On 12/01/2010 01:16 PM, Amos Jeffries wrote:
On 30/11/10 23:16, Tsantilas Christos wrote:
Hi all,
This patch adds an interface to allow Squid error responses to contain
detailed information about SSL certificate verification failure. For
example, the error message may contain the following text:
"Server Certificate Verification Failed: Certificate Common Name
(www.lufthansa.com) does not match the host name you are connecting to
(www.lufthansa.de)."
Supplying SSL error details is useful to end-users if the user can
bypass errors or communicate with proxy operators to update Squid's
whitelists.
For more informations please look inside patch documentation.
This is a Measurement Factory project.
Regards,
Christos
(I'm still not here for a day or so, will check the patch then).
Right now I just want to raw your attention to %Z which is for use as an
internal error messages like this.
Yes, I saw this formating code but it is documented as "preformated
error message". The new code is not exactly like this.
Doing the Ssl recursion logic in the case where err_msg is empty for %Z
seems to be possible without adding a new code to existing page.
Alternatively, ESI appears to be the only code using err_msg. You could
followup with a patch which alters ESI to use the same *::ErrorDetails
recursion API and drop err_msg entirely. :)
I agree it will be good to merge two codes to one.
In this case we should define a base ErrorDetail class as follows:
class ErrorDetail{
public:
virtual const String &toString() const;
}
And define a new class ESI::ErrorDetail for the ESI.
But the same we should do with %z (dns server error message), ftp
related formating codes, %m (Error message returned by auth helper), %o
(Message returned external acl helper) and maybe other formating codes.
This project was just for SSL related error details, but I hope it is
written in such way that it will be easy for us to extend it and support
error details from other modules to.
Also I think with a little work can be extended to use language
templates in the future.
Regards,
Christos
Amos
