#if USE_OPENSSL
static char *
-sslErrorName(Ssl::ssl_error_t err, char *buf, size_t size)
+sslErrorName(Security::ErrorCode err, char *buf, size_t size)
{
snprintf(buf, size, "SSL_ERR=%d", err);
return buf;
#endif
class EncryptorAnswer;
+
+/// Squid defined error code (<0), an error code returned by X.509 API, or SSL_ERROR_NONE
+typedef int ErrorCode;
+
class KeyData;
class PeerConnector;
class PeerOptions;
#include <map>
struct SslErrorEntry {
- Ssl::ssl_error_t value;
+ Security::ErrorCode value;
const char *name;
};
static const char *SslErrorDetailDefaultStr = "SSL handshake error (%err_name)";
//Use std::map to optimize search
-typedef std::map<Ssl::ssl_error_t, const SslErrorEntry *> SslErrors;
+typedef std::map<Security::ErrorCode, const SslErrorEntry *> SslErrors;
SslErrors TheSslErrors;
static SslErrorEntry TheSslErrorArray[] = {
struct SslErrorAlias {
const char *name;
- const Ssl::ssl_error_t *errors;
+ const Security::ErrorCode *errors;
};
-static const Ssl::ssl_error_t hasExpired[] = {X509_V_ERR_CERT_HAS_EXPIRED, SSL_ERROR_NONE};
-static const Ssl::ssl_error_t notYetValid[] = {X509_V_ERR_CERT_NOT_YET_VALID, SSL_ERROR_NONE};
-static const Ssl::ssl_error_t domainMismatch[] = {SQUID_X509_V_ERR_DOMAIN_MISMATCH, SSL_ERROR_NONE};
-static const Ssl::ssl_error_t certUntrusted[] = {X509_V_ERR_INVALID_CA,
+static const Security::ErrorCode hasExpired[] = {X509_V_ERR_CERT_HAS_EXPIRED, SSL_ERROR_NONE};
+static const Security::ErrorCode notYetValid[] = {X509_V_ERR_CERT_NOT_YET_VALID, SSL_ERROR_NONE};
+static const Security::ErrorCode domainMismatch[] = {SQUID_X509_V_ERR_DOMAIN_MISMATCH, SSL_ERROR_NONE};
+static const Security::ErrorCode certUntrusted[] = {X509_V_ERR_INVALID_CA,
X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN,
X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE,
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT,
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
X509_V_ERR_CERT_UNTRUSTED, SSL_ERROR_NONE
};
-static const Ssl::ssl_error_t certSelfSigned[] = {X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, SSL_ERROR_NONE};
+static const Security::ErrorCode certSelfSigned[] = {X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, SSL_ERROR_NONE};
// The list of error name shortcuts for use with ssl_error acls.
// The keys without the "ssl::" scope prefix allow shorter error
};
// Use std::map to optimize search.
-typedef std::map<std::string, const Ssl::ssl_error_t *> SslErrorShortcuts;
+typedef std::map<std::string, const Security::ErrorCode *> SslErrorShortcuts;
SslErrorShortcuts TheSslErrorShortcuts;
static void loadSslErrorMap()
TheSslErrorShortcuts[TheSslErrorShortcutsArray[i].name] = TheSslErrorShortcutsArray[i].errors;
}
-Ssl::ssl_error_t Ssl::GetErrorCode(const char *name)
+Security::ErrorCode Ssl::GetErrorCode(const char *name)
{
//TODO: use a std::map?
for (int i = 0; TheSslErrorArray[i].name != NULL; ++i) {
{
assert(name);
- const Ssl::ssl_error_t ssl_error = GetErrorCode(name);
+ const Security::ErrorCode ssl_error = GetErrorCode(name);
if (ssl_error != SSL_ERROR_NONE)
return new Ssl::Errors(ssl_error);
return NULL; // not reached
}
-const char *Ssl::GetErrorName(Ssl::ssl_error_t value)
+const char *Ssl::GetErrorName(Security::ErrorCode value)
{
if (TheSslErrors.empty())
loadSslErrorMap();
}
const char *
-Ssl::GetErrorDescr(Ssl::ssl_error_t value)
+Ssl::GetErrorDescr(Security::ErrorCode value)
{
return ErrorDetailsManager::GetInstance().getDefaultErrorDescr(value);
}
return errDetailStr;
}
-Ssl::ErrorDetail::ErrorDetail( Ssl::ssl_error_t err_no, X509 *cert, X509 *broken, const char *aReason): error_no (err_no), lib_error_no(SSL_ERROR_NONE), errReason(aReason)
+Ssl::ErrorDetail::ErrorDetail( Security::ErrorCode err_no, X509 *cert, X509 *broken, const char *aReason): error_no (err_no), lib_error_no(SSL_ERROR_NONE), errReason(aReason)
{
if (cert)
peer_cert.resetAndLock(cert);
*/
Ssl::Errors *ParseErrorString(const char *name);
-/**
- \ingroup ServerProtocolSSLAPI
- * The ssl_error_t code of the error described by "name".
- */
-ssl_error_t GetErrorCode(const char *name);
+/// The Security::ErrorCode code of the error described by "name".
