[ipfire-2.x.git] / src / patches / squid-3.3.10-optional-ssl-options.patch

From: http://bazaar.launchpad.net/~squid/squid/3-trunk/revision/13115

Committer: Christos Tsantilas
Date: 2013-11-07 10:46:14 UTC
Revision ID: chtsanti@users.sourceforge.net-20131107104614-s3a9kzlkgm7x9rhf

http://bugs.squid-cache.org/show_bug.cgi?id=3936
Bug 3936: error-details.txt parse error

Squid fails parsing error-details.txt template when one or more listed OpenSSL
errors are not supported on running platform.
This patch add a hardcoded list of OpenSSL errors wich can be optional.

This is a Measurement Factory project

=== modified file 'src/ssl/ErrorDetail.cc'
--- src/ssl/ErrorDetail.cc	2013-07-31 00:13:04 +0000
+++ src/ssl/ErrorDetail.cc	2013-11-07 10:46:14 +0000
@@ -221,6 +221,31 @@
     {SSL_ERROR_NONE, NULL}
 };
 
+static const char *OptionalSslErrors[] = {
+    "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER",
+    "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION",
+    "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN",
+    "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION",
+    "X509_V_ERR_INVALID_NON_CA",
+    "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED",
+    "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE",
+    "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED",
+    "X509_V_ERR_INVALID_EXTENSION",
+    "X509_V_ERR_INVALID_POLICY_EXTENSION",
+    "X509_V_ERR_NO_EXPLICIT_POLICY",
+    "X509_V_ERR_DIFFERENT_CRL_SCOPE",
+    "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE",
+    "X509_V_ERR_UNNESTED_RESOURCE",
+    "X509_V_ERR_PERMITTED_VIOLATION",
+    "X509_V_ERR_EXCLUDED_VIOLATION",
+    "X509_V_ERR_SUBTREE_MINMAX",
+    "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE",
+    "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX",
+    "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX",
+    "X509_V_ERR_CRL_PATH_VALIDATION_ERROR",
+    NULL
+};
+
 struct SslErrorAlias {
     const char *name;
     const Ssl::ssl_error_t *errors;
@@ -331,6 +356,16 @@
     return NULL;
 }
 
+bool
+Ssl::ErrorIsOptional(const char *name)
+{
+    for (int i = 0; OptionalSslErrors[i] != NULL; ++i) {
+        if (strcmp(name, OptionalSslErrors[i]) == 0)
+            return true;
+    }
+    return false;
+}
+
 const char *
 Ssl::GetErrorDescr(Ssl::ssl_error_t value)
 {

=== modified file 'src/ssl/ErrorDetail.h'
--- src/ssl/ErrorDetail.h	2013-05-30 10:10:29 +0000
+++ src/ssl/ErrorDetail.h	2013-11-07 10:46:14 +0000
@@ -40,6 +40,14 @@
 
 /**
    \ingroup ServerProtocolSSLAPI
+   * Return true if the SSL error is optional and may not supported
+   * by current squid version
+ */
+
+bool ErrorIsOptional(const char *name);
+
+/**
+   \ingroup ServerProtocolSSLAPI
  * Used to pass SSL error details to the error pages returned to the
  * end user.
  */

=== modified file 'src/ssl/ErrorDetailManager.cc'
--- src/ssl/ErrorDetailManager.cc	2013-10-25 00:13:46 +0000
+++ src/ssl/ErrorDetailManager.cc	2013-11-07 10:46:14 +0000
@@ -218,32 +218,35 @@
             }
 
