squid: Update to 3.3.10 + SSL options fix.
[ipfire-2.x.git] / src / patches / squid-3.3.10-optional-ssl-options.patch
1 From: http://bazaar.launchpad.net/~squid/squid/3-trunk/revision/13115
2
3 Committer: Christos Tsantilas
4 Date: 2013-11-07 10:46:14 UTC
5 Revision ID: chtsanti@users.sourceforge.net-20131107104614-s3a9kzlkgm7x9rhf
6
7 http://bugs.squid-cache.org/show_bug.cgi?id=3936
8 Bug 3936: error-details.txt parse error
9
10 Squid fails parsing error-details.txt template when one or more listed OpenSSL
11 errors are not supported on running platform.
12 This patch add a hardcoded list of OpenSSL errors wich can be optional.
13
14 This is a Measurement Factory project
15
16 === modified file 'src/ssl/ErrorDetail.cc'
17 --- src/ssl/ErrorDetail.cc 2013-07-31 00:13:04 +0000
18 +++ src/ssl/ErrorDetail.cc 2013-11-07 10:46:14 +0000
19 @@ -221,6 +221,31 @@
20 {SSL_ERROR_NONE, NULL}
21 };
22
23 +static const char *OptionalSslErrors[] = {
24 + "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER",
25 + "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION",
26 + "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN",
27 + "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION",
28 + "X509_V_ERR_INVALID_NON_CA",
29 + "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED",
30 + "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE",
31 + "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED",
32 + "X509_V_ERR_INVALID_EXTENSION",
33 + "X509_V_ERR_INVALID_POLICY_EXTENSION",
34 + "X509_V_ERR_NO_EXPLICIT_POLICY",
35 + "X509_V_ERR_DIFFERENT_CRL_SCOPE",
36 + "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE",
37 + "X509_V_ERR_UNNESTED_RESOURCE",
38 + "X509_V_ERR_PERMITTED_VIOLATION",
39 + "X509_V_ERR_EXCLUDED_VIOLATION",
40 + "X509_V_ERR_SUBTREE_MINMAX",
41 + "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE",
42 + "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX",
43 + "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX",
44 + "X509_V_ERR_CRL_PATH_VALIDATION_ERROR",
45 + NULL
46 +};
47 +
48 struct SslErrorAlias {
49 const char *name;
50 const Ssl::ssl_error_t *errors;
51 @@ -331,6 +356,16 @@
52 return NULL;
53 }
54
55 +bool
56 +Ssl::ErrorIsOptional(const char *name)
57 +{
58 + for (int i = 0; OptionalSslErrors[i] != NULL; ++i) {
59 + if (strcmp(name, OptionalSslErrors[i]) == 0)
60 + return true;
61 + }
62 + return false;
63 +}
64 +
65 const char *
66 Ssl::GetErrorDescr(Ssl::ssl_error_t value)
67 {
68
69 === modified file 'src/ssl/ErrorDetail.h'
70 --- src/ssl/ErrorDetail.h 2013-05-30 10:10:29 +0000
71 +++ src/ssl/ErrorDetail.h 2013-11-07 10:46:14 +0000
72 @@ -40,6 +40,14 @@
73
74 /**
75 \ingroup ServerProtocolSSLAPI
76 + * Return true if the SSL error is optional and may not supported
77 + * by current squid version
78 + */
79 +
80 +bool ErrorIsOptional(const char *name);
81 +
82 +/**
83 + \ingroup ServerProtocolSSLAPI
84 * Used to pass SSL error details to the error pages returned to the
85 * end user.
86 */
87
88 === modified file 'src/ssl/ErrorDetailManager.cc'
89 --- src/ssl/ErrorDetailManager.cc 2013-10-25 00:13:46 +0000
90 +++ src/ssl/ErrorDetailManager.cc 2013-11-07 10:46:14 +0000
91 @@ -218,32 +218,35 @@
92 }
93
94 Ssl::ssl_error_t ssl_error = Ssl::GetErrorCode(errorName.termedBuf());
95 - if (ssl_error == SSL_ERROR_NONE) {
96 + if (ssl_error != SSL_ERROR_NONE) {
97 +
98 + if (theDetails->getErrorDetail(ssl_error)) {
99 + debugs(83, DBG_IMPORTANT, HERE <<
100 + "WARNING! duplicate entry: " << errorName);
101 + return false;
102 + }
103 +
104 + ErrorDetailEntry &entry = theDetails->theList[ssl_error];
105 + entry.error_no = ssl_error;
106 + entry.name = errorName;
107 + String tmp = parser.getByName("detail");
108 + httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail);
109 + tmp = parser.getByName("descr");
110 + httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr);
111 + bool parseOK = entry.descr.defined() && entry.detail.defined();
112 +
113 + if (!parseOK) {
114 + debugs(83, DBG_IMPORTANT, HERE <<
115 + "WARNING! missing important field for detail error: " << errorName);
116 + return false;
117 + }
118 +
119 + } else if (!Ssl::ErrorIsOptional(errorName.termedBuf())) {
120 debugs(83, DBG_IMPORTANT, HERE <<
121 "WARNING! invalid error detail name: " << errorName);
122 return false;
123 }
124
125 - if (theDetails->getErrorDetail(ssl_error)) {
126 - debugs(83, DBG_IMPORTANT, HERE <<
127 - "WARNING! duplicate entry: " << errorName);
128 - return false;
129 - }
130 -
131 - ErrorDetailEntry &entry = theDetails->theList[ssl_error];
132 - entry.error_no = ssl_error;
133 - entry.name = errorName;
134 - String tmp = parser.getByName("detail");
135 - httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail);
136 - tmp = parser.getByName("descr");
137 - httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr);
138 - bool parseOK = entry.descr.defined() && entry.detail.defined();
139 -
140 - if (!parseOK) {
141 - debugs(83, DBG_IMPORTANT, HERE <<
142 - "WARNING! missing imporant field for detail error: " << errorName);
143 - return false;
144 - }
145 }// else {only spaces and black lines; just ignore}
146
147 buf.consume(size);
148