Mercurial > hg > freeDiameter
annotate libfdcore/config.c @ 1397:239ba25870d8
Allow parametrizing the number of threads for routing in/out.
This is for high-load situations where freeDiameter was limited
by the corresponding queues.
| author | Thomas Klausner <tk@giga.or.at> |
|---|---|
| date | Fri, 15 Nov 2019 11:40:37 +0100 |
| parents | 188c82b6690b |
| children | 6cc290653ef6 |
| rev | line source |
|---|---|
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
1 /********************************************************************************************************* |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
2 * Software License Agreement (BSD License) * |
|
740
4a9f08d6b6ba
Updated my mail address
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
706
diff
changeset
|
3 * Author: Sebastien Decugis <sdecugis@freediameter.net> * |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
4 * * |
|
1281
ab6457399be2
Updated copyright information
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1268
diff
changeset
|
5 * Copyright (c) 2015, WIDE Project and NICT * |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
6 * All rights reserved. * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
7 * * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
8 * Redistribution and use of this software in source and binary forms, with or without modification, are * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
9 * permitted provided that the following conditions are met: * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
10 * * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
11 * * Redistributions of source code must retain the above * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
12 * copyright notice, this list of conditions and the * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
13 * following disclaimer. * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
14 * * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
15 * * Redistributions in binary form must reproduce the above * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
16 * copyright notice, this list of conditions and the * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
17 * following disclaimer in the documentation and/or other * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
18 * materials provided with the distribution. * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
19 * * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
20 * * Neither the name of the WIDE Project or NICT nor the * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
21 * names of its contributors may be used to endorse or * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
22 * promote products derived from this software without * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
23 * specific prior written permission of WIDE Project and * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
24 * NICT. * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
25 * * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
26 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
27 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
28 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
29 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
30 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
32 * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
33 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
34 *********************************************************************************************************/ |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
35 |
|
658
f198d16fa7f4
Initial commit for 1.1.0:
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
578
diff
changeset
|
36 #include "fdcore-internal.h" |
|
304
ad3c46016584
Added install directives for cmake; also allow default directory to seek for extensions and configuration files
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
258
diff
changeset
|
37 #include <sys/stat.h> |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
38 |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
39 /* Configuration management */ |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
40 |
|
18
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
41 #ifndef GNUTLS_DEFAULT_PRIORITY |
|
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
42 # define GNUTLS_DEFAULT_PRIORITY "NORMAL" |
|
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
43 #endif /* GNUTLS_DEFAULT_PRIORITY */ |
|
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
44 #ifndef GNUTLS_DEFAULT_DHBITS |
|
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
45 # define GNUTLS_DEFAULT_DHBITS 1024 |
|
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
46 #endif /* GNUTLS_DEFAULT_DHBITS */ |
|
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
47 |
|
658
f198d16fa7f4
Initial commit for 1.1.0:
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
578
diff
changeset
|
48 /* Initialize the fd_g_config structure to default values -- it should already have been initialized to all-0 */ |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
49 int fd_conf_init() |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
50 { |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
51 TRACE_ENTRY(); |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
52 |
|
10
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
53 fd_g_config->cnf_eyec = EYEC_CONFIG; |
|
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
54 |
|
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
55 fd_g_config->cnf_timer_tc = 30; |
|
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
56 fd_g_config->cnf_timer_tw = 30; |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
57 |
|
897
d8d0772586ad
Use correct default port for outgoing connections even when local port is not the default one
Sebastien Decugis <sdecugis@freediameter.net>
parents:
820
diff
changeset
|
58 fd_g_config->cnf_port = DIAMETER_PORT; |
|
d8d0772586ad
Use correct default port for outgoing connections even when local port is not the default one
Sebastien Decugis <sdecugis@freediameter.net>
parents:
820
diff
changeset
|
59 fd_g_config->cnf_port_tls = DIAMETER_SECURE_PORT; |
|
10
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
60 fd_g_config->cnf_sctp_str = 30; |
|
1189
50bf33dc8fe0
Limit number of incoming connections under processing to configurable value
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1184
diff
changeset
|
61 fd_g_config->cnf_thr_srv = 5; |
|
1396
188c82b6690b
Add ProcessingPeersPattern and ProcessingPeersMinimum parameters.
