2 * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 #ifndef _SQUID_SSL_ERROR_DETAIL_H
10 #define _SQUID_SSL_ERROR_DETAIL_H
12 #include "err_detail_type.h"
13 #include "ErrorDetailManager.h"
14 #include "HttpRequest.h"
16 #if HAVE_OPENSSL_SSL_H
17 #include <openssl/ssl.h>
23 \ingroup ServerProtocolSSLAPI
24 * Converts user-friendly error "name" into an Ssl::Errors list.
25 * The resulting list may have one or more elements, and needs to be
26 * released by the caller.
27 * This function can handle numeric error numbers as well as names.
29 Ssl::Errors
*ParseErrorString(const char *name
);
32 \ingroup ServerProtocolSSLAPI
33 * The ssl_error_t code of the error described by "name".
35 ssl_error_t
GetErrorCode(const char *name
);
38 \ingroup ServerProtocolSSLAPI
39 * The string representation of the SSL error "value"
41 const char *GetErrorName(ssl_error_t value
);
44 \ingroup ServerProtocolSSLAPI
45 * A short description of the SSL error "value"
47 const char *GetErrorDescr(ssl_error_t value
);
50 \ingroup ServerProtocolSSLAPI
51 * Return true if the SSL error is optional and may not supported
52 * by current squid version
55 bool ErrorIsOptional(const char *name
);
58 \ingroup ServerProtocolSSLAPI
59 * Used to pass SSL error details to the error pages returned to the
65 // if broken certificate is nil, the peer certificate is broken
66 ErrorDetail(ssl_error_t err_no
, X509
*peer
, X509
*broken
, const char *aReason
= NULL
);
67 ErrorDetail(ErrorDetail
const &);
68 const String
&toString() const; ///< An error detail string to embed in squid error pages
69 void useRequest(HttpRequest
*aRequest
) { if (aRequest
!= NULL
) request
= aRequest
;}
70 /// The error name to embed in squid error pages
71 const char *errorName() const {return err_code();}
73 ssl_error_t
errorNo() const {return error_no
;}
74 ///Sets the low-level error returned by OpenSSL ERR_get_error()
75 void setLibError(unsigned long lib_err_no
) {lib_error_no
= lib_err_no
;}
76 /// the peer certificate
77 X509
*peerCert() { return peer_cert
.get(); }
78 /// peer or intermediate certificate that failed validation
79 X509
*brokenCert() {return broken_cert
.get(); }
81 typedef const char * (ErrorDetail::*fmt_action_t
)() const;
83 * Holds a formating code and its conversion method
88 const char *code
; ///< The formating code
89 fmt_action_t fmt_action
; ///< A pointer to the conversion method
91 static err_frm_code ErrorFormatingCodes
[]; ///< The supported formating codes
93 const char *subject() const;
94 const char *ca_name() const;
95 const char *cn() const;
96 const char *notbefore() const;
97 const char *notafter() const;
98 const char *err_code() const;
99 const char *err_descr() const;
100 const char *err_lib_error() const;
102 int convert(const char *code
, const char **value
) const;
103 void buildDetail() const;
105 mutable String errDetailStr
; ///< Caches the error detail message
106 ssl_error_t error_no
; ///< The error code
107 unsigned long lib_error_no
; ///< low-level error returned by OpenSSL ERR_get_error(3SSL)
108 X509_Pointer peer_cert
; ///< A pointer to the peer certificate
109 X509_Pointer broken_cert
; ///< A pointer to the broken certificate (peer or intermediate)
110 String errReason
; ///< A custom reason for error, else retrieved from OpenSSL.
111 mutable ErrorDetailEntry detailEntry
;
112 HttpRequest::Pointer request
;