CRL_HAS_EXPIRED, "X509_V_ERR_CRL_HAS_EXPIRED", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "CRL has expired"}, {X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD, "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD", - "%err_name: SSL Certificate has invalid start date (the 'not before' field): %ssl_subject", + "SSL Certificate has invalid start date (the 'not before' field): %ssl_subject", "Format error in certificate's notBefore field"}, {X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD, "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD", - "%err_name: SSL Certificate has invalid expiration date (the 'not after' field): %ssl_subject", + "SSL Certificate has invalid expiration date (the 'not after' field): %ssl_subject", "Format error in certificate's notAfter field"}, {X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD, "X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Format error in CRL's lastUpdate field"}, {X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD, "X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Format error in CRL's nextUpdate field"}, {X509_V_ERR_OUT_OF_MEM, "X509_V_ERR_OUT_OF_MEM", - "%err_name: %ssl_error_descr", + "%ssl_error_descr", "Out of memory"}, {X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT", - "%err_name: Self-signed SSL Certificate: %ssl_subject", + "Self-signed SSL Certificate: %ssl_subject", "Self signed certificate"}, {X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN", - "%err_name: Self-signed SSL Certificate in chain: %ssl_subject", + "Self-signed SSL Certificate in chain: %ssl_subject", "Self signed certificate in certificate chain"}, {X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY", - "%err_name: SSL Certficate error: certificate issuer (CA) not known: %ssl_ca_name", + "SSL Certficate error: certificate issuer (CA) not known: %ssl_ca_name", "Unable to get local issuer certificate"}, {X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, "X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Unable to verify the first certificate"}, {X509_V_ERR_CERT_CHAIN_TOO_LONG, "X509_V_ERR_CERT_CHAIN_TOO_LONG", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Certificate chain too long"}, {X509_V_ERR_CERT_REVOKED, "X509_V_ERR_CERT_REVOKED", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Certificate revoked"}, {X509_V_ERR_INVALID_CA, "X509_V_ERR_INVALID_CA", - "%err_name: %ssl_error_descr: %ssl_ca_name", + "%ssl_error_descr: %ssl_ca_name", "Invalid CA certificate"}, {X509_V_ERR_PATH_LENGTH_EXCEEDED, "X509_V_ERR_PATH_LENGTH_EXCEEDED", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Path length constraint exceeded"}, {X509_V_ERR_INVALID_PURPOSE, "X509_V_ERR_INVALID_PURPOSE", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Unsupported certificate purpose"}, {X509_V_ERR_CERT_UNTRUSTED, "X509_V_ERR_CERT_UNTRUSTED", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Certificate not trusted"}, {X509_V_ERR_CERT_REJECTED, "X509_V_ERR_CERT_REJECTED", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Certificate rejected"}, {X509_V_ERR_SUBJECT_ISSUER_MISMATCH, "X509_V_ERR_SUBJECT_ISSUER_MISMATCH", - "%err_name: %ssl_error_descr: %ssl_ca_name", + "%ssl_error_descr: %ssl_ca_name", "Subject issuer mismatch"}, {X509_V_ERR_AKID_SKID_MISMATCH, "X509_V_ERR_AKID_SKID_MISMATCH", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Authority and subject key identifier mismatch"}, {X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH, "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH", - "%err_name: %ssl_error_descr: %ssl_ca_name", + "%ssl_error_descr: %ssl_ca_name", "Authority and issuer serial number mismatch"}, {X509_V_ERR_KEYUSAGE_NO_CERTSIGN, "X509_V_ERR_KEYUSAGE_NO_CERTSIGN", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Key usage does not include certificate signing"}, {X509_V_ERR_APPLICATION_VERIFICATION, "X509_V_ERR_APPLICATION_VERIFICATION", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Application verification failure"}, - { SSL_ERROR_NONE, "SSL_ERROR_NONE", "%err_name: No error", "No error" }, + { SSL_ERROR_NONE, "SSL_ERROR_NONE", "No error", "No error" }, {SSL_ERROR_NONE, NULL, NULL, NULL } }; === modified file 'src/ssl/ErrorDetail.h' --- src/ssl/ErrorDetail.h 2011-03-30 09:09:23 +0000 +++ src/ssl/ErrorDetail.h 2011-05-10 13:14:19 +0000 @@ -49,6 +49,8 @@ ErrorDetail(ssl_error_t err_no, X509 *cert); ErrorDetail(ErrorDetail const &); const String &toString() const; ///< An error detail string to embed in squid error pages + /// The error name to embed in squid error pages + const char *errorName() const {return err_code();} private: typedef const char * (ErrorDetail::*fmt_action_t)() const;