]> git.ipfire.org Git - thirdparty/squid.git/commit - src/FwdState.cc
projects / thirdparty / squid.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 41d00cd) | patch
Report ERR_SECURE_CONNECT_FAIL details to the user via a new error detail API.
authorChristos Tsantilas <chtsanti@users.sourceforge.net>
Mon, 13 Dec 2010 23:02:52 +0000 (01:02 +0200)
committerChristos Tsantilas <chtsanti@users.sourceforge.net>
Mon, 13 Dec 2010 23:02:52 +0000 (01:02 +0200)
commit4d16918eadf2b696b160599b3a013310da420ea7
treede4a79c76ce5dd9bcfacc99de25a546b2dd3051atree | snapshot
parent41d00cd39ee1d8d8ea0808b9c100069f151efa10commit | diff
Report ERR_SECURE_CONNECT_FAIL details to the user via a new error detail API.

Currently, the ERR_SECURE_CONNECT_FAIL response contains no usable error
information. Moreover, there is no interface to pass SSL error information
to the response generation code.

This patch adds an interface to allow Squid error responses to contain detailed
information about SSL certificate verification failure. For example, the error
message may contain the following text:
 "Server Certificate Verification Failed: Certificate Common Name
  (www.lufthansa.com) does not match the host name you are connecting to
  (www.lufthansa.de)."

This is a Measurement Factory project.

Change details:
--------------------

- errorpage.cc/.h: The error page now supports the '%D'  formating code to
  display the detail string passed by modules. The detail strings passed by
  modules can contain error page formating codes. Currently only SSL detail
  errors messages are supported.

- A new class Ssl::ErrorDetail defined in ssl/ErrorDetail.[cc,h]
  The Ssl::ErrorDetail objects passed to the SSL verification callback functions
  (sl_verify_cb callback function defined in support.cc) and filled with error
  detail data (error_no and a pointer to the X509 Certificate) in the case of
  an error and passed back to the forward.cc code.

- The Ssl::ErrorDetail class internally uses (hard coded) templates and
  formating codes to allow supporting multiple languages and adding easily
   new features

Other changes:
-------------------

- errorpage.cc/.h: The BuildContent method split to BuildContent and ConvertText
  method. The second method does the real conversion from a given text template
  to output. It is used now to allow formating the detail strings passed with
  %D.

 - sslparseErrorString moved to ssl/ErrorDetail.cc file and renamed to
   Ssl::parseErrorString

 - sslFindErrorString moved to ssl/ErrorDetail.cc file and renamed to
   Ssl::getErrorName

 - The ssl_error_t typedef definition moved from ssl/support.h to
   ssl/ErrorDetail.h and renamed to Ssl::error_t
src/acl/SslErrorData.cc diff | blob | blame | history
src/acl/SslErrorData.h diff | blob | blame | history
src/errorpage.cc diff | blob | blame | history
src/errorpage.h diff | blob | blame | history
src/forward.cc diff | blob | blame | history
src/globals.h diff | blob | blame | history
src/ssl/ErrorDetail.cc [new file with mode: 0644] blob
src/ssl/ErrorDetail.h [new file with mode: 0644] blob
src/ssl/Makefile.am diff | blob | blame | history
src/ssl/support.cc diff | blob | blame | history
src/ssl/support.h diff | blob | blame | history
Mirror of https://github.com/squid-cache/squid.git