From: Ricardo Ferreira Ribeiro <garb12@pm.me>
Date: Fri, 30 Jan 2026 09:25:59 +0000 (+0000)
Subject: Restore Security::ErrorDetail::detailEntry initialization (#2364)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d2a59b8b36843953b0f535c983ffc2bbddc5ee82;p=thirdparty%2Fsquid.git

Restore Security::ErrorDetail::detailEntry initialization (#2364)

2023 commit 4e143970 accidentally removed code that was setting
`detailEntry` data member, breaking `%ssl_error_descr` expansion:
`Security::ErrorDetail::printErrorDescription()` would always print
`[Not available]`.

Squid still printed non-configurable request-independent error code
_name_ correctly because the corresponding `printErrorCode()` method
only uses `detailEntry` as a performance optimization.

The effects of this fix are visible, for example, in generated
ERR_SECURE_CONNECT_FAIL error responses:

```diff
- <p>[Not available]: /CN=...</p>
+ <p>Certificate does not match domainname: /CN=...</p>
```

This is a Measurement Factory project.
---

diff --git a/src/security/ErrorDetail.cc b/src/security/ErrorDetail.cc
index f05f74de5b..9b3de592a3 100644
--- a/src/security/ErrorDetail.cc
+++ b/src/security/ErrorDetail.cc
@@ -535,8 +535,12 @@ Security::ErrorDetail::verbose(const HttpRequestPointer &request) const
 {
     std::optional<SBuf> customFormat;
 #if USE_OPENSSL
-    if (const auto errorDetail = Ssl::ErrorDetailsManager::GetInstance().findDetail(error_no, request))
-        customFormat = errorDetail->detail;
+    if (const auto errorDetail = Ssl::ErrorDetailsManager::GetInstance().findDetail(error_no, request)) {
+        detailEntry = *errorDetail;
+        customFormat = detailEntry->detail;
+    } else {
+        detailEntry.reset();
+    }
 #else
     (void)request;
 #endif