From: Christos Tsantilas Date: Fri, 13 May 2011 21:04:03 +0000 (+0300) Subject: Separate SSL error detail name and message X-Git-Tag: take07~16^2~14 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e4a8468d7c0a09e6c8284111c82a7940d3477754;p=thirdparty%2Fsquid.git Separate SSL error detail name and message Currently, SSL error detail in Squid-generated error pages (%D) contains both the error name and the explanation text. Some folks using this feature want to render the two pieces of information differently because the error name is not something most end-users should read or focus on. This patch adds the "%x" error page formating code which prints the error name, and removes the error name (%err_name) from SSL error detail messages. This is a Measurement Factory project --- diff --git a/src/cf.data.pre b/src/cf.data.pre index 72351a6448..9d7fb39cde 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -6034,6 +6034,7 @@ DOC_START (HTTPS URLs terminate with *) %u - Full canonical URL from client %w - Admin email from squid.conf + %x - Error name %% - Literal percent (%) code DOC_END diff --git a/src/errorpage.cc b/src/errorpage.cc index 8c8308b802..563f10af24 100644 --- a/src/errorpage.cc +++ b/src/errorpage.cc @@ -922,6 +922,13 @@ ErrorState::Convert(char token, bool building_deny_info_url, bool allowRecursion no_urlescape = 1; break; + case 'x': + if (detail) + mb.Printf("%s", detail->errorName()); + else if (!building_deny_info_url) + p = "[Unknown Error Code]"; + break; + case 'z': if (building_deny_info_url) break; if (dnsError.size() > 0) diff --git a/src/errorpage.h b/src/errorpage.h index bd7a52dae7..26d790f513 100644 --- a/src/errorpage.h +++ b/src/errorpage.h @@ -80,6 +80,7 @@ u - URL with password x w - cachemgr email address x W - error data (to be included in the mailto links) + x - error name x z - dns server error message x Z - Preformatted error message x \endverbatim diff --git a/src/ssl/ErrorDetail.cc b/src/ssl/ErrorDetail.cc index 27190a5e58..7c44cf774e 100644 --- a/src/ssl/ErrorDetail.cc +++ b/src/ssl/ErrorDetail.cc @@ -19,133 +19,133 @@ SslErrorDetails TheSslDetail; static SslErrorDetailEntry TheSslDetailArray[] = { {X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT, "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT", - "%err_name: SSL Certficate error: certificate issuer (CA) not known: %ssl_ca_name", + "SSL Certficate error: certificate issuer (CA) not known: %ssl_ca_name", "Unable to get issuer certificate"}, {X509_V_ERR_UNABLE_TO_GET_CRL, "X509_V_ERR_UNABLE_TO_GET_CRL", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Unable to get certificate CRL"}, {X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE, "X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Unable to decrypt certificate's signature"}, {X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, "X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Unable to decrypt CRL's signature"}, {X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, "X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY", - "%err_name: Unable to decode issuer (CA) public key: %ssl_ca_name", + "Unable to decode issuer (CA) public key: %ssl_ca_name", "Unable to decode issuer public key"}, {X509_V_ERR_CERT_SIGNATURE_FAILURE, "X509_V_ERR_CERT_SIGNATURE_FAILURE", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Certificate signature failure"}, {X509_V_ERR_CRL_SIGNATURE_FAILURE, "X509_V_ERR_CRL_SIGNATURE_FAILURE", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "CRL signature failure"}, {X509_V_ERR_CERT_NOT_YET_VALID, "X509_V_ERR_CERT_NOT_YET_VALID", - "%err_name: SSL Certficate is not valid before: %ssl_notbefore", + "SSL Certficate is not valid before: %ssl_notbefore", "Certificate is not yet valid"}, {X509_V_ERR_CERT_HAS_EXPIRED, "X509_V_ERR_CERT_HAS_EXPIRED", - "%err_name: SSL Certificate expired on: %ssl_notafter", + "SSL Certificate expired on: %ssl_notafter", "Certificate has expired"}, {X509_V_ERR_CRL_NOT_YET_VALID, "X509_V_ERR_CRL_NOT_YET_VALID", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "CRL is not yet valid"}, {X509_V_ERR_CRL_HAS_EXPIRED, "X509_V_ERR_CRL_HAS_EXPIRED", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "CRL has expired"}, {X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD, "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD", - "%err_name: SSL Certificate has invalid start date (the 'not before' field): %ssl_subject", + "SSL