src/patches/squid-3.3.10-optional-ssl-options.patch

   1 From: http://bazaar.launchpad.net/~squid/squid/3-trunk/revision/13115
   2
   3 Committer: Christos Tsantilas
   4 Date: 2013-11-07 10:46:14 UTC
   5 Revision ID: chtsanti@users.sourceforge.net-20131107104614-s3a9kzlkgm7x9rhf
   6
   7 http://bugs.squid-cache.org/show_bug.cgi?id=3936
   8 Bug 3936: error-details.txt parse error
   9
  10 Squid fails parsing error-details.txt template when one or more listed OpenSSL
  11 errors are not supported on running platform.
  12 This patch add a hardcoded list of OpenSSL errors wich can be optional.
  13
  14 This is a Measurement Factory project
  15
  16 === modified file 'src/ssl/ErrorDetail.cc'
  17 --- src/ssl/ErrorDetail.cc      2013-07-31 00:13:04 +0000
  18 +++ src/ssl/ErrorDetail.cc      2013-11-07 10:46:14 +0000
  19 @@ -221,6 +221,31 @@
  20      {SSL_ERROR_NONE, NULL}
  21  };
  22
  23 +static const char *OptionalSslErrors[] = {
  24 +    "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER",
  25 +    "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION",
  26 +    "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN",
  27 +    "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION",
  28 +    "X509_V_ERR_INVALID_NON_CA",
  29 +    "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED",
  30 +    "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE",
  31 +    "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED",
  32 +    "X509_V_ERR_INVALID_EXTENSION",
  33 +    "X509_V_ERR_INVALID_POLICY_EXTENSION",
  34 +    "X509_V_ERR_NO_EXPLICIT_POLICY",
  35 +    "X509_V_ERR_DIFFERENT_CRL_SCOPE",
  36 +    "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE",
  37 +    "X509_V_ERR_UNNESTED_RESOURCE",
  38 +    "X509_V_ERR_PERMITTED_VIOLATION",
  39 +    "X509_V_ERR_EXCLUDED_VIOLATION",
  40 +    "X509_V_ERR_SUBTREE_MINMAX",
  41 +    "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE",
  42 +    "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX",
  43 +    "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX",
  44 +    "X509_V_ERR_CRL_PATH_VALIDATION_ERROR",
  45 +    NULL
  46 +};
  47 +
  48  struct SslErrorAlias {
  49      const char *name;
  50      const Ssl::ssl_error_t *errors;
  51 @@ -331,6 +356,16 @@
  52      return NULL;
  53  }
  54
  55 +bool
  56 +Ssl::ErrorIsOptional(const char *name)
  57 +{
  58 +    for (int i = 0; OptionalSslErrors[i] != NULL; ++i) {
  59 +        if (strcmp(name, OptionalSslErrors[i]) == 0)
  60 +            return true;
  61 +    }
  62 +    return false;
  63 +}
  64 +
  65  const char *
  66  Ssl::GetErrorDescr(Ssl::ssl_error_t value)
  67  {
  68
  69 === modified file 'src/ssl/ErrorDetail.h'
  70 --- src/ssl/ErrorDetail.h       2013-05-30 10:10:29 +0000
  71 +++ src/ssl/ErrorDetail.h       2013-11-07 10:46:14 +0000
  72 @@ -40,6 +40,14 @@
  73
  74  /**
  75     \ingroup ServerProtocolSSLAPI
  76 +   * Return true if the SSL error is optional and may not supported
  77 +   * by current squid version
  78 + */
  79 +
  80 +bool ErrorIsOptional(const char *name);
  81 +
  82 +/**
  83 +   \ingroup ServerProtocolSSLAPI
  84   * Used to pass SSL error details to the error pages returned to the
  85   * end user.
  86   */
  87
  88 === modified file 'src/ssl/ErrorDetailManager.cc'
  89 --- src/ssl/ErrorDetailManager.cc       2013-10-25 00:13:46 +0000
  90 +++ src/ssl/ErrorDetailManager.cc       2013-11-07 10:46:14 +0000
  91 @@ -218,32 +218,35 @@
  92              }
  93
  94              Ssl::ssl_error_t ssl_error = Ssl::GetErrorCode(errorName.termedBuf());
  95 -            if (ssl_error == SSL_ERROR_NONE) {
  96 +            if (ssl_error != SSL_ERROR_NONE) {
  97 +
  98 +                if (theDetails->getErrorDetail(ssl_error)) {
  99 +                    debugs(83, DBG_IMPORTANT, HERE <<
 100 +                           "WARNING! duplicate entry: " << errorName);
 101 +                    return false;
 102 +                }
 103 +
 104 +                ErrorDetailEntry &entry = theDetails->theList[ssl_error];
 105 +                entry.error_no = ssl_error;
 106 +                entry.name = errorName;
 107 +                String tmp = parser.getByName("detail");
 108 +                httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail);
 109 +                tmp = parser.getByName("descr");
 110 +                httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr);
 111 +                bool parseOK = entry.descr.defined() && entry.detail.defined();
 112 +
 113 +                if (!parseOK) {
 114 +                    debugs(83, DBG_IMPORTANT, HERE <<
 115 +                           "WARNING! missing important field for detail error: " <<  errorName);
 116 +                    return false;
 117 +                }
 118 +
 119 +            } else if (!Ssl::ErrorIsOptional(errorName.termedBuf())) {
 120                  debugs(83, DBG_IMPORTANT, HERE <<
 121                         "WARNING! invalid error detail name: " << errorName);
 122                  return false;
 123              }
 124
 125 -            if (theDetails->getErrorDetail(ssl_error)) {
 126 -                debugs(83, DBG_IMPORTANT, HERE <<
 127 -                       "WARNING! duplicate entry: " << errorName);
 128 -                return false;
 129 -            }
 130 -
 131 -            ErrorDetailEntry &entry = theDetails->theList[ssl_error];
 132 -            entry.error_no = ssl_error;
 133 -            entry.name = errorName;
 134 -            String tmp = parser.getByName("detail");
 135 -            httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail);
 136 -            tmp = parser.getByName("descr");
 137 -            httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr);
 138 -            bool parseOK = entry.descr.defined() && entry.detail.defined();
 139 -
 140 -            if (!parseOK) {
 141 -                debugs(83, DBG_IMPORTANT, HERE <<
 142 -                       "WARNING! missing imporant field for detail error: " <<  errorName);
 143 -                return false;
 144 -            }
 145          }// else {only spaces and black lines; just ignore}
 146
 147          buf.consume(size);
 148