Separate SSL error detail name and message

Currently, SSL error detail in Squid-generated error pages (%D) contains
both the error name and the explanation text. Some folks using this feature
want to render the two pieces of information differently because the error
name is not something most end-users should read or focus on.

This patch adds the "%x" error page formating code which prints the error name,
and removes the error name (%err_name) from SSL error detail messages.

This is a Measurement Factory project

diff --git a/src/cf.data.pre b/src/cf.data.pre
index 72351a644833d69272ef1eee9f13ac5ec98495ac..9d7fb39cde29add85c56620c266d0ae43a68d3bc 100644 (file)
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -6034,6 +6034,7 @@ DOC_START
                          (HTTPS URLs terminate with *)
                %u      - Full canonical URL from client
                %w      - Admin email from squid.conf
+               %x      - Error name
                %%      - Literal percent (%) code
 
 DOC_END

diff --git a/src/errorpage.cc b/src/errorpage.cc
index 8c8308b80217ad84a91b6b84d9e76cfe50fed1e4..563f10af2445a85e3a65cd2cd699211cd75db830 100644 (file)
--- a/src/errorpage.cc
+++ b/src/errorpage.cc
@@ -922,6 +922,13 @@ ErrorState::Convert(char token, bool building_deny_info_url, bool allowRecursion
         no_urlescape = 1;
         break;
 
+    case 'x':
+        if (detail)
+            mb.Printf("%s", detail->errorName());
+        else if (!building_deny_info_url)
+            p = "[Unknown Error Code]";
+        break;
+
     case 'z':
         if (building_deny_info_url) break;
         if (dnsError.size() > 0)

diff --git a/src/errorpage.h b/src/errorpage.h
index bd7a52dae7a475f55c6a0ab226818e17b6f2eab1..26d790f513e0872e1d713cfcb31569294e14ad88 100644 (file)
--- a/src/errorpage.h
+++ b/src/errorpage.h
@@ -80,6 +80,7 @@
    u - URL with password                        x
    w - cachemgr email address                   x
    W - error data (to be included in the mailto links)
+   x - error name                               x
    z - dns server error message                 x
    Z - Preformatted error message               x
  \endverbatim