Certificate has invalid start date (the 'not before' field): %ssl_subject", "Format error in certificate's notBefore field"}, {X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD, "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD", - "%err_name: SSL Certificate has invalid expiration date (the 'not after' field): %ssl_subject", + "SSL Certificate has invalid expiration date (the 'not after' field): %ssl_subject", "Format error in certificate's notAfter field"}, {X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD, "X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Format error in CRL's lastUpdate field"}, {X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD, "X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Format error in CRL's nextUpdate field"}, {X509_V_ERR_OUT_OF_MEM, "X509_V_ERR_OUT_OF_MEM", - "%err_name: %ssl_error_descr", + "%ssl_error_descr", "Out of memory"}, {X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT", - "%err_name: Self-signed SSL Certificate: %ssl_subject", + "Self-signed SSL Certificate: %ssl_subject", "Self signed certificate"}, {X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN", - "%err_name: Self-signed SSL Certificate in chain: %ssl_subject", + "Self-signed SSL Certificate in chain: %ssl_subject", "Self signed certificate in certificate chain"}, {X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY", - "%err_name: SSL Certficate error: certificate issuer (CA) not known: %ssl_ca_name", + "SSL Certficate error: certificate issuer (CA) not known: %ssl_ca_name", "Unable to get local issuer certificate"}, {X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, "X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Unable to verify the first certificate"}, {X509_V_ERR_CERT_CHAIN_TOO_LONG, "X509_V_ERR_CERT_CHAIN_TOO_LONG", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Certificate chain too long"}, {X509_V_ERR_CERT_REVOKED, "X509_V_ERR_CERT_REVOKED", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Certificate revoked"}, {X509_V_ERR_INVALID_CA, "X509_V_ERR_INVALID_CA", - "%err_name: %ssl_error_descr: %ssl_ca_name", + "%ssl_error_descr: %ssl_ca_name", "Invalid CA certificate"}, {X509_V_ERR_PATH_LENGTH_EXCEEDED, "X509_V_ERR_PATH_LENGTH_EXCEEDED", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Path length constraint exceeded"}, {X509_V_ERR_INVALID_PURPOSE, "X509_V_ERR_INVALID_PURPOSE", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Unsupported certificate purpose"}, {X509_V_ERR_CERT_UNTRUSTED, "X509_V_ERR_CERT_UNTRUSTED", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Certificate not trusted"}, {X509_V_ERR_CERT_REJECTED, "X509_V_ERR_CERT_REJECTED", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Certificate rejected"}, {X509_V_ERR_SUBJECT_ISSUER_MISMATCH, "X509_V_ERR_SUBJECT_ISSUER_MISMATCH", - "%err_name: %ssl_error_descr: %ssl_ca_name", + "%ssl_error_descr: %ssl_ca_name", "Subject issuer mismatch"}, {X509_V_ERR_AKID_SKID_MISMATCH, "X509_V_ERR_AKID_SKID_MISMATCH", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Authority and subject key identifier mismatch"}, {X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH, "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH", - "%err_name: %ssl_error_descr: %ssl_ca_name", + "%ssl_error_descr: %ssl_ca_name", "Authority and issuer serial number mismatch"}, {X509_V_ERR_KEYUSAGE_NO_CERTSIGN, "X509_V_ERR_KEYUSAGE_NO_CERTSIGN", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Key usage does not include certificate signing"}, {X509_V_ERR_APPLICATION_VERIFICATION, "X509_V_ERR_APPLICATION_VERIFICATION", - "%err_name: %ssl_error_descr: %ssl_subject", + "%ssl_error_descr: %ssl_subject", "Application verification failure"}, - { SSL_ERROR_NONE, "SSL_ERROR_NONE", "%err_name: No error", "No error" }, + { SSL_ERROR_NONE, "SSL_ERROR_NONE", "No error", "No error" }, {SSL_ERROR_NONE, NULL, NULL, NULL } }; diff --git a/src/ssl/ErrorDetail.h b/src/ssl/ErrorDetail.h index 4fac73ce03..32486bb88c 100644 --- a/src/ssl/ErrorDetail.h +++ b/src/ssl/ErrorDetail.h @@ -49,6 +49,8 @@ public: ErrorDetail(ssl_error_t err_no, X509 *cert); ErrorDetail(ErrorDetail const &); const String &toString() const; ///< An error detail string to embed in squid error pages + /// The error name to embed in squid error pages + const char *errorName() const {return err_code();} private: typedef const char * (ErrorDetail::*fmt_action_t)() const;