+Security::ErrorCode GetErrorCode(const char *name);
-/**
- \ingroup ServerProtocolSSLAPI
- * The string representation of the SSL error "value"
- */
-const char *GetErrorName(ssl_error_t value);
+/// The string representation of the TLS error "value"
+const char *GetErrorName(Security::ErrorCode value);
-/**
- \ingroup ServerProtocolSSLAPI
- * A short description of the SSL error "value"
- */
-const char *GetErrorDescr(ssl_error_t value);
+/// A short description of the TLS error "value"
+const char *GetErrorDescr(Security::ErrorCode value);
/**
\ingroup ServerProtocolSSLAPI
{
public:
// if broken certificate is nil, the peer certificate is broken
- ErrorDetail(ssl_error_t err_no, X509 *peer, X509 *broken, const char *aReason = NULL);
+ ErrorDetail(Security::ErrorCode err_no, X509 *peer, X509 *broken, const char *aReason = NULL);
ErrorDetail(ErrorDetail const &);
const String &toString() const; ///< An error detail string to embed in squid error pages
void useRequest(HttpRequest *aRequest) { if (aRequest != NULL) request = aRequest;}
/// The error name to embed in squid error pages
const char *errorName() const {return err_code();}
/// The error no
- ssl_error_t errorNo() const {return error_no;}
+ Security::ErrorCode errorNo() const {return error_no;}
///Sets the low-level error returned by OpenSSL ERR_get_error()
void setLibError(unsigned long lib_err_no) {lib_error_no = lib_err_no;}
/// the peer certificate
void buildDetail() const;
mutable String errDetailStr; ///< Caches the error detail message
- ssl_error_t error_no; ///< The error code
+ Security::ErrorCode error_no; ///< The error code
unsigned long lib_error_no; ///< low-level error returned by OpenSSL ERR_get_error(3SSL)
Security::CertPointer peer_cert; ///< A pointer to the peer certificate
Security::CertPointer broken_cert; ///< A pointer to the broken certificate (peer or intermediate)
/******************/
bool
-Ssl::ErrorDetailsList::getRecord(Ssl::ssl_error_t value, ErrorDetailEntry &entry)
+Ssl::ErrorDetailsList::getRecord(Security::ErrorCode value, ErrorDetailEntry &entry)
{
const ErrorDetails::const_iterator it = theList.find(value);
if (it != theList.end()) {
}
const char *
-Ssl::ErrorDetailsList::getErrorDescr(Ssl::ssl_error_t value)
+Ssl::ErrorDetailsList::getErrorDescr(Security::ErrorCode value)
{
const ErrorDetails::const_iterator it = theList.find(value);
if (it != theList.end()) {
}
const char *
-Ssl::ErrorDetailsList::getErrorDetail(Ssl::ssl_error_t value)
+Ssl::ErrorDetailsList::getErrorDetail(Security::ErrorCode value)
{
const ErrorDetails::const_iterator it = theList.find(value);
if (it != theList.end()) {
}
bool
-Ssl::ErrorDetailsManager::getErrorDetail(Ssl::ssl_error_t value, const HttpRequest::Pointer &request, ErrorDetailEntry &entry)
+Ssl::ErrorDetailsManager::getErrorDetail(Security::ErrorCode value, const HttpRequest::Pointer &request, ErrorDetailEntry &entry)
{
#if USE_ERR_LOCALES
String hdr;
}
const char *
-Ssl::ErrorDetailsManager::getDefaultErrorDescr(Ssl::ssl_error_t value)
+Ssl::ErrorDetailsManager::getDefaultErrorDescr(Security::ErrorCode value)
{
return theDefaultErrorDetails->getErrorDescr(value);
}
const char *
-Ssl::ErrorDetailsManager::getDefaultErrorDetail(Ssl::ssl_error_t value)
+Ssl::ErrorDetailsManager::getDefaultErrorDetail(Security::ErrorCode value)
{
return theDefaultErrorDetails->getErrorDetail(value);
}
return false;
}
- Ssl::ssl_error_t ssl_error = Ssl::GetErrorCode(errorName.termedBuf());
+ Security::ErrorCode ssl_error = Ssl::GetErrorCode(errorName.termedBuf());
if (ssl_error != SSL_ERROR_NONE) {
if (theDetails->getErrorDetail(ssl_error)) {
class ErrorDetailEntry
{
public:
- Ssl::ssl_error_t error_no; ///< The SSL error code
+ Security::ErrorCode error_no; ///< The SSL error code
String name; ///< a name for the error
String detail; ///< for error page %D macro expansion; may contain macros
String descr; ///< short error description (for use in debug messages or error pages)
* Retrieves the error details for a given error to "entry" object
* \return true on success, false otherwise
*/
- bool getRecord(Ssl::ssl_error_t value, ErrorDetailEntry &entry);
- const char *getErrorDescr(Ssl::ssl_error_t value); ///< an error description for an error if exist in list.
- const char *getErrorDetail(Ssl::ssl_error_t value); ///< an error details for an error if exist in list.