diff --git a/src/ssl/ErrorDetail.cc b/src/ssl/ErrorDetail.cc
index 27190a5e58ee991ba2c474c3436e651688b37aa9..7c44cf774e356ae90acce64f231d674f43a779da 100644 (file)
--- a/src/ssl/ErrorDetail.cc
+++ b/src/ssl/ErrorDetail.cc
@@ -19,133 +19,133 @@ SslErrorDetails TheSslDetail;
 static SslErrorDetailEntry TheSslDetailArray[] = {
     {X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT,
         "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT",
-        "%err_name: SSL Certficate error: certificate issuer (CA) not known: %ssl_ca_name",
+        "SSL Certficate error: certificate issuer (CA) not known: %ssl_ca_name",
         "Unable to get issuer certificate"},
     {X509_V_ERR_UNABLE_TO_GET_CRL,
      "X509_V_ERR_UNABLE_TO_GET_CRL",
-     "%err_name: %ssl_error_descr: %ssl_subject",
+     "%ssl_error_descr: %ssl_subject",
      "Unable to get certificate CRL"},
     {X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE,
      "X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE",
-     "%err_name: %ssl_error_descr: %ssl_subject",
+     "%ssl_error_descr: %ssl_subject",
      "Unable to decrypt certificate's signature"},
     {X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE,
      "X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE",
-     "%err_name: %ssl_error_descr: %ssl_subject",
+     "%ssl_error_descr: %ssl_subject",
      "Unable to decrypt CRL's signature"},
     {X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY,
      "X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY",
-     "%err_name: Unable to decode issuer (CA) public key: %ssl_ca_name",
+     "Unable to decode issuer (CA) public key: %ssl_ca_name",
      "Unable to decode issuer public key"},
     {X509_V_ERR_CERT_SIGNATURE_FAILURE,
      "X509_V_ERR_CERT_SIGNATURE_FAILURE",
-     "%err_name: %ssl_error_descr: %ssl_subject",
+     "%ssl_error_descr: %ssl_subject",
      "Certificate signature failure"},
     {X509_V_ERR_CRL_SIGNATURE_FAILURE,
      "X509_V_ERR_CRL_SIGNATURE_FAILURE",
-     "%err_name: %ssl_error_descr: %ssl_subject",
+     "%ssl_error_descr: %ssl_subject",
      "CRL signature failure"},
     {X509_V_ERR_CERT_NOT_YET_VALID,
      "X509_V_ERR_CERT_NOT_YET_VALID",
-     "%err_name: SSL Certficate is not valid before: %ssl_notbefore",
+     "SSL Certficate is not valid before: %ssl_notbefore",
      "Certificate is not yet valid"},
     {X509_V_ERR_CERT_HAS_EXPIRED,
      "X509_V_ERR_CERT_HAS_EXPIRED",
-     "%err_name: SSL Certificate expired on: %ssl_notafter",
+     "SSL Certificate expired on: %ssl_notafter",
      "Certificate has expired"},
     {X509_V_ERR_CRL_NOT_YET_VALID,
      "X509_V_ERR_CRL_NOT_YET_VALID",
-     "%err_name: %ssl_error_descr: %ssl_subject",
+     "%ssl_error_descr: %ssl_subject",
      "CRL is not yet valid"},
     {X509_V_ERR_CRL_HAS_EXPIRED,
      "X509_V_ERR_CRL_HAS_EXPIRED",
-     "%err_name: %ssl_error_descr: %ssl_subject",
+     "%ssl_error_descr: %ssl_subject",
      "CRL has expired"},
     {X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD,
      "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD",
-     "%err_name: SSL Certificate has invalid start date (the 'not before' field): %ssl_subject",
+     "SSL Certificate has invalid start date (the 'not before' field): %ssl_subject",
      "Format error in certificate's notBefore field"},
     {X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD,
      "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD",
-     "%err_name: SSL Certificate has invalid expiration date (the 'not after' field): %ssl_subject",
+     "SSL Certificate has invalid expiration date (the 'not after' field): %ssl_subject",
      "Format error in certificate's notAfter field"},
     {X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD,
      "X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD",
-     "%err_name: %ssl_error_descr: %ssl_subject",
+     "%ssl_error_descr: %ssl_subject",
      "Format error in CRL's lastUpdate field"},
     {X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD,
      "X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD",
-     "%err_name: %ssl_error_descr: %ssl_subject",
+     "%ssl_error_descr: %ssl_subject",
      "Format error in CRL's nextUpdate field"},
     {X509_V_ERR_OUT_OF_MEM,
      "X509_V_ERR_OUT_OF_MEM",
-     "%err_name: %ssl_error_descr",
+     "%ssl_error_descr",
      "Out of memory"},
     {X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
