#include <ErrorDetail.h>

Inheritance diagram for Security::ErrorDetail:
Collaboration diagram for Security::ErrorDetail:

Public Types

typedef ErrorDetailPointer Pointer

Public Member Functions

 ErrorDetail (ErrorCode err_no, const CertPointer &peer, const CertPointer &broken, const char *aReason=nullptr)
 ErrorDetail (ErrorCode anErrorCode, int anIoErrorNo, int aSysErrorNo)
SBuf brief () const override
SBuf verbose (const HttpRequestPointer &) const override
ErrorCode errorNo () const
int sysError () const
CertificatepeerCert ()
 the peer certificate (or nil) More...
CertificatebrokenCert ()
 peer or intermediate certificate that failed validation (or nil) More...
void setPeerCertificate (const CertPointer &)
bool equals (const ErrorDetail &other) const

Private Types

using ErrorDetailEntry = Ssl::ErrorDetailEntry

Private Member Functions

 MEMPROXY_CLASS (Security::ErrorDetail)
 ErrorDetail (ErrorCode err, int aSysErrorNo)
 helper constructor implementing the logic shared by the two public ones More...
void printSubject (std::ostream &os) const
 textual representation of the subject of the broken certificate More...
void printCaName (std::ostream &os) const
 the issuer of the broken certificate More...
void printCommonName (std::ostream &os) const
 a list of the broken certificates CN and alternate names More...
void printNotBefore (std::ostream &os) const
 textual representation of the "not before" field of the broken certificate More...
void printNotAfter (std::ostream &os) const
 textual representation of the "not after" field of the broken certificate More...
void printErrorCode (std::ostream &os) const
 textual representation of error_no More...
void printErrorDescription (std::ostream &os) const
 short description of error_no More...
void printErrorLibError (std::ostream &os) const
 textual representation of lib_error_no More...
size_t convertErrorCodeToDescription (const char *code, std::ostream &os) const

Private Attributes

CertPointer peer_cert
 A pointer to the peer certificate. More...
CertPointer broken_cert
 A pointer to the broken certificate (peer or intermediate) More...
ErrorCode error_no = 0
 Squid-discovered error, validation error, or zero;. More...
LibErrorCode lib_error_no = 0
 TLS library-reported non-validation error or zero;. More...
int sysErrorNo = 0
 errno(3); system call failure code or zero More...
int ioErrorNo = 0
std::optional< ErrorDetailEntrydetailEntry
String errReason
 a custom reason for the error More...

Detailed Description

Details a TLS-related error. Two kinds of errors can be detailed:

  • certificate validation errors (including built-in and helper-driven) and
  • TLS logic and I/O errors (detected by Squid or the TLS library).

The following details may be available (only the first one is required):

  • for all errors: problem classification (
    See also
  • for all errors: peer certificate
  • for certificate validation errors: the broken certificate
  • for certificate validation errors: validation failure reason
  • for non-validation errors: TLS library-reported error(s)
  • for non-validation errors: system call errno(3)

Definition at line 39 of file ErrorDetail.h.

Member Typedef Documentation

◆ ErrorDetailEntry

◆ Pointer

Constructor & Destructor Documentation

◆ ErrorDetail() [1/3]

ErrorDetail::ErrorDetail ( ErrorCode  err_no,
const CertPointer peer,
const CertPointer broken,
const char *  aReason = nullptr 

Details a server-side certificate verification failure. If broken is nil, then the broken certificate is the peer certificate.

Definition at line 466 of file ErrorDetail.cc.

References broken_cert, errReason, and peer_cert.

◆ ErrorDetail() [2/3]

ErrorDetail::ErrorDetail ( ErrorCode  anErrorCode,
int  anIoErrorNo,
int  aSysErrorNo 

Details (or starts detailing) a non-validation failure.

anIoErrorNoTLS I/O function outcome;
See also
aSysErrorNosaved errno(3);
See also

Definition at line 475 of file ErrorDetail.cc.

References ioErrorNo.

◆ ErrorDetail() [3/3]

ErrorDetail::ErrorDetail ( ErrorCode  err,
int  aSysErrorNo 

Extract and remember errors stored internally by the TLS library.

Definition at line 445 of file ErrorDetail.cc.

References asHex(), debugs, Security::ForgetErrors(), and lib_error_no.

Member Function Documentation

◆ brief()

SBuf ErrorDetail::brief ( ) const
a single "token" summarizing available details suitable as an access.log field and similar output processed by programs

Implements ErrorDetail.

Definition at line 500 of file ErrorDetail.cc.

References SysErrorDetail::Brief(), and SBufStream::buf().

◆ brokenCert()

Certificate * Security::ErrorDetail::brokenCert ( )

◆ convertErrorCodeToDescription()

size_t ErrorDetail::convertErrorCodeToDescription ( const char *  code,
std::ostream &  os 
) const

Converts the code to a string value. Supported formatting codes are:

Error meta information: err_name: The name of a high-level SSL error (e.g., X509_V_ERR_*) ssl_error_descr: A short description of the SSL error ssl_lib_error: human-readable low-level error string by ErrorString()

Certificate information extracted from broken (not necessarily peer!) cert ssl_cn: The comma-separated list of common and alternate names ssl_subject: The certificate subject ssl_ca_name: The certificate issuer name ssl_notbefore: The certificate "not before" field ssl_notafter: The certificate "not after" field

the length of the code (the number of characters to be replaced by value)
Return values
0for unsupported codes

Definition at line 752 of file ErrorDetail.cc.

