return (NULL);
}
memcpy((char *) PDU->enterprise, (char *) objid,
- PDU->enterprise_length * sizeof(oid));
+ PDU->enterprise_length * sizeof(oid));
/* Agent-addr */
four = 4;
printf("VARS: Copying name OID. (Size %d)\n", Src->name_length);
#endif
memcpy((char *) Dest->name, (char *) Src->name,
- Src->name_length * sizeof(oid));
+ Src->name_length * sizeof(oid));
}
/* CISCO Catalyst 2900 returns NULL strings as data of length 0. */
if ((Src->val.string != NULL) &&
maxfd = Biggest_FD + 1;
memcpy(&readfds, &global_readfds,
- howmany(maxfd, FD_MASK_BITS) * FD_MASK_BYTES);
+ howmany(maxfd, FD_MASK_BITS) * FD_MASK_BYTES);
memcpy(&writefds, &global_writefds,
- howmany(maxfd, FD_MASK_BITS) * FD_MASK_BYTES);
+ howmany(maxfd, FD_MASK_BITS) * FD_MASK_BYTES);
/* remove stalled FDs, and deal with pending descriptors */
pending = 0;
#endif
Ssl::ErrorDetail *errFromFailure = (Ssl::ErrorDetail *)SSL_get_ex_data(ssl, ssl_ex_index_ssl_error_detail);
- if (errFromFailure != NULL){
+ if (errFromFailure != NULL) {
// The errFromFailure is attached to the ssl object
// and will be released when ssl object destroyed.
// Copy errFromFailure to a new Ssl::ErrorDetail object
sio->offset_ += len;
memcpy(cstate->requestbuf, &cstate->readbuffer[cstate->requestoffset],
- cstate->requestlen);
+ cstate->requestlen);
rlen = (size_t) cstate->requestlen;
}
// TODO: optimize by replacing with std::map or similar
static SslErrorDetailEntry TheSslDetailMap[] = {
- { SQUID_X509_V_ERR_DOMAIN_MISMATCH,
- "SQUID_X509_V_ERR_DOMAIN_MISMATCH",
- "%err_name: The hostname you are connecting to (%H), does not match any of the Certificate valid names: %ssl_cn"},
+ { SQUID_X509_V_ERR_DOMAIN_MISMATCH,
+ "SQUID_X509_V_ERR_DOMAIN_MISMATCH",
+ "%err_name: The hostname you are connecting to (%H), does not match any of the Certificate valid names: %ssl_cn"},
{ X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT,
"X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT",
"%err_name: SSL Certficate error: certificate issuer (CA) not known: %ssl_ca_name" },
return NULL;
}
-Ssl::ErrorDetail::err_frm_code Ssl::ErrorDetail::ErrorFormatingCodes[] =
-{
+Ssl::ErrorDetail::err_frm_code Ssl::ErrorDetail::ErrorFormatingCodes[] = {
{"ssl_subject", &Ssl::ErrorDetail::subject},
{"ssl_ca_name", &Ssl::ErrorDetail::ca_name},
{"ssl_cn", &Ssl::ErrorDetail::cn},
static char tmpBuffer[256]; // A temporary buffer
X509_NAME_oneline(X509_get_subject_name(peer_cert.get()), tmpBuffer,
- sizeof(tmpBuffer));
- return tmpBuffer;
+ sizeof(tmpBuffer));
+ return tmpBuffer;
}
// helper function to be used with Ssl::matchX509CommonNames
*value = (this->*action)();
return len;
}
- }
+ }
return 0;
}
/**
- * It uses the convert method to build the string errDetailStr using
- * a template message for the current SSL error. The template messages
+ * It uses the convert method to build the string errDetailStr using
+ * a template message for the current SSL error. The template messages
* can also contain normal error pages formating codes.
* Currently the error template messages are hard-coded
*/
errDetailStr.append(s, strlen(s));
}
-const String &Ssl::ErrorDetail::toString() const
-{
+const String &Ssl::ErrorDetail::toString() const
+{
if (!errDetailStr.defined())
buildDetail();
return errDetailStr;
}
-/* We may do not want to use X509_dup but instead
+/* We may do not want to use X509_dup but instead
internal SSL locking:
- CRYPTO_add(&(cert->references),1,CRYPTO_LOCK_X509);
+ CRYPTO_add(&(cert->references),1,CRYPTO_LOCK_X509);
peer_cert.reset(cert);
*/
Ssl::ErrorDetail::ErrorDetail( error_t err_no, X509 *cert): error_no (err_no)
#define SQUID_SSL_ERROR_MIN SQUID_X509_V_ERR_DOMAIN_MISMATCH
#define SQUID_SSL_ERROR_MAX INT_MAX
-namespace Ssl
+namespace Ssl
{
- /// Squid defined error code (<0), an error code returned by SSL X509 api, or SSL_ERROR_NONE
- typedef int error_t;
+/// Squid defined error code (<0), an error code returned by SSL X509 api, or SSL_ERROR_NONE
+typedef int error_t;
/**
\ingroup ServerProtocolSSLAPI
\ingroup ServerProtocolSSLAPI
* The string representation of the SSL error "value"
*/
-const char *getErrorName(error_t value);
+const char *getErrorName(error_t value);
/**
\ingroup ServerProtocolSSLAPI
* Used to pass SSL error details to the error pages returned to the
* end user.