             Ssl::ssl_error_t ssl_error = Ssl::GetErrorCode(errorName.termedBuf());
-            if (ssl_error == SSL_ERROR_NONE) {
+            if (ssl_error != SSL_ERROR_NONE) {
+
+                if (theDetails->getErrorDetail(ssl_error)) {
+                    debugs(83, DBG_IMPORTANT, HERE <<
+                           "WARNING! duplicate entry: " << errorName);
+                    return false;
+                }
+
+                ErrorDetailEntry &entry = theDetails->theList[ssl_error];
+                entry.error_no = ssl_error;
+                entry.name = errorName;
+                String tmp = parser.getByName("detail");
+                httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail);
+                tmp = parser.getByName("descr");
+                httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr);
+                bool parseOK = entry.descr.defined() && entry.detail.defined();
+
+                if (!parseOK) {
+                    debugs(83, DBG_IMPORTANT, HERE <<
+                           "WARNING! missing important field for detail error: " <<  errorName);
+                    return false;
+                }
+
+            } else if (!Ssl::ErrorIsOptional(errorName.termedBuf())) {
                 debugs(83, DBG_IMPORTANT, HERE <<
                        "WARNING! invalid error detail name: " << errorName);
                 return false;
             }
 
-            if (theDetails->getErrorDetail(ssl_error)) {
-                debugs(83, DBG_IMPORTANT, HERE <<
-                       "WARNING! duplicate entry: " << errorName);
-                return false;
-            }
-
-            ErrorDetailEntry &entry = theDetails->theList[ssl_error];
-            entry.error_no = ssl_error;
-            entry.name = errorName;
-            String tmp = parser.getByName("detail");
-            httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail);
-            tmp = parser.getByName("descr");
-            httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr);
-            bool parseOK = entry.descr.defined() && entry.detail.defined();
-
-            if (!parseOK) {
-                debugs(83, DBG_IMPORTANT, HERE <<
-                       "WARNING! missing imporant field for detail error: " <<  errorName);
-                return false;
-            }
         }// else {only spaces and black lines; just ignore}
 