References code, printCaName(), printCommonName(), printErrorCode(), printErrorDescription(), printErrorLibError(), printNotAfter(), printNotBefore(), and printSubject().

◆ equals()

bool ErrorDetail::equals ( const ErrorDetail other) const

Definition at line 44 of file Detail.h.

Referenced by Error::update().

◆ errorNo()

ErrorCode Security::ErrorDetail::errorNo ( ) const
error category;
See also

Definition at line 67 of file ErrorDetail.h.

References error_no.


Security::ErrorDetail::MEMPROXY_CLASS ( Security::ErrorDetail  )

◆ peerCert()

Certificate * Security::ErrorDetail::peerCert ( )

◆ printCaName()

void ErrorDetail::printCaName ( std::ostream &  os) const

Definition at line 638 of file ErrorDetail.cc.

References html_quote(), and Security::IssuerName().

Referenced by convertErrorCodeToDescription().

◆ printCommonName()

void ErrorDetail::printCommonName ( std::ostream &  os) const

◆ printErrorCode()

void ErrorDetail::printErrorCode ( std::ostream &  os) const

Definition at line 690 of file ErrorDetail.cc.

References Security::ErrorNameFromCode().

Referenced by convertErrorCodeToDescription().

◆ printErrorDescription()

void ErrorDetail::printErrorDescription ( std::ostream &  os) const

Definition at line 704 of file ErrorDetail.cc.

Referenced by convertErrorCodeToDescription().

◆ printErrorLibError()

void ErrorDetail::printErrorLibError ( std::ostream &  os) const

Definition at line 723 of file ErrorDetail.cc.

References Security::ErrorString().

Referenced by convertErrorCodeToDescription().

◆ printNotAfter()

void ErrorDetail::printNotAfter ( std::ostream &  os) const

Definition at line 672 of file ErrorDetail.cc.

References Ssl::asn1timeToString(), and X509_getm_notAfter.

Referenced by convertErrorCodeToDescription().

◆ printNotBefore()

void ErrorDetail::printNotBefore ( std::ostream &  os) const

Definition at line 654 of file ErrorDetail.cc.

References Ssl::asn1timeToString(), and X509_getm_notBefore.

Referenced by convertErrorCodeToDescription().

◆ printSubject()

void ErrorDetail::printSubject ( std::ostream &  os) const

Definition at line 561 of file ErrorDetail.cc.

References html_quote(), and Security::SubjectName().

Referenced by convertErrorCodeToDescription().

◆ setPeerCertificate()

void ErrorDetail::setPeerCertificate ( const CertPointer cert)

remember the SSL certificate of our peer; requires nil peerCert() unlike the cert-setting constructor, does not assume the cert is bad

Definition at line 490 of file ErrorDetail.cc.

References assert.

◆ sysError()

int Security::ErrorDetail::sysError ( ) const
the previously saved errno(3) or zero

Definition at line 70 of file ErrorDetail.h.

References sysErrorNo.

Referenced by Security::PeerConnector::noteNegotiationError().

◆ verbose()

SBuf ErrorDetail::verbose ( const HttpRequestPointer ) const
all available details; may be customized for the given request suitable for error pages and other output meant for human consumption

Implements ErrorDetail.

Definition at line 534 of file ErrorDetail.cc.

References assert, SBufStream::buf(), and Ssl::ErrorDetailsManager::GetInstance().

Member Data Documentation

◆ broken_cert

CertPointer Security::ErrorDetail::broken_cert

Definition at line 99 of file ErrorDetail.h.

Referenced by ErrorDetail(), and brokenCert().

◆ detailEntry

std::optional<ErrorDetailEntry> Security::ErrorDetail::detailEntry

Definition at line 118 of file ErrorDetail.h.

◆ error_no

ErrorCode Security::ErrorDetail::error_no = 0
See also

Definition at line 102 of file ErrorDetail.h.

Referenced by errorNo().

◆ errReason

String Security::ErrorDetail::errReason

Definition at line 123 of file ErrorDetail.h.

Referenced by ErrorDetail().

◆ ioErrorNo

int Security::ErrorDetail::ioErrorNo = 0

OpenSSL-specific (first-level or intermediate) TLS I/O operation result reported by SSL_get_error(3SSL) (e.g., SSL_ERROR_SYSCALL) or zero. Unlike lib_error_no, this error is mostly meant for I/O control and has no OpenSSL-provided human-friendly text representation.

Definition at line 115 of file ErrorDetail.h.

Referenced by ErrorDetail().

◆ lib_error_no

LibErrorCode Security::ErrorDetail::lib_error_no = 0
See also

Definition at line 105 of file ErrorDetail.h.

Referenced by ErrorDetail().

◆ peer_cert

CertPointer Security::ErrorDetail::peer_cert

Definition at line 98 of file ErrorDetail.h.

Referenced by ErrorDetail(), and peerCert().

◆ sysErrorNo

int Security::ErrorDetail::sysErrorNo = 0

Definition at line 108 of file ErrorDetail.h.

Referenced by sysError().

The documentation for this class was generated from the following files:






Web Site Translations