#include "squid.h"
#include "acl/Checklist.h"
#include "acl/SslErrorData.h"
-#include "wordlist.h"
+#include "ssl/ErrorDetail.h"
-ACLSslErrorData::ACLSslErrorData() : values (NULL)
+ACLSslErrorData::ACLSslErrorData(ACLSslErrorData const &o) :
+ values(o.values)
{}
-ACLSslErrorData::ACLSslErrorData(ACLSslErrorData const &old) : values (NULL)
-{
- assert (!old.values);
-}
-
-ACLSslErrorData::~ACLSslErrorData()
-{
- if (values)
- delete values;
-}
-
bool
ACLSslErrorData::match(const Ssl::CertErrors *toFind)
{
- for (const Ssl::CertErrors *err = toFind; err; err = err->next ) {
- if (values->findAndTune(err->element.code))
+ for (const auto *err = toFind; err; err = err->next) {
+ if (values.count(err->element.code))
return true;
}
return false;
}
-/* explicit instantiation required for some systems */
-/** \cond AUTODOCS_IGNORE */
-// AYJ: 2009-05-20 : Removing. clashes with template <int> instantiation for other ACLs.
-// template cbdata_type Ssl::Errors::CBDATA_CbDataList;
-/** \endcond */
-
SBufList
ACLSslErrorData::dump() const
{
SBufList sl;
- Ssl::Errors *data = values;
- while (data != NULL) {
- sl.push_back(SBuf(Ssl::GetErrorName(data->element)));
- data = data->next;
+ for (const auto &e : values) {
+ sl.push_back(SBuf(Ssl::GetErrorName(e)));
}
return sl;
}
void
ACLSslErrorData::parse()
{
- Ssl::Errors **Tail;
-
- for (Tail = &values; *Tail; Tail = &((*Tail)->next));
while (char *t = ConfigParser::strtokFile()) {
- Ssl::Errors *q = Ssl::ParseErrorString(t);
- *(Tail) = q;
- Tail = &q->tail()->next;
+ Ssl::ParseErrorString(t, values);
}
}
-bool
-ACLSslErrorData::empty() const
-{
- return values == NULL;
-}
-
ACLSslErrorData *
ACLSslErrorData::clone() const
{
- /* Splay trees don't clone yet. */
- assert (!values);
return new ACLSslErrorData(*this);
}
#include "acl/Acl.h"
#include "acl/Data.h"
-#include "base/CbDataList.h"
-#include "ssl/ErrorDetail.h"
#include "ssl/support.h"
-#include <vector>
class ACLSslErrorData : public ACLData<const Ssl::CertErrors *>
{
MEMPROXY_CLASS(ACLSslErrorData);
public:
- ACLSslErrorData();
+ ACLSslErrorData() = default;
ACLSslErrorData(ACLSslErrorData const &);
ACLSslErrorData &operator= (ACLSslErrorData const &);
- virtual ~ACLSslErrorData();
+ virtual ~ACLSslErrorData() {}
bool match(const Ssl::CertErrors *);
virtual SBufList dump() const;
void parse();
- bool empty() const;
+ bool empty() const { return values.empty(); }
virtual ACLSslErrorData *clone() const;
- Ssl::Errors *values;
+ Security::Errors values;
};
#endif /* SQUID_ACLSSL_ERRORDATA_H */
#endif
#endif
#include <list>
+#include <unordered_set>
#if USE_OPENSSL
// Macro to be used to define the C++ wrapper functor of the sk_*_pop_free
/// Squid defined error code (<0), an error code returned by X.509 API, or SSL_ERROR_NONE
typedef int ErrorCode;
+/// set of Squid defined TLS error codes
+/// \note using std::unordered_set ensures values are unique, with fast lookup
+typedef std::unordered_set<Security::ErrorCode> Errors;
+
class KeyData;
class PeerConnector;
class PeerOptions;
return SSL_ERROR_NONE;
}
-Ssl::Errors *
-Ssl::ParseErrorString(const char *name)
+bool
+Ssl::ParseErrorString(const char *name, Security::Errors &errors)
{
assert(name);
const Security::ErrorCode ssl_error = GetErrorCode(name);
- if (ssl_error != SSL_ERROR_NONE)
- return new Ssl::Errors(ssl_error);
+ if (ssl_error != SSL_ERROR_NONE) {
+ errors.emplace(ssl_error);
+ return true;
+ }
if (xisdigit(*name)) {
const long int value = strtol(name, NULL, 0);
- if (SQUID_SSL_ERROR_MIN <= value && value <= SQUID_SSL_ERROR_MAX)
- return new Ssl::Errors(value);
- fatalf("Too small or too bug SSL error code '%s'", name);
+ if (SQUID_SSL_ERROR_MIN <= value && value <= SQUID_SSL_ERROR_MAX) {
+ errors.emplace(value);
+ return true;
+ }
+ fatalf("Too small or too big TLS error code '%s'", name);
}
if (TheSslErrorShortcuts.empty())
if (it != TheSslErrorShortcuts.end()) {
// Should not be empty...
assert(it->second[0] != SSL_ERROR_NONE);
- Ssl::Errors *errors = new Ssl::Errors(it->second[0]);
- for (int i =1; it->second[i] != SSL_ERROR_NONE; ++i) {
- errors->push_back_unique(it->second[i]);
+ for (int i = 0; it->second[i] != SSL_ERROR_NONE; ++i) {
+ errors.emplace(it->second[i]);
}
- return errors;
+ return true;
}
- fatalf("Unknown SSL error name '%s'", name);
- return NULL; // not reached
+ fatalf("Unknown TLS error name '%s'", name);
+ return false; // not reached
}
const char *Ssl::GetErrorName(Security::ErrorCode value)
namespace Ssl
{
/**
- \ingroup ServerProtocolSSLAPI
- * Converts user-friendly error "name" into an Ssl::Errors list.
- * The resulting list may have one or more elements, and needs to be
- * released by the caller.
+ * Converts user-friendly error "name" into an Security::ErrorCode
+ * and adds it to the provided container (using emplace).
* This function can handle numeric error numbers as well as names.
*/
-Ssl::Errors *ParseErrorString(const char *name);
+bool ParseErrorString(const char *name, Security::Errors &);
/// The Security::ErrorCode code of the error described by "name".
Security::ErrorCode GetErrorCode(const char *name);
/// A short description of the TLS error "value"
const char *GetErrorDescr(Security::ErrorCode value);
-/**
- \ingroup ServerProtocolSSLAPI
- * Return true if the SSL error is optional and may not supported
- * by current squid version
- */
-
+/// \return true if the TLS error is optional and may not be supported by current squid version
bool ErrorIsOptional(const char *name);
/**
- \ingroup ServerProtocolSSLAPI
* Used to pass SSL error details to the error pages returned to the
* end user.
*/
/// call before generating any SSL context
void Initialize();
-typedef CbDataList<Security::ErrorCode> Errors;
-
class ErrorDetail;
class CertValidationResponse;
typedef RefCount<CertValidationResponse> CertValidationResponsePointer;