Report ERR_SECURE_CONNECT_FAIL details to the user via a new error detail API.
Currently, the ERR_SECURE_CONNECT_FAIL response contains no usable error
information. Moreover, there is no interface to pass SSL error information
to the response generation code.
This patch adds an interface to allow Squid error responses to contain detailed
information about SSL certificate verification failure. For example, the error
message may contain the following text:
"Server Certificate Verification Failed: Certificate Common Name
(www.lufthansa.com) does not match the host name you are connecting to
(www.lufthansa.de)."
This is a Measurement Factory project.
Change details:
--------------------
- errorpage.cc/.h: The error page now supports the '%D' formating code to
display the detail string passed by modules. The detail strings passed by
modules can contain error page formating codes. Currently only SSL detail
errors messages are supported.
- A new class Ssl::ErrorDetail defined in ssl/ErrorDetail.[cc,h]
The Ssl::ErrorDetail objects passed to the SSL verification callback functions
(sl_verify_cb callback function defined in support.cc) and filled with error
detail data (error_no and a pointer to the X509 Certificate) in the case of
an error and passed back to the forward.cc code.
- The Ssl::ErrorDetail class internally uses (hard coded) templates and
formating codes to allow supporting multiple languages and adding easily
new features
Other changes:
-------------------
- errorpage.cc/.h: The BuildContent method split to BuildContent and ConvertText
method. The second method does the real conversion from a given text template
to output. It is used now to allow formating the detail strings passed with
%D.
- sslparseErrorString moved to ssl/ErrorDetail.cc file and renamed to
Ssl::parseErrorString
- sslFindErrorString moved to ssl/ErrorDetail.cc file and renamed to
Ssl::getErrorName
- The ssl_error_t typedef definition moved from ssl/support.h to
ssl/ErrorDetail.h and renamed to Ssl::error_t