src/ssl/ErrorDetail.h

   1 #ifndef _SQUID_SSL_ERROR_DETAIL_H
   2 #define _SQUID_SSL_ERROR_DETAIL_H
   3
   4 #include "err_detail_type.h"
   5 #include "HttpRequest.h"
   6 #include "ErrorDetailManager.h"
   7 #include "ssl/support.h"
   8 #include "ssl/gadgets.h"
   9
  10 #if HAVE_OPENSSL_SSL_H
  11 #include <openssl/ssl.h>
  12 #endif
  13
  14 namespace Ssl
  15 {
  16 /**
  17   \ingroup ServerProtocolSSLAPI
  18  * The Ssl::Errors representation of the error described by "name".
  19  * The result may be a single element of a list of errors, and needs to be
  20  * released by the caller.
  21  * This function also parses numeric arguments.
  22  */
  23 Ssl::Errors *ParseErrorString(const char *name);
  24
  25 /**
  26    \ingroup ServerProtocolSSLAPI
  27   * The ssl_error_t code of the error described by  "name".
  28   */
  29 ssl_error_t GetErrorCode(const char *name);
  30
  31 /**
  32    \ingroup ServerProtocolSSLAPI
  33  * The string representation of the SSL error "value"
  34  */
  35 const char *GetErrorName(ssl_error_t value);
  36
  37 /**
  38    \ingroup ServerProtocolSSLAPI
  39  * A short description of the SSL error "value"
  40  */
  41 const char *GetErrorDescr(ssl_error_t value);
  42
  43 /**
  44    \ingroup ServerProtocolSSLAPI
  45  * Used to pass SSL error details to the error pages returned to the
  46  * end user.
  47  */
  48 class ErrorDetail
  49 {
  50 public:
  51     // if broken certificate is nil, the peer certificate is broken
  52     ErrorDetail(ssl_error_t err_no, X509 *peer, X509 *broken);
  53     ErrorDetail(ErrorDetail const &);
  54     const String &toString() const;  ///< An error detail string to embed in squid error pages
  55     void useRequest(HttpRequest *aRequest) { if (aRequest != NULL) request = aRequest;}
  56     /// The error name to embed in squid error pages
  57     const char *errorName() const {return err_code();}
  58     /// The error no
  59     ssl_error_t errorNo() const {return error_no;}
  60     ///Sets the low-level error returned by OpenSSL ERR_get_error()
  61     void setLibError(unsigned long lib_err_no) {lib_error_no = lib_err_no;}
  62     ///The peer certificate
  63     X509 *peerCert() { return peer_cert.get(); }
  64     /// peer or intermediate certificate that failed validation
  65     X509 *brokenCert() {return broken_cert.get(); }
  66 private:
  67     typedef const char * (ErrorDetail::*fmt_action_t)() const;
  68     /**
  69      * Holds a formating code and its conversion method
  70      */
  71     class err_frm_code
  72     {
  73     public:
  74         const char *code;             ///< The formating code
  75         fmt_action_t fmt_action; ///< A pointer to the conversion method
  76     };
  77     static err_frm_code  ErrorFormatingCodes[]; ///< The supported formating codes
  78
  79     const char *subject() const;
  80     const char *ca_name() const;
  81     const char *cn() const;
  82     const char *notbefore() const;
  83     const char *notafter() const;
  84     const char *err_code() const;
  85     const char *err_descr() const;
  86     const char *err_lib_error() const;
  87
  88     int convert(const char *code, const char **value) const;
  89     void buildDetail() const;
  90
  91     mutable String errDetailStr; ///< Caches the error detail message
  92     ssl_error_t error_no;   ///< The error code
  93     unsigned long lib_error_no; ///< low-level error returned by OpenSSL ERR_get_error(3SSL)
  94     X509_Pointer peer_cert; ///< A pointer to the peer certificate
  95     X509_Pointer broken_cert; ///< A pointer to the broken certificate (peer or intermediate)
  96     mutable ErrorDetailEntry detailEntry;
  97     HttpRequest::Pointer request;
  98 };
  99
 100 }//namespace Ssl
 101 #endif