]>
Commit | Line | Data |
---|---|---|
bbc27441 | 1 | /* |
ef57eb7b | 2 | * Copyright (C) 1996-2016 The Squid Software Foundation and contributors |
bbc27441 AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
4d16918e CT |
9 | #ifndef _SQUID_SSL_ERROR_DETAIL_H |
10 | #define _SQUID_SSL_ERROR_DETAIL_H | |
11 | ||
12 | #include "err_detail_type.h" | |
02259ff8 | 13 | #include "ErrorDetailManager.h" |
c61fa8a1 | 14 | #include "HttpRequest.h" |
f97700a0 | 15 | #include "security/forward.h" |
4d16918e | 16 | |
e34763f4 | 17 | namespace Ssl |
4d16918e | 18 | { |
4d16918e | 19 | /** |
02259ff8 | 20 | \ingroup ServerProtocolSSLAPI |
7a957a93 AR |
21 | * Converts user-friendly error "name" into an Ssl::Errors list. |
22 | * The resulting list may have one or more elements, and needs to be | |
cf1c09f6 | 23 | * released by the caller. |
7a957a93 | 24 | * This function can handle numeric error numbers as well as names. |
4d16918e | 25 | */ |
cf1c09f6 | 26 | Ssl::Errors *ParseErrorString(const char *name); |
4d16918e | 27 | |
02259ff8 CT |
28 | /** |
29 | \ingroup ServerProtocolSSLAPI | |
30 | * The ssl_error_t code of the error described by "name". | |
31 | */ | |
32 | ssl_error_t GetErrorCode(const char *name); | |
33 | ||
4d16918e CT |
34 | /** |
35 | \ingroup ServerProtocolSSLAPI | |
36 | * The string representation of the SSL error "value" | |
37 | */ | |
5e430bf3 | 38 | const char *GetErrorName(ssl_error_t value); |
4d16918e | 39 | |
cf09bec7 CT |
40 | /** |
41 | \ingroup ServerProtocolSSLAPI | |
42 | * A short description of the SSL error "value" | |
43 | */ | |
44 | const char *GetErrorDescr(ssl_error_t value); | |
45 | ||
645deacc CT |
46 | /** |
47 | \ingroup ServerProtocolSSLAPI | |
48 | * Return true if the SSL error is optional and may not supported | |
49 | * by current squid version | |
50 | */ | |
51 | ||
52 | bool ErrorIsOptional(const char *name); | |
53 | ||
4d16918e CT |
54 | /** |
55 | \ingroup ServerProtocolSSLAPI | |
56 | * Used to pass SSL error details to the error pages returned to the | |
57 | * end user. | |
58 | */ | |
e34763f4 A |
59 | class ErrorDetail |
60 | { | |
4d16918e | 61 | public: |
de878a55 | 62 | // if broken certificate is nil, the peer certificate is broken |
2cef0ca6 | 63 | ErrorDetail(ssl_error_t err_no, X509 *peer, X509 *broken, const char *aReason = NULL); |
4d16918e CT |
64 | ErrorDetail(ErrorDetail const &); |
65 | const String &toString() const; ///< An error detail string to embed in squid error pages | |
1febfec5 | 66 | void useRequest(HttpRequest *aRequest) { if (aRequest != NULL) request = aRequest;} |
e4a8468d CT |
67 | /// The error name to embed in squid error pages |
68 | const char *errorName() const {return err_code();} | |
2f3e52b5 CT |
69 | /// The error no |
70 | ssl_error_t errorNo() const {return error_no;} | |
8e9bae99 CT |
71 | ///Sets the low-level error returned by OpenSSL ERR_get_error() |
72 | void setLibError(unsigned long lib_err_no) {lib_error_no = lib_err_no;} | |
7a957a93 | 73 | /// the peer certificate |
061bbdec | 74 | X509 *peerCert() { return peer_cert.get(); } |
de878a55 CT |
75 | /// peer or intermediate certificate that failed validation |
76 | X509 *brokenCert() {return broken_cert.get(); } | |
4d16918e CT |
77 | private: |
78 | typedef const char * (ErrorDetail::*fmt_action_t)() const; | |
79 | /** | |
80 | * Holds a formating code and its conversion method | |
81 | */ | |
e34763f4 A |
82 | class err_frm_code |
83 | { | |
4d16918e CT |
84 | public: |
85 | const char *code; ///< The formating code | |
86 | fmt_action_t fmt_action; ///< A pointer to the conversion method | |
87 | }; | |
88 | static err_frm_code ErrorFormatingCodes[]; ///< The supported formating codes | |
89 | ||
90 | const char *subject() const; | |
91 | const char *ca_name() const; | |
92 | const char *cn() const; | |
93 | const char *notbefore() const; | |
94 | const char *notafter() const; | |
95 | const char *err_code() const; | |
cf09bec7 | 96 | const char *err_descr() const; |
8e9bae99 | 97 | const char *err_lib_error() const; |
4d16918e CT |
98 | |
99 | int convert(const char *code, const char **value) const; | |
100 | void buildDetail() const; | |
e34763f4 | 101 | |
4d16918e | 102 | mutable String errDetailStr; ///< Caches the error detail message |
461b9576 | 103 | ssl_error_t error_no; ///< The error code |
8e9bae99 | 104 | unsigned long lib_error_no; ///< low-level error returned by OpenSSL ERR_get_error(3SSL) |
f97700a0 AJ |
105 | Security::CertPointer peer_cert; ///< A pointer to the peer certificate |
106 | Security::CertPointer broken_cert; ///< A pointer to the broken certificate (peer or intermediate) | |
2cef0ca6 | 107 | String errReason; ///< A custom reason for error, else retrieved from OpenSSL. |
02259ff8 CT |
108 | mutable ErrorDetailEntry detailEntry; |
109 | HttpRequest::Pointer request; | |
4d16918e CT |
110 | }; |
111 | ||
112 | }//namespace Ssl | |
113 | #endif | |
f53969cc | 114 |