2 * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 #ifndef _SQUID_SSL_ERROR_DETAIL_H
10 #define _SQUID_SSL_ERROR_DETAIL_H
12 #include "err_detail_type.h"
13 #include "ErrorDetailManager.h"
14 #include "HttpRequest.h"
15 #include "security/forward.h"
20 * Converts user-friendly error "name" into an Security::ErrorCode
21 * and adds it to the provided container (using emplace).
22 * This function can handle numeric error numbers as well as names.
24 bool ParseErrorString(const char *name
, Security::Errors
&);
26 /// The Security::ErrorCode code of the error described by "name".
27 Security::ErrorCode
GetErrorCode(const char *name
);
29 /// The string representation of the TLS error "value"
30 const char *GetErrorName(Security::ErrorCode value
);
32 /// A short description of the TLS error "value"
33 const char *GetErrorDescr(Security::ErrorCode value
);
35 /// \return true if the TLS error is optional and may not be supported by current squid version
36 bool ErrorIsOptional(const char *name
);
39 * Used to pass SSL error details to the error pages returned to the
45 // if broken certificate is nil, the peer certificate is broken
46 ErrorDetail(Security::ErrorCode err_no
, X509
*peer
, X509
*broken
, const char *aReason
= NULL
);
47 ErrorDetail(ErrorDetail
const &);
48 const String
&toString() const; ///< An error detail string to embed in squid error pages
49 void useRequest(HttpRequest
*aRequest
) { if (aRequest
!= NULL
) request
= aRequest
;}
50 /// The error name to embed in squid error pages
51 const char *errorName() const {return err_code();}
53 Security::ErrorCode
errorNo() const {return error_no
;}
54 ///Sets the low-level error returned by OpenSSL ERR_get_error()
55 void setLibError(unsigned long lib_err_no
) {lib_error_no
= lib_err_no
;}
56 /// the peer certificate
57 X509
*peerCert() { return peer_cert
.get(); }
58 /// peer or intermediate certificate that failed validation
59 X509
*brokenCert() {return broken_cert
.get(); }
61 typedef const char * (ErrorDetail::*fmt_action_t
)() const;
63 * Holds a formating code and its conversion method
68 const char *code
; ///< The formating code
69 fmt_action_t fmt_action
; ///< A pointer to the conversion method
71 static err_frm_code ErrorFormatingCodes
[]; ///< The supported formating codes
73 const char *subject() const;
74 const char *ca_name() const;
75 const char *cn() const;
76 const char *notbefore() const;
77 const char *notafter() const;
78 const char *err_code() const;
79 const char *err_descr() const;
80 const char *err_lib_error() const;
82 int convert(const char *code
, const char **value
) const;
83 void buildDetail() const;
85 mutable String errDetailStr
; ///< Caches the error detail message
86 Security::ErrorCode error_no
; ///< The error code
87 unsigned long lib_error_no
; ///< low-level error returned by OpenSSL ERR_get_error(3SSL)
88 Security::CertPointer peer_cert
; ///< A pointer to the peer certificate
89 Security::CertPointer broken_cert
; ///< A pointer to the broken certificate (peer or intermediate)
90 String errReason
; ///< A custom reason for error, else retrieved from OpenSSL.
91 mutable ErrorDetailEntry detailEntry
;
92 HttpRequest::Pointer request
;