From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Tue, 4 Dec 2012 12:49:21 +0000 (+0200)
Subject: Parse validation helper response bug
X-Git-Tag: SQUID_3_4_0_1~460^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bc6245723592492d8fc77583232b9b6bf98af1b5;p=thirdparty%2Fsquid.git

Parse validation helper response bug

- CertValidationResponse bug: The CertValidationResponse::RecvdError::id is
  not intialized in constructors

- Inside Ssl::CertValidationMsg::parseResponse, after parsing response run
  through the parsed errors for errors.
---

diff --git a/src/ssl/cert_validate_message.cc b/src/ssl/cert_validate_message.cc
index 93c1072f01..ceee3014d2 100644
--- a/src/ssl/cert_validate_message.cc
+++ b/src/ssl/cert_validate_message.cc
@@ -130,6 +130,13 @@ Ssl::CertValidationMsg::parseResponse(CertValidationResponse &resp, STACK_OF(X50
     }
 
     /*Run through parsed errors to check for errors*/
+    typedef Ssl::CertValidationResponse::RecvdErrors::const_iterator SVCRECI;
+    for (SVCRECI i = resp.errors.begin(); i != resp.errors.end(); ++i) {
+        if (i->error_no != SSL_ERROR_NONE) {
+            debugs(83, DBG_IMPORTANT, "WARNING: cert validator incomplete response: Missing error name from error_id: " << i->id);
+            return false;
+        }
+    }
 
     return true;
 }
@@ -161,6 +168,7 @@ Ssl::CertValidationResponse::getError(int errorId)
 
 Ssl::CertValidationResponse::RecvdError::RecvdError(const RecvdError &old)
 {
+    id = old.id;
     error_no = old.error_no;
     error_reason = old.error_reason;
     setCert(old.cert.get());
@@ -168,6 +176,7 @@ Ssl::CertValidationResponse::RecvdError::RecvdError(const RecvdError &old)
 
 Ssl::CertValidationResponse::RecvdError & Ssl::CertValidationResponse::RecvdError::operator = (const RecvdError &old)
 {
+    id = old.id;
     error_no = old.error_no;
     error_reason = old.error_reason;
     setCert(old.cert.get());