]>
Commit | Line | Data |
---|---|---|
bbc27441 | 1 | /* |
77b1029d | 2 | * Copyright (C) 1996-2020 The Squid Software Foundation and contributors |
bbc27441 AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
4d16918e CT |
9 | #ifndef _SQUID_SSL_ERROR_DETAIL_H |
10 | #define _SQUID_SSL_ERROR_DETAIL_H | |
11 | ||
12 | #include "err_detail_type.h" | |
02259ff8 | 13 | #include "ErrorDetailManager.h" |
c61fa8a1 | 14 | #include "HttpRequest.h" |
f97700a0 | 15 | #include "security/forward.h" |
4d16918e | 16 | |
e34763f4 | 17 | namespace Ssl |
4d16918e | 18 | { |
4d16918e | 19 | /** |
83f8d8f9 AJ |
20 | * Converts user-friendly error "name" into an Security::ErrorCode |
21 | * and adds it to the provided container (using emplace). | |
7a957a93 | 22 | * This function can handle numeric error numbers as well as names. |
4d16918e | 23 | */ |
83f8d8f9 | 24 | bool ParseErrorString(const char *name, Security::Errors &); |
4d16918e | 25 | |
13cd7dee AJ |
26 | /// The Security::ErrorCode code of the error described by "name". |
27 | Security::ErrorCode GetErrorCode(const char *name); | |
02259ff8 | 28 | |
13cd7dee AJ |
29 | /// The string representation of the TLS error "value" |
30 | const char *GetErrorName(Security::ErrorCode value); | |
4d16918e | 31 | |
13cd7dee AJ |
32 | /// A short description of the TLS error "value" |
33 | const char *GetErrorDescr(Security::ErrorCode value); | |
cf09bec7 | 34 | |
83f8d8f9 | 35 | /// \return true if the TLS error is optional and may not be supported by current squid version |
645deacc CT |
36 | bool ErrorIsOptional(const char *name); |
37 | ||
4d16918e | 38 | /** |
4d16918e CT |
39 | * Used to pass SSL error details to the error pages returned to the |
40 | * end user. | |
41 | */ | |
e34763f4 A |
42 | class ErrorDetail |
43 | { | |
4d16918e | 44 | public: |
de878a55 | 45 | // if broken certificate is nil, the peer certificate is broken |
13cd7dee | 46 | ErrorDetail(Security::ErrorCode err_no, X509 *peer, X509 *broken, const char *aReason = NULL); |
4d16918e CT |
47 | ErrorDetail(ErrorDetail const &); |
48 | const String &toString() const; ///< An error detail string to embed in squid error pages | |
1febfec5 | 49 | void useRequest(HttpRequest *aRequest) { if (aRequest != NULL) request = aRequest;} |
e4a8468d CT |
50 | /// The error name to embed in squid error pages |
51 | const char *errorName() const {return err_code();} | |
2f3e52b5 | 52 | /// The error no |
13cd7dee | 53 | Security::ErrorCode errorNo() const {return error_no;} |
8e9bae99 CT |
54 | ///Sets the low-level error returned by OpenSSL ERR_get_error() |
55 | void setLibError(unsigned long lib_err_no) {lib_error_no = lib_err_no;} | |
7a957a93 | 56 | /// the peer certificate |
061bbdec | 57 | X509 *peerCert() { return peer_cert.get(); } |
de878a55 CT |
58 | /// peer or intermediate certificate that failed validation |
59 | X509 *brokenCert() {return broken_cert.get(); } | |
4d16918e CT |
60 | private: |
61 | typedef const char * (ErrorDetail::*fmt_action_t)() const; | |
62 | /** | |
63 | * Holds a formating code and its conversion method | |
64 | */ | |
e34763f4 A |
65 | class err_frm_code |
66 | { | |
4d16918e CT |
67 | public: |
68 | const char *code; ///< The formating code | |
69 | fmt_action_t fmt_action; ///< A pointer to the conversion method | |
70 | }; | |
71 | static err_frm_code ErrorFormatingCodes[]; ///< The supported formating codes | |
72 | ||
73 | const char *subject() const; | |
74 | const char *ca_name() const; | |
75 | const char *cn() const; | |
76 | const char *notbefore() const; | |
77 | const char *notafter() const; | |
78 | const char *err_code() const; | |
cf09bec7 | 79 | const char *err_descr() const; |
8e9bae99 | 80 | const char *err_lib_error() const; |
4d16918e CT |
81 | |
82 | int convert(const char *code, const char **value) const; | |
83 | void buildDetail() const; | |
e34763f4 | 84 | |
4d16918e | 85 | mutable String errDetailStr; ///< Caches the error detail message |
13cd7dee | 86 | Security::ErrorCode error_no; ///< The error code |
8e9bae99 | 87 | unsigned long lib_error_no; ///< low-level error returned by OpenSSL ERR_get_error(3SSL) |
f97700a0 AJ |
88 | Security::CertPointer peer_cert; ///< A pointer to the peer certificate |
89 | Security::CertPointer broken_cert; ///< A pointer to the broken certificate (peer or intermediate) | |
2cef0ca6 | 90 | String errReason; ///< A custom reason for error, else retrieved from OpenSSL. |
02259ff8 CT |
91 | mutable ErrorDetailEntry detailEntry; |
92 | HttpRequest::Pointer request; | |
4d16918e CT |
93 | }; |
94 | ||
95 | }//namespace Ssl | |
96 | #endif | |
f53969cc | 97 |