         buf.consume(size);
Commit	Line	Data
36b1c191 MT	1	From: http://bazaar.launchpad.net/~squid/squid/3-trunk/revision/13115
	2
	3	Committer: Christos Tsantilas
	4	Date: 2013-11-07 10:46:14 UTC
	5	Revision ID: chtsanti@users.sourceforge.net-20131107104614-s3a9kzlkgm7x9rhf
	6
	7	http://bugs.squid-cache.org/show_bug.cgi?id=3936
	8	Bug 3936: error-details.txt parse error
	9
	10	Squid fails parsing error-details.txt template when one or more listed OpenSSL
	11	errors are not supported on running platform.
	12	This patch add a hardcoded list of OpenSSL errors wich can be optional.
	13
	14	This is a Measurement Factory project
	15
	16	=== modified file 'src/ssl/ErrorDetail.cc'
	17	--- src/ssl/ErrorDetail.cc 2013-07-31 00:13:04 +0000
	18	+++ src/ssl/ErrorDetail.cc 2013-11-07 10:46:14 +0000
	19	@@ -221,6 +221,31 @@
	20	{SSL_ERROR_NONE, NULL}
	21	};
	22
	23	+static const char *OptionalSslErrors[] = {
	24	+ "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER",
	25	+ "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION",
	26	+ "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN",
	27	+ "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION",
	28	+ "X509_V_ERR_INVALID_NON_CA",
	29	+ "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED",
	30	+ "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE",
	31	+ "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED",
	32	+ "X509_V_ERR_INVALID_EXTENSION",
	33	+ "X509_V_ERR_INVALID_POLICY_EXTENSION",
	34	+ "X509_V_ERR_NO_EXPLICIT_POLICY",
	35	+ "X509_V_ERR_DIFFERENT_CRL_SCOPE",
	36	+ "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE",
	37	+ "X509_V_ERR_UNNESTED_RESOURCE",
	38	+ "X509_V_ERR_PERMITTED_VIOLATION",
	39	+ "X509_V_ERR_EXCLUDED_VIOLATION",
	40	+ "X509_V_ERR_SUBTREE_MINMAX",
	41	+ "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE",
	42	+ "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX",
	43	+ "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX",
	44	+ "X509_V_ERR_CRL_PATH_VALIDATION_ERROR",
	45	+ NULL
	46	+};
	47	+
	48	struct SslErrorAlias {
	49	const char *name;
	50	const Ssl::ssl_error_t *errors;
	51	@@ -331,6 +356,16 @@
	52	return NULL;
	53	}
	54
	55	+bool
	56	+Ssl::ErrorIsOptional(const char *name)
	57	+{
	58	+ for (int i = 0; OptionalSslErrors[i] != NULL; ++i) {
	59	+ if (strcmp(name, OptionalSslErrors[i]) == 0)
	60	+ return true;
	61	+ }
	62	+ return false;
	63	+}
	64	+
65	const char *
66	Ssl::GetErrorDescr(Ssl::ssl_error_t value)
67	{
68
69	=== modified file 'src/ssl/ErrorDetail.h'
70	--- src/ssl/ErrorDetail.h 2013-05-30 10:10:29 +0000
71	+++ src/ssl/ErrorDetail.h 2013-11-07 10:46:14 +0000
72	@@ -40,6 +40,14 @@
73
74	/**
75	\ingroup ServerProtocolSSLAPI
76	+ * Return true if the SSL error is optional and may not supported
77	+ * by current squid version
78	+ */
79	+
80	+bool ErrorIsOptional(const char *name);
81	+
82	+/**
83	+ \ingroup ServerProtocolSSLAPI
84	* Used to pass SSL error details to the error pages returned to the
85	* end user.
86	*/
87
88	=== modified file 'src/ssl/ErrorDetailManager.cc'
89	--- src/ssl/ErrorDetailManager.cc 2013-10-25 00:13:46 +0000
90	+++ src/ssl/ErrorDetailManager.cc 2013-11-07 10:46:14 +0000
91	@@ -218,32 +218,35 @@
92	}
93
94	Ssl::ssl_error_t ssl_error = Ssl::GetErrorCode(errorName.termedBuf());
95	- if (ssl_error == SSL_ERROR_NONE) {
96	+ if (ssl_error != SSL_ERROR_NONE) {
97	+
98	+ if (theDetails->getErrorDetail(ssl_error)) {
99	+ debugs(83, DBG_IMPORTANT, HERE <<
100	+ "WARNING! duplicate entry: " << errorName);
101	+ return false;
102	+ }
103	+
104	+ ErrorDetailEntry &entry = theDetails->theList[ssl_error];
105	+ entry.error_no = ssl_error;
106	+ entry.name = errorName;
107	+ String tmp = parser.getByName("detail");
108	+ httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail);
109	+ tmp = parser.getByName("descr");
110	+ httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr);
111	+ bool parseOK = entry.descr.defined() && entry.detail.defined();
112	+
113	+ if (!parseOK) {
114	+ debugs(83, DBG_IMPORTANT, HERE <<
115	+ "WARNING! missing important field for detail error: " << errorName);
116	+ return false;
117	+ }
118	+
119	+ } else if (!Ssl::ErrorIsOptional(errorName.termedBuf())) {
120	debugs(83, DBG_IMPORTANT, HERE <<
121	"WARNING! invalid error detail name: " << errorName);
122	return false;
123	}
124
125	- if (theDetails->getErrorDetail(ssl_error)) {
126	- debugs(83, DBG_IMPORTANT, HERE <<
127	- "WARNING! duplicate entry: " << errorName);
128	- return false;
129	- }
130	-
131	- ErrorDetailEntry &entry = theDetails->theList[ssl_error];
132	- entry.error_no = ssl_error;
133	- entry.name = errorName;
134	- String tmp = parser.getByName("detail");
135	- httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail);
136	- tmp = parser.getByName("descr");
137	- httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr);
138	- bool parseOK = entry.descr.defined() && entry.detail.defined();
139	-
140	- if (!parseOK) {
141	- debugs(83, DBG_IMPORTANT, HERE <<
142	- "WARNING! missing imporant field for detail error: " << errorName);
143	- return false;
144	- }
145	}// else {only spaces and black lines; just ignore}
146
147	buf.consume(size);
148