]>
Commit | Line | Data |
---|---|---|
36b1c191 MT |
1 | From: http://bazaar.launchpad.net/~squid/squid/3-trunk/revision/13115 |
2 | ||
3 | Committer: Christos Tsantilas | |
4 | Date: 2013-11-07 10:46:14 UTC | |
5 | Revision ID: chtsanti@users.sourceforge.net-20131107104614-s3a9kzlkgm7x9rhf | |
6 | ||
7 | http://bugs.squid-cache.org/show_bug.cgi?id=3936 | |
8 | Bug 3936: error-details.txt parse error | |
9 | ||
10 | Squid fails parsing error-details.txt template when one or more listed OpenSSL | |
11 | errors are not supported on running platform. | |
12 | This patch add a hardcoded list of OpenSSL errors wich can be optional. | |
13 | ||
14 | This is a Measurement Factory project | |
15 | ||
16 | === modified file 'src/ssl/ErrorDetail.cc' | |
17 | --- src/ssl/ErrorDetail.cc 2013-07-31 00:13:04 +0000 | |
18 | +++ src/ssl/ErrorDetail.cc 2013-11-07 10:46:14 +0000 | |
19 | @@ -221,6 +221,31 @@ | |
20 | {SSL_ERROR_NONE, NULL} | |
21 | }; | |
22 | ||
23 | +static const char *OptionalSslErrors[] = { | |
24 | + "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER", | |
25 | + "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION", | |
26 | + "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN", | |
27 | + "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION", | |
28 | + "X509_V_ERR_INVALID_NON_CA", | |
29 | + "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED", | |
30 | + "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE", | |
31 | + "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED", | |
32 | + "X509_V_ERR_INVALID_EXTENSION", | |
33 | + "X509_V_ERR_INVALID_POLICY_EXTENSION", | |
34 | + "X509_V_ERR_NO_EXPLICIT_POLICY", | |
35 | + "X509_V_ERR_DIFFERENT_CRL_SCOPE", | |
36 | + "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE", | |
37 | + "X509_V_ERR_UNNESTED_RESOURCE", | |
38 | + "X509_V_ERR_PERMITTED_VIOLATION", | |
39 | + "X509_V_ERR_EXCLUDED_VIOLATION", | |
40 | + "X509_V_ERR_SUBTREE_MINMAX", | |
41 | + "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE", | |
42 | + "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX", | |
43 | + "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX", | |
44 | + "X509_V_ERR_CRL_PATH_VALIDATION_ERROR", | |
45 | + NULL | |
46 | +}; | |
47 | + | |
48 | struct SslErrorAlias { | |
49 | const char *name; | |
50 | const Ssl::ssl_error_t *errors; | |
51 | @@ -331,6 +356,16 @@ | |
52 | return NULL; | |
53 | } | |
54 | ||
55 | +bool | |
56 | +Ssl::ErrorIsOptional(const char *name) | |
57 | +{ | |
58 | + for (int i = 0; OptionalSslErrors[i] != NULL; ++i) { | |
59 | + if (strcmp(name, OptionalSslErrors[i]) == 0) | |
60 | + return true; | |
61 | + } | |
62 | + return false; | |
63 | +} | |
64 | + | |
65 | const char * | |
66 | Ssl::GetErrorDescr(Ssl::ssl_error_t value) | |
67 | { | |
68 | ||
69 | === modified file 'src/ssl/ErrorDetail.h' | |
70 | --- src/ssl/ErrorDetail.h 2013-05-30 10:10:29 +0000 | |
71 | +++ src/ssl/ErrorDetail.h 2013-11-07 10:46:14 +0000 | |
72 | @@ -40,6 +40,14 @@ | |
73 | ||
74 | /** | |
75 | \ingroup ServerProtocolSSLAPI | |
76 | + * Return true if the SSL error is optional and may not supported | |
77 | + * by current squid version | |
78 | + */ | |
79 | + | |
80 | +bool ErrorIsOptional(const char *name); | |
81 | + | |
82 | +/** | |
83 | + \ingroup ServerProtocolSSLAPI | |
84 | * Used to pass SSL error details to the error pages returned to the | |
85 | * end user. | |
86 | */ | |
87 | ||
88 | === modified file 'src/ssl/ErrorDetailManager.cc' | |
89 | --- src/ssl/ErrorDetailManager.cc 2013-10-25 00:13:46 +0000 | |
90 | +++ src/ssl/ErrorDetailManager.cc 2013-11-07 10:46:14 +0000 | |
91 | @@ -218,32 +218,35 @@ | |
92 | } | |
93 | ||
94 | Ssl::ssl_error_t ssl_error = Ssl::GetErrorCode(errorName.termedBuf()); | |
95 | - if (ssl_error == SSL_ERROR_NONE) { | |
96 | + if (ssl_error != SSL_ERROR_NONE) { | |
97 | + | |
98 | + if (theDetails->getErrorDetail(ssl_error)) { | |
99 | + debugs(83, DBG_IMPORTANT, HERE << | |
100 | + "WARNING! duplicate entry: " << errorName); | |
101 | + return false; | |
102 | + } | |
103 | + | |
104 | + ErrorDetailEntry &entry = theDetails->theList[ssl_error]; | |
105 | + entry.error_no = ssl_error; | |
106 | + entry.name = errorName; | |
107 | + String tmp = parser.getByName("detail"); | |
108 | + httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail); | |
109 | + tmp = parser.getByName("descr"); | |
110 | + httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr); | |
111 | + bool parseOK = entry.descr.defined() && entry.detail.defined(); | |
112 | + | |
113 | + if (!parseOK) { | |
114 | + debugs(83, DBG_IMPORTANT, HERE << | |
115 | + "WARNING! missing important field for detail error: " << errorName); | |
116 | + return false; | |
117 | + } | |
118 | + | |
119 | + } else if (!Ssl::ErrorIsOptional(errorName.termedBuf())) { | |
120 | debugs(83, DBG_IMPORTANT, HERE << | |
121 | "WARNING! invalid error detail name: " << errorName); | |
122 | return false; | |
123 | } | |
124 | ||
125 | - if (theDetails->getErrorDetail(ssl_error)) { | |
126 | - debugs(83, DBG_IMPORTANT, HERE << | |
127 | - "WARNING! duplicate entry: " << errorName); | |
128 | - return false; | |
129 | - } | |
130 | - | |
131 | - ErrorDetailEntry &entry = theDetails->theList[ssl_error]; | |
132 | - entry.error_no = ssl_error; | |
133 | - entry.name = errorName; | |
134 | - String tmp = parser.getByName("detail"); | |
135 | - httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail); | |
136 | - tmp = parser.getByName("descr"); | |
137 | - httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr); | |
138 | - bool parseOK = entry.descr.defined() && entry.detail.defined(); | |
139 | - | |
140 | - if (!parseOK) { | |
141 | - debugs(83, DBG_IMPORTANT, HERE << | |
142 | - "WARNING! missing imporant field for detail error: " << errorName); | |
143 | - return false; | |
144 | - } | |
145 | }// else {only spaces and black lines; just ignore} | |
146 | ||
147 | buf.consume(size); | |
148 |