+ bool getRecord(Security::ErrorCode value, ErrorDetailEntry &entry);
+ const char *getErrorDescr(Security::ErrorCode value); ///< an error description for an error if exist in list.
+ const char *getErrorDetail(Security::ErrorCode value); ///< an error details for an error if exist in list.
String errLanguage; ///< The language of the error-details.txt template, if any
- typedef std::map<Ssl::ssl_error_t, ErrorDetailEntry> ErrorDetails;
+ typedef std::map<Security::ErrorCode, ErrorDetailEntry> ErrorDetails;
ErrorDetails theList; ///< The list of error details entries
};
* \param entry where to store error details
* \return true on success, false otherwise
*/
- bool getErrorDetail(Ssl::ssl_error_t value, const HttpRequest::Pointer &request, ErrorDetailEntry &entry);
- const char *getDefaultErrorDescr(Ssl::ssl_error_t value); ///< the default error description for a given error
- const char *getDefaultErrorDetail(Ssl::ssl_error_t value); ///< the default error details for a given error
+ bool getErrorDetail(Security::ErrorCode value, const HttpRequest::Pointer &request, ErrorDetailEntry &entry);
+ const char *getDefaultErrorDescr(Security::ErrorCode value); ///< the default error description for a given error
+ const char *getDefaultErrorDetail(Security::ErrorCode value); ///< the default error details for a given error
private:
/// Return cached error details list for a given language if exist
RecvdError & operator =(const RecvdError &);
void setCert(X509 *); ///< Sets cert to the given certificate
int id; ///< The id of the error
- ssl_error_t error_no; ///< The OpenSSL error code
+ Security::ErrorCode error_no; ///< The OpenSSL error code
std::string error_reason; ///< A string describing the error
Security::CertPointer cert; ///< The broken certificate
int error_depth; ///< The error depth
ssl_verify_cb(int ok, X509_STORE_CTX * ctx)
{
// preserve original ctx->error before SSL_ calls can overwrite it
- Ssl::ssl_error_t error_no = ok ? SSL_ERROR_NONE : ctx->error;
+ Security::ErrorCode error_no = ok ? SSL_ERROR_NONE : ctx->error;
char buffer[256] = "";
SSL *ssl = (SSL *)X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
return SslCreate(sslContext, c, Ssl::Bio::BIO_TO_CLIENT, squidCtx);
}
-Ssl::CertError::CertError(ssl_error_t anErr, X509 *aCert, int aDepth): code(anErr), depth(aDepth)
+Ssl::CertError::CertError(Security::ErrorCode anErr, X509 *aCert, int aDepth): code(anErr), depth(aDepth)
{
cert.resetAndLock(aCert);
}
/// call before generating any SSL context
void Initialize();
-/// Squid defined error code (<0), an error code returned by SSL X509 api, or SSL_ERROR_NONE
-typedef int ssl_error_t;
-
-typedef CbDataList<Ssl::ssl_error_t> Errors;
+typedef CbDataList<Security::ErrorCode> Errors;
class ErrorDetail;
class CertValidationResponse;
class CertError
{
public:
- ssl_error_t code; ///< certificate error code
+ Security::ErrorCode code; ///< certificate error code
Security::CertPointer cert; ///< certificate with the above error code
/**
* Absolute cert position in the final certificate chain that may include
* towards the root certificate. Negative if unknown.
*/
int depth;
- CertError(ssl_error_t anErr, X509 *aCert, int depth = -1);
+ CertError(Security::ErrorCode anErr, X509 *aCert, int depth = -1);
bool operator == (const CertError &ce) const {
// We expect to be used in contexts where identical certificates have
// identical pointers.
//Ssl::GlobalContextStorage Ssl::TheGlobalContextStorage;
#include "ssl/ErrorDetail.h"
-Ssl::ssl_error_t parseErrorString(const char *name) STUB_RETVAL(0)
-//const char *Ssl::getErrorName(ssl_error_t value) STUB_RETVAL(NULL)
-Ssl::ErrorDetail::ErrorDetail(ssl_error_t err_no, X509 *, X509 *, const char *) STUB
+Security::ErrorCode parseErrorString(const char *name) STUB_RETVAL(0)
+//const char *Ssl::getErrorName(Security::ErrorCode value) STUB_RETVAL(NULL)
+Ssl::ErrorDetail::ErrorDetail(Security::ErrorCode, X509 *, X509 *, const char *) STUB
Ssl::ErrorDetail::ErrorDetail(ErrorDetail const &) STUB
const String & Ssl::ErrorDetail::toString() const STUB_RETSTATREF(String)
#include "ssl/support.h"
namespace Ssl
{
-//CertError::CertError(ssl_error_t anErr, X509 *aCert) STUB
-//CertError::CertError(CertError const &err) STUB
+//CertError::CertError(Security::ErrorCode, X509 *) STUB
bool InitServerContext(const Security::ContextPointer &, AnyP::PortCfg &) STUB_RETVAL(false)
bool InitClientContext(Security::ContextPtr &, Security::PeerOptions &, long, const char *) STUB_RETVAL(false)
} // namespace Ssl
projects / thirdparty / squid.git / commitdiff
