From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Sun, 10 Nov 2013 22:59:57 +0000 (-0700)
Subject: Bug 3936: error-details.txt parse error
X-Git-Tag: SQUID_3_3_11~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7e78a07b7a9d71bd46ac6b8a7e6378c523f16e18;p=thirdparty%2Fsquid.git

Bug 3936: error-details.txt parse error

Squid fails parsing error-details.txt template when one or more listed
OpenSSL errors are not supported on running platform.
This patch add a hardcoded list of OpenSSL errors wich can be optional.

This is a Measurement Factory project
---

diff --git a/src/ssl/ErrorDetail.cc b/src/ssl/ErrorDetail.cc
index 407b46eec7..6bdef07210 100644
--- a/src/ssl/ErrorDetail.cc
+++ b/src/ssl/ErrorDetail.cc
@@ -219,6 +219,31 @@ static SslErrorEntry TheSslErrorArray[] = {
     {SSL_ERROR_NONE, NULL}
 };
 
+static const char *OptionalSslErrors[] = {
+    "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER",
+    "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION",
+    "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN",
+    "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION",
+    "X509_V_ERR_INVALID_NON_CA",
+    "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED",
+    "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE",
+    "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED",
+    "X509_V_ERR_INVALID_EXTENSION",
+    "X509_V_ERR_INVALID_POLICY_EXTENSION",
+    "X509_V_ERR_NO_EXPLICIT_POLICY",
+    "X509_V_ERR_DIFFERENT_CRL_SCOPE",
+    "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE",
+    "X509_V_ERR_UNNESTED_RESOURCE",
+    "X509_V_ERR_PERMITTED_VIOLATION",
+    "X509_V_ERR_EXCLUDED_VIOLATION",
+    "X509_V_ERR_SUBTREE_MINMAX",
+    "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE",
+    "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX",
+    "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX",
+    "X509_V_ERR_CRL_PATH_VALIDATION_ERROR",
+    NULL
+};
+
 struct SslErrorAlias {
     const char *name;
     const Ssl::ssl_error_t *errors;
@@ -329,6 +354,16 @@ const char *Ssl::GetErrorName(Ssl::ssl_error_t value)
     return NULL;
 }
 
+bool
+Ssl::ErrorIsOptional(const char *name)
+{
+    for (int i = 0; OptionalSslErrors[i] != NULL; ++i) {
+        if (strcmp(name, OptionalSslErrors[i]) == 0)
+            return true;
+    }
+    return false;
+}
+
 const char *
 Ssl::GetErrorDescr(Ssl::ssl_error_t value)
 {
diff --git a/src/ssl/ErrorDetail.h b/src/ssl/ErrorDetail.h
index 9a4cc0ae53..f5fc700a58 100644
--- a/src/ssl/ErrorDetail.h
+++ b/src/ssl/ErrorDetail.h
@@ -40,6 +40,14 @@ const char *GetErrorName(ssl_error_t value);
  */
 const char *GetErrorDescr(ssl_error_t value);
 
+/**
+   \ingroup ServerProtocolSSLAPI
+   * Return true if the SSL error is optional and may not supported
+   * by current squid version
+ */
+
+bool ErrorIsOptional(const char *name);
+
 /**
    \ingroup ServerProtocolSSLAPI
  * Used to pass SSL error details to the error pages returned to the
diff --git a/src/ssl/ErrorDetailManager.cc b/src/ssl/ErrorDetailManager.cc
index 0e4ae9560b..0cd30a2fab 100644
--- a/src/ssl/ErrorDetailManager.cc
+++ b/src/ssl/ErrorDetailManager.cc
@@ -218,32 +218,35 @@ Ssl::ErrorDetailFile::parse(const char *buffer, int len, bool eof)
             }
 
             Ssl::ssl_error_t ssl_error = Ssl::GetErrorCode(errorName.termedBuf());
-            if (ssl_error == SSL_ERROR_NONE) {
-                debugs(83, DBG_IMPORTANT, HERE <<
-                       "WARNING! invalid error detail name: " << errorName);
-                return false;
-            }
+            if (ssl_error != SSL_ERROR_NONE) {
 
-            if (theDetails->getErrorDetail(ssl_error)) {
-                debugs(83, DBG_IMPORTANT, HERE <<
-                       "WARNING! duplicate entry: " << errorName);
-                return false;
-            }
+                if (theDetails->getErrorDetail(ssl_error)) {
+                    debugs(83, DBG_IMPORTANT, HERE <<
+                           "WARNING! duplicate entry: " << errorName);
+                    return false;
+                }
 
-            ErrorDetailEntry &entry = theDetails->theList[ssl_error];
-            entry.error_no = ssl_error;
-            entry.name = errorName;
-            String tmp = parser.getByName("detail");
-            httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail);
-            tmp = parser.getByName("descr");
-            httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr);
-            bool parseOK = entry.descr.defined() && entry.detail.defined();
+                ErrorDetailEntry &entry = theDetails->theList[ssl_error];
+                entry.error_no = ssl_error;
+                entry.name = errorName;
+                String tmp = parser.getByName("detail");
+                httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail);
+                tmp = parser.getByName("descr");
+                httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr);
+                bool parseOK = entry.descr.defined() && entry.detail.defined();
+
+                if (!parseOK) {
+                    debugs(83, DBG_IMPORTANT, HERE <<
+                           "WARNING! missing important field for detail error: " <<  errorName);
+                    return false;
+                }
 
-            if (!parseOK) {
+            } else if (!Ssl::ErrorIsOptional(errorName.termedBuf())) {
                 debugs(83, DBG_IMPORTANT, HERE <<
-                       "WARNING! missing imporant field for detail error: " <<  errorName);
+                       "WARNING! invalid error detail name: " << errorName);
                 return false;
             }
+
         }// else {only spaces and black lines; just ignore}
 
         buf.consume(size);