*/
-class ErrorDetail {
+class ErrorDetail
+{
public:
ErrorDetail(error_t err_no, X509 *cert);
ErrorDetail(ErrorDetail const &);
/**
* Holds a formating code and its conversion method
*/
- class err_frm_code {
+ class err_frm_code
+ {
public:
const char *code; ///< The formating code
fmt_action_t fmt_action; ///< A pointer to the conversion method
int convert(const char *code, const char **value) const;
void buildDetail() const;
-
+
mutable String errDetailStr; ///< Caches the error detail message
error_t error_no; ///< The error code
- X509_Pointer peer_cert; ///< A pointer to the peer certificate
+ X509_Pointer peer_cert; ///< A pointer to the peer certificate
};
}//namespace Ssl
int write = 0;
bio = BIO_new(BIO_s_mem());
if (bio) {
- if (ASN1_TIME_print(bio, tm))
- write = BIO_read(bio, buf, len-1);
- BIO_free(bio);
+ if (ASN1_TIME_print(bio, tm))
+ write = BIO_read(bio, buf, len-1);
+ BIO_free(bio);
}
buf[write]='\0';
return write;
X509_NAME *name = X509_get_subject_name(peer_cert);
for (int i = X509_NAME_get_index_by_NID(name, NID_commonName, -1); i >= 0; i = X509_NAME_get_index_by_NID(name, NID_commonName, i)) {
-
+
ASN1_STRING *cn_data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
if ( (*check_func)(check_data, cn_data) == 0)
continue;
}
ASN1_STRING *cn_data = check->d.dNSName;
-
+
if ( (*check_func)(check_data, cn_data) == 0)
return 1;
}
char cn[1024];
const char *server = (const char *)check_data;
- if (cn_data->length > (int)sizeof(cn) - 1) {
+ if (cn_data->length > (int)sizeof(cn) - 1) {
return 1; //if does not fit our buffer just ignore
}
memcpy(cn, cn_data->data, cn_data->length);
if (ok) {
debugs(83, 5, "SSL Certificate signature OK: " << buffer);
- if (server) {
+ if (server) {
int found = Ssl::matchX509CommonNames(peer_cert, (void *)server, check_domain);
if (!found) {
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
debugs(83, 5, "SSL Certificate is self signed: " << buffer);
break;
-
+
default:
debugs(83, 1, "SSL unknown certificate error " << ctx->error << " in " << buffer);
break;
if (error_no != SSL_ERROR_NONE && !SSL_get_ex_data(ssl, ssl_ex_index_ssl_error_detail) ) {
Ssl::ErrorDetail *errDetail = new Ssl::ErrorDetail(error_no, peer_cert);
- if(!SSL_set_ex_data(ssl, ssl_ex_index_ssl_error_detail, errDetail)) {
+ if (!SSL_set_ex_data(ssl, ssl_ex_index_ssl_error_detail, errDetail)) {
debugs(83, 2, "Failed to set Ssl::ErrorDetail in ssl_verify_cb: Certificate " << buffer);
delete errDetail;
}
/**
\ingroup ServerProtocolSSLAPI
* Iterates over the X509 common and alternate names and to see if matches with given data
- * using the check_func.
+ * using the check_func.
\param peer_cert The X509 cert to check
\param check_data The data with which the X509 CNs compared
\param check_func The function used to match X509 CNs. The CN data passed as ASN1_STRING data
for (loop = 0; loop < number_caches; loop++) {
int i;
memcpy(&caches[loop],
- &wccp_i_see_you.wccp_cache_entry[loop].ip_addr,
- sizeof(*caches));
+ &wccp_i_see_you.wccp_cache_entry[loop].ip_addr,
+ sizeof(*caches));
for (i = 0; i < buckets_per_cache; i++) {
assert(bucket < WCCP_BUCKETS);
projects / thirdparty / squid.git / commitdiff