      "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT",
-     "%err_name: Self-signed SSL Certificate: %ssl_subject",
+     "Self-signed SSL Certificate: %ssl_subject",
      "Self signed certificate"},
     {X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN,
      "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN",
-     "%err_name: Self-signed SSL Certificate in chain: %ssl_subject",
+     "Self-signed SSL Certificate in chain: %ssl_subject",
      "Self signed certificate in certificate chain"},
     {X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
      "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY",
-     "%err_name: SSL Certficate error: certificate issuer (CA) not known: %ssl_ca_name",
+     "SSL Certficate error: certificate issuer (CA) not known: %ssl_ca_name",
      "Unable to get local issuer certificate"},
     {X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE,
      "X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE",
-     "%err_name: %ssl_error_descr: %ssl_subject",
+     "%ssl_error_descr: %ssl_subject",
      "Unable to verify the first certificate"},
     {X509_V_ERR_CERT_CHAIN_TOO_LONG,
      "X509_V_ERR_CERT_CHAIN_TOO_LONG",
-     "%err_name: %ssl_error_descr: %ssl_subject",
+     "%ssl_error_descr: %ssl_subject",
      "Certificate chain too long"},
     {X509_V_ERR_CERT_REVOKED,
      "X509_V_ERR_CERT_REVOKED",
-     "%err_name: %ssl_error_descr: %ssl_subject",
+     "%ssl_error_descr: %ssl_subject",
      "Certificate revoked"},
     {X509_V_ERR_INVALID_CA,
      "X509_V_ERR_INVALID_CA",
-     "%err_name: %ssl_error_descr: %ssl_ca_name",
+     "%ssl_error_descr: %ssl_ca_name",
      "Invalid CA certificate"},
     {X509_V_ERR_PATH_LENGTH_EXCEEDED,
      "X509_V_ERR_PATH_LENGTH_EXCEEDED",
-     "%err_name: %ssl_error_descr: %ssl_subject",
+     "%ssl_error_descr: %ssl_subject",
      "Path length constraint exceeded"},
     {X509_V_ERR_INVALID_PURPOSE,
      "X509_V_ERR_INVALID_PURPOSE",
-     "%err_name: %ssl_error_descr: %ssl_subject",
+     "%ssl_error_descr: %ssl_subject",
      "Unsupported certificate purpose"},
     {X509_V_ERR_CERT_UNTRUSTED,
      "X509_V_ERR_CERT_UNTRUSTED",
-     "%err_name: %ssl_error_descr: %ssl_subject",
+     "%ssl_error_descr: %ssl_subject",
      "Certificate not trusted"},
     {X509_V_ERR_CERT_REJECTED,
      "X509_V_ERR_CERT_REJECTED",
-     "%err_name: %ssl_error_descr: %ssl_subject",
+     "%ssl_error_descr: %ssl_subject",
      "Certificate rejected"},
     {X509_V_ERR_SUBJECT_ISSUER_MISMATCH,
      "X509_V_ERR_SUBJECT_ISSUER_MISMATCH",
-     "%err_name: %ssl_error_descr: %ssl_ca_name",
+     "%ssl_error_descr: %ssl_ca_name",
      "Subject issuer mismatch"},
     {X509_V_ERR_AKID_SKID_MISMATCH,
      "X509_V_ERR_AKID_SKID_MISMATCH",
-     "%err_name: %ssl_error_descr: %ssl_subject",
+     "%ssl_error_descr: %ssl_subject",
      "Authority and subject key identifier mismatch"},
     {X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH,
      "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH",
-     "%err_name: %ssl_error_descr: %ssl_ca_name",
+     "%ssl_error_descr: %ssl_ca_name",
      "Authority and issuer serial number mismatch"},
     {X509_V_ERR_KEYUSAGE_NO_CERTSIGN,
      "X509_V_ERR_KEYUSAGE_NO_CERTSIGN",
-     "%err_name: %ssl_error_descr: %ssl_subject",
+     "%ssl_error_descr: %ssl_subject",
      "Key usage does not include certificate signing"},
     {X509_V_ERR_APPLICATION_VERIFICATION,
      "X509_V_ERR_APPLICATION_VERIFICATION",
-     "%err_name: %ssl_error_descr: %ssl_subject",
+     "%ssl_error_descr: %ssl_subject",
      "Application verification failure"},
-    { SSL_ERROR_NONE, "SSL_ERROR_NONE", "%err_name: No error", "No error" },
+    { SSL_ERROR_NONE, "SSL_ERROR_NONE", "No error", "No error" },
     {SSL_ERROR_NONE, NULL, NULL, NULL }
 };
 

diff --git a/src/ssl/ErrorDetail.h b/src/ssl/ErrorDetail.h
index 4fac73ce0396d203593b064a02f819e5c81b6ef3..32486bb88ce4e94a54ac5b738c78d1dde9f807f5 100644 (file)
--- a/src/ssl/ErrorDetail.h
+++ b/src/ssl/ErrorDetail.h
@@ -49,6 +49,8 @@ public:
     ErrorDetail(ssl_error_t err_no, X509 *cert);
     ErrorDetail(ErrorDetail const &);
     const String &toString() const;  ///< An error detail string to embed in squid error pages
+    /// The error name to embed in squid error pages
+    const char *errorName() const {return err_code();}
 
 private:
     typedef const char * (ErrorDetail::*fmt_action_t)() const;