// WARNING: The STACK_OF(*) OpenSSL objects does not support locking.
// If we need to support locking we need to sk_X509_dup the STACK_OF(X509)
// list and lock all of the X509 members of the list.
- // Currently we do not use any locking for any of the members of the
- // Ssl::CertValidationRequest class. If the ssl object gone, the value returned
+ // Currently we do not use any locking for any of the members of the
+ // Ssl::CertValidationRequest class. If the ssl object gone, the value returned
// from SSL_get_peer_cert_chain may not exist any more. In this code the
// Ssl::CertValidationRequest object used only to pass data to
// Ssl::CertValidationHelper::submit method.
std::string error;
STACK_OF(X509) *peerCerts = SSL_get_peer_cert_chain(ssl);
if (replyMsg.parse(reply, strlen(reply)) != Ssl::CrtdMessage::OK ||
- !replyMsg.parseResponse(validationResponse, peerCerts, error) ) {
+ !replyMsg.parseResponse(validationResponse, peerCerts, error) ) {
debugs(83, 5, HERE << "Reply from ssl_crtvd for " << request->GetHost() << " is incorrect");
validatorFailed = true;
} else {
if (!errs)
errs = new Ssl::Errors(i->error_no);
- else
+ else
errs->push_back_unique(i->error_no);
}
#include "ssl/cert_validate_message.h"
#include "ssl/ErrorDetail.h"
-
void
Ssl::CertValidationMsg::composeRequest(CertValidationRequest const &vcert)
{
std::vector<CertItem> certs;
const char *param = body.c_str();
- while(*param) {
- while(xisspace(*param)) param++;
+ while (*param) {
+ while (xisspace(*param)) param++;
if (! *param)
break;
}
const char *value=param+param_len+1;
- if (param_len > param_cert.length() &&
- strncmp(param, param_cert.c_str(), param_cert.length()) == 0) {
+ if (param_len > param_cert.length() &&
+ strncmp(param, param_cert.c_str(), param_cert.length()) == 0) {
CertItem ci;
- ci.name.assign(param, param_len);
+ ci.name.assign(param, param_len);
X509_Pointer x509;
readCertFromMemory(x509, value);
ci.setCert(x509.get());
size_t value_len = strcspn(value, "\r\n");
std::string v(value, value_len);
- debugs(83, 5, HERE << "Returned value: " << std::string(param, param_len).c_str() << ": " <<
+ debugs(83, 5, HERE << "Returned value: " << std::string(param, param_len).c_str() << ": " <<
v.c_str());
int errorId = get_error_id(param, param_len);
Ssl::CertValidationResponse::RecvdError ¤tItem = resp.getError(errorId);
- if (param_len > param_error_name.length() &&
- strncmp(param, param_error_name.c_str(), param_error_name.length()) == 0){
+ if (param_len > param_error_name.length() &&
+ strncmp(param, param_error_name.c_str(), param_error_name.length()) == 0) {
currentItem.error_no = Ssl::GetErrorCode(v.c_str());
if (currentItem.error_no == SSL_ERROR_NONE) {
debugs(83, 2, "Cert validator response parse error: Unknown SSL Error: " << v);
return false;
}
- } else if (param_len > param_error_reason.length() &&
+ } else if (param_len > param_error_reason.length() &&
strncmp(param, param_error_reason.c_str(), param_error_reason.length()) == 0) {
currentItem.error_reason = v;
} else if (param_len > param_error_cert.length() &&
debugs(83, 2, "Cert validator response parse error: Unknown parameter name " << std::string(param, param_len).c_str());
return false;
}
-
param = value + value_len +1;
}
Ssl::CertValidationResponse::getError(int errorId)
{
typedef Ssl::CertValidationResponse::RecvdErrors::iterator SVCREI;
- for(SVCREI i = errors.begin(); i != errors.end(); ++i){
+ for (SVCREI i = errors.begin(); i != errors.end(); ++i) {
if (i->id == errorId)
return *i;
}
return errors.back();
}
-Ssl::CertValidationResponse::RecvdError::RecvdError(const RecvdError &old) {
+Ssl::CertValidationResponse::RecvdError::RecvdError(const RecvdError &old)
+{
error_no = old.error_no;
error_reason = old.error_reason;
cert = NULL;
setCert(old.cert);
}
-Ssl::CertValidationResponse::RecvdError::~RecvdError() {
+Ssl::CertValidationResponse::RecvdError::~RecvdError()
+{
if (cert)
X509_free(cert);
}
-Ssl::CertValidationResponse::RecvdError & Ssl::CertValidationResponse::RecvdError::operator = (const RecvdError &old) {
+Ssl::CertValidationResponse::RecvdError & Ssl::CertValidationResponse::RecvdError::operator = (const RecvdError &old)
+{
error_no = old.error_no;
error_reason = old.error_reason;
setCert(old.cert);
}
void
-Ssl::CertValidationResponse::RecvdError::setCert(X509 *aCert) {
+Ssl::CertValidationResponse::RecvdError::setCert(X509 *aCert)
+{
if (cert)
X509_free(cert);
if (aCert) {
const std::string Ssl::CertValidationMsg::param_domain("domain");
const std::string Ssl::CertValidationMsg::param_error("errors");
const std::string Ssl::CertValidationMsg::param_cert("cert_");
-const std::string Ssl::CertValidationMsg::param_error_name("error_name_");
+const std::string Ssl::CertValidationMsg::param_error_name("error_name_");
const std::string Ssl::CertValidationMsg::param_error_reason("error_reason_");
const std::string Ssl::CertValidationMsg::param_error_cert("error_cert_");
#include "ssl/crtd_message.h"
#include <vector>
-namespace Ssl
+namespace Ssl
{
/**
* This class is used to hold the required informations to build
* a request message for the certificate validator helper
*/
-class CertValidationRequest {
+class CertValidationRequest
+{
public:
STACK_OF(X509) *peerCerts; ///< The list of sent by SSL server
Errors *errors; ///< The list of errors detected
* This class is used to store informations found in certificate validation
* response messages read from certificate validator helper
*/
-class CertValidationResponse {
+class CertValidationResponse
+{
public:
/**
* This class used to hold error informations returned from
* cert validator helper.
*/
- class RecvdError{
+ class RecvdError
+ {
public:
RecvdError(): id(0), error_no(SSL_ERROR_NONE), cert(NULL) {}
RecvdError(const RecvdError &);
* The messages format is:
* <response/request code> <whitespace> <body length> <whitespace> <key=value> ...\1
*/
-class CertValidationMsg: public CrtdMessage {
+class CertValidationMsg: public CrtdMessage
+{
private:
/**
* This class used to hold the certId/cert pairs found
* in cert validation messages.
*/
- class CertItem {
+ class CertItem
+ {
public:
std::string name; ///< The certificate Id to use
X509 *cert; ///< A pointer to certificate
/// Parameter name for passing SSL errors
static const std::string param_error;
/// Parameter name for passing SSL certificates
- static const std::string param_cert;
+ static const std::string param_cert;
/// Parameter name for passing the major SSL error
- static const std::string param_error_name;
+ static const std::string param_error_name;
/// Parameter name for passing the error reason
- static const std::string param_error_reason;
+ static const std::string param_error_reason;
/// Parameter name for passing the error cert ID
static const std::string param_error_cert;
};