2 * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 #ifndef _SQUID_SSL_ERROR_DETAIL_H
10 #define _SQUID_SSL_ERROR_DETAIL_H
12 #include "err_detail_type.h"
13 #include "ErrorDetailManager.h"
14 #include "HttpRequest.h"
15 #include "security/forward.h"
20 \ingroup ServerProtocolSSLAPI
21 * Converts user-friendly error "name" into an Ssl::Errors list.
22 * The resulting list may have one or more elements, and needs to be
23 * released by the caller.
24 * This function can handle numeric error numbers as well as names.
26 Ssl::Errors
*ParseErrorString(const char *name
);
29 \ingroup ServerProtocolSSLAPI
30 * The ssl_error_t code of the error described by "name".
32 ssl_error_t
GetErrorCode(const char *name
);
35 \ingroup ServerProtocolSSLAPI
36 * The string representation of the SSL error "value"
38 const char *GetErrorName(ssl_error_t value
);
41 \ingroup ServerProtocolSSLAPI
42 * A short description of the SSL error "value"
44 const char *GetErrorDescr(ssl_error_t value
);
47 \ingroup ServerProtocolSSLAPI
48 * Return true if the SSL error is optional and may not supported
49 * by current squid version
52 bool ErrorIsOptional(const char *name
);
55 \ingroup ServerProtocolSSLAPI
56 * Used to pass SSL error details to the error pages returned to the
62 // if broken certificate is nil, the peer certificate is broken
63 ErrorDetail(ssl_error_t err_no
, X509
*peer
, X509
*broken
, const char *aReason
= NULL
);
64 ErrorDetail(ErrorDetail
const &);
65 const String
&toString() const; ///< An error detail string to embed in squid error pages
66 void useRequest(HttpRequest
*aRequest
) { if (aRequest
!= NULL
) request
= aRequest
;}
67 /// The error name to embed in squid error pages
68 const char *errorName() const {return err_code();}
70 ssl_error_t
errorNo() const {return error_no
;}
71 ///Sets the low-level error returned by OpenSSL ERR_get_error()
72 void setLibError(unsigned long lib_err_no
) {lib_error_no
= lib_err_no
;}
73 /// the peer certificate
74 X509
*peerCert() { return peer_cert
.get(); }
75 /// peer or intermediate certificate that failed validation
76 X509
*brokenCert() {return broken_cert
.get(); }
78 typedef const char * (ErrorDetail::*fmt_action_t
)() const;
80 * Holds a formating code and its conversion method
85 const char *code
; ///< The formating code
86 fmt_action_t fmt_action
; ///< A pointer to the conversion method
88 static err_frm_code ErrorFormatingCodes
[]; ///< The supported formating codes
90 const char *subject() const;
91 const char *ca_name() const;
92 const char *cn() const;
93 const char *notbefore() const;
94 const char *notafter() const;
95 const char *err_code() const;
96 const char *err_descr() const;
97 const char *err_lib_error() const;
99 int convert(const char *code
, const char **value
) const;
100 void buildDetail() const;
102 mutable String errDetailStr
; ///< Caches the error detail message
103 ssl_error_t error_no
; ///< The error code
104 unsigned long lib_error_no
; ///< low-level error returned by OpenSSL ERR_get_error(3SSL)
105 Security::CertPointer peer_cert
; ///< A pointer to the peer certificate
106 Security::CertPointer broken_cert
; ///< A pointer to the broken certificate (peer or intermediate)
107 String errReason
; ///< A custom reason for error, else retrieved from OpenSSL.
108 mutable ErrorDetailEntry detailEntry
;
109 HttpRequest::Pointer request
;