]>
git.ipfire.org Git - thirdparty/squid.git/blob - helpers/ssl/cert_valid.pl
3 # A dummy SSL certificate validator helper that
4 # echos back all the SSL errors sent by Squid.
11 use Crypt
::OpenSSL
::X509
;
13 use POSIX
qw(strftime);
22 cert_valid.pl - A fake cert validation helper for Squid
26 cert_valid.pl [-d | --debug] [-h | --help]
36 enable debug messages to stderr
42 Retrieves the SSL certificate error list from squid and echo back without any change.
46 * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
48 * Squid software is distributed under GPLv2+ license and includes
49 * contributions from numerous individuals and organizations.
50 * Please see the COPYING and CONTRIBUTORS files for details.
52 (C) 2012 The Measurement Factory, Author: Tsantilas Christos
54 This program is free software. You may redistribute copies of it under the
55 terms of the GNU General Public License version 2, or (at your opinion) any
65 pod2usage
(1) if ($help);
70 my @line_args = split;
72 if ($first_line =~ /^\s*$/) {
78 my $channelId = $line_args[0];
79 my $code = $line_args[1];
80 my $bodylen = $line_args[2];
81 my $body = $line_args[3] . "\n";
82 if ($channelId !~ /\d+/) {
83 $response = $channelId." BH message=\"This helper is concurrent and requires the concurrency option to be specified.\"\1";
84 } elsif ($bodylen !~ /\d+/) {
85 $response = $channelId." BH message=\"cert validator request syntax error \" \1";
87 my $readlen = length($body);
90 my @responseErrors = ();
92 while($readlen < $bodylen) {
96 $readlen = length($body);
100 print(STDERR logPrefix
()."GOT ". "Code=".$code." $bodylen \n") if ($debug); #.$body;
102 parseRequest
($body, \
$hostname, \
%errors, \
%certs);
103 print(STDERR logPrefix
()."Parse result: \n") if ($debug);
104 print(STDERR logPrefix
()."\tFOUND host:".$hostname."\n") if ($debug);
105 print(STDERR logPrefix
()."\tFOUND ERRORS:") if ($debug);
106 foreach my $err (keys %errors) {
107 print(STDERR logPrefix
().$errors{$err}{"name"}."/".$errors{$err}{"cert"}." ,") if ($debug);
109 print(STDERR
"\n") if ($debug);
110 foreach my $key (keys %certs) {
111 ## Use "perldoc Crypt::OpenSSL::X509" for X509 available methods.
112 print(STDERR logPrefix
()."\tFOUND cert ".$key.": ".$certs{$key}->subject() . "\n") if ($debug);
115 #got the peer certificate ID. Assume that the peer certificate is the first one.
116 my $peerCertId = (keys %certs)[0];
118 # Echo back the errors: fill the responseErrors array with the errors we read.
119 foreach my $err (keys %errors) {
121 appendError
(\
@responseErrors,
122 $errors{$err}{"name"}, #The error name
123 "Checked by Cert Validator", # An error reason
124 $errors{$err}{"cert"} # The cert ID. We are always filling with the peer certificate.
128 $response = createResponse
(\
@responseErrors);
129 my $len = length($response);
131 $response = $channelId." ERR ".$len." ".$response."\1";
133 $response = $channelId." OK ".$len." ".$response."\1";
138 print(STDERR logPrefix
().">> ".$response."\n") if ($debug);
151 my ($errorArrays) = shift;
152 my($errorName) = shift;
153 my($errorReason) = shift;
154 my($errorCert) = shift;
155 push @
$errorArrays, { "error_name" => $errorName, "error_reason" => $errorReason, "error_cert" => $errorCert};
160 my ($responseErrors) = shift;
163 foreach my $err (@
$responseErrors) {
164 $response=$response."error_name_".$i."=".$err->{"error_name"}."\n".
165 "error_reason_".$i."=".$err->{"error_reason"}."\n".
166 "error_cert_".$i."=".$err->{"error_cert"}."\n";
175 my $hostname = shift;
178 while ($request !~ /^\s*$/) {
179 $request = trim
($request);
180 if ($request =~ /^host=/) {
181 my($vallen) = index($request, "\n");
182 my $host = substr($request, 5, $vallen - 5);
184 $request =~ s/^host=.*$//m;
186 if ($request =~ /^cert_(\d+)=/) {
187 my $certId = "cert_".$1;
188 my($vallen) = index($request, "-----END CERTIFICATE-----") + length("-----END CERTIFICATE-----");
189 my $x509 = Crypt
::OpenSSL
::X509
->new_from_string(substr($request, index($request, "-----BEGIN")));
190 $certs->{$certId} = $x509;
191 $request = substr($request, $vallen);
193 elsif ($request =~ /^error_name_(\d+)=(.*)$/m) {
196 $request =~ s/^error_name_\d+=.*$//m;
197 $errors->{$errorId}{"name"} = $errorName;
199 elsif ($request =~ /^error_cert_(\d+)=(.*)$/m) {
202 $request =~ s/^error_cert_\d+=.*$//m;
203 $errors->{$errorId}{"cert"} = $certId;
206 print(STDERR logPrefix
()."ParseError on \"".$request."\"\n") if ($debug);
207 $request = "";# finish processing....
215 return strftime
("%Y/%m/%d %H:%M:%S.0", localtime)." ".$0." ".$$." | " ;