Thomas Klausner <tk@giga.or.at>
parents:
1326
diff
changeset
|
62 fd_g_config->cnf_processing_peers_minimum = 0; |
|
253
ad6c0118fb50
Configurable number of server threads
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
189
diff
changeset
|
63 fd_g_config->cnf_dispthr = 4; |
|
1397
239ba25870d8
Allow parametrizing the number of threads for routing in/out.
Thomas Klausner <tk@giga.or.at>
parents:
1396
diff
changeset
|
64 fd_g_config->cnf_rtinthr = 1; |
|
239ba25870d8
Allow parametrizing the number of threads for routing in/out.
Thomas Klausner <tk@giga.or.at>
parents:
1396
diff
changeset
|
65 fd_g_config->cnf_rtoutthr = 1; |
|
239ba25870d8
Allow parametrizing the number of threads for routing in/out.
Thomas Klausner <tk@giga.or.at>
parents:
1396
diff
changeset
|
66 fd_g_config->cnf_qin_limit = 20; |
|
239ba25870d8
Allow parametrizing the number of threads for routing in/out.
Thomas Klausner <tk@giga.or.at>
parents:
1396
diff
changeset
|
67 fd_g_config->cnf_qout_limit = 30; |
|
239ba25870d8
Allow parametrizing the number of threads for routing in/out.
Thomas Klausner <tk@giga.or.at>
parents:
1396
diff
changeset
|
68 fd_g_config->cnf_qlocal_limit = 25; |
|
10
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
69 fd_list_init(&fd_g_config->cnf_endpoints, NULL); |
|
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
70 fd_list_init(&fd_g_config->cnf_apps, NULL); |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
71 #ifdef DISABLE_SCTP |
|
10
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
72 fd_g_config->cnf_flags.no_sctp = 1; |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
73 #endif /* DISABLE_SCTP */ |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
74 |
|
10
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
75 fd_g_config->cnf_orstateid = (uint32_t) time(NULL); |
|
1326
afe0ecdb0692
Add config option if Route-Record AVPs should be added in Answers.
Thomas Klausner <tk@giga.or.at>
parents:
1281
diff
changeset
|
76 fd_g_config->cnf_rr_in_answers = 1; |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
77 |
|
10
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
78 CHECK_FCT( fd_dict_init(&fd_g_config->cnf_dict) ); |
|
767
c47c16436f71
Added a limit on fifo queues to avoid memory exaustion when messages are received faster than handled
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
740
diff
changeset
|
79 CHECK_FCT( fd_fifo_new(&fd_g_config->cnf_main_ev, 0) ); |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
80 |
|
18
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
81 /* TLS parameters */ |
|
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
82 CHECK_GNUTLS_DO( gnutls_certificate_allocate_credentials (&fd_g_config->cnf_sec_data.credentials), return ENOMEM ); |
|
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
83 CHECK_GNUTLS_DO( gnutls_dh_params_init (&fd_g_config->cnf_sec_data.dh_cache), return ENOMEM ); |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
84 #ifdef GNUTLS_VERSION_300 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
85 CHECK_GNUTLS_DO( gnutls_x509_trust_list_init(&fd_g_config->cnf_sec_data.trustlist, 0), return ENOMEM ); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
86 #endif /* GNUTLS_VERSION_300 */ |
|
18
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
87 |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
88 return 0; |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
89 } |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
90 |
|
1085
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
91 DECLARE_FD_DUMP_PROTOTYPE(fd_conf_dump) |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
92 { |
|
1093
44f3e48dfe27
Align the behavior of all fd_*dump functions wrt final \n
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1085
diff
changeset
|
93 FD_DUMP_HANDLE_OFFSET(); |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
94 |
|
1119
79dd22145f52
Fix a number of compilation warnings
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1113
diff
changeset
|
95 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, "freeDiameter configuration:\n"), return NULL); |
|
1085
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
96 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Default trace level .... : %+d\n", fd_g_debug_lvl), return NULL); |
|
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
97 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Configuration file ..... : %s\n", fd_g_config->cnf_file), return NULL); |
| 1253 | 98 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Diameter Identity ...... : %s (l:%zi)\n", fd_g_config->cnf_diamid, fd_g_config->cnf_diamid_len), return NULL); |
| 99 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Diameter Realm ......... : %s (l:%zi)\n", fd_g_config->cnf_diamrlm, fd_g_config->cnf_diamrlm_len), return NULL); | |
|
1085
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
100 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Tc Timer ............... : %u\n", fd_g_config->cnf_timer_tc), return NULL); |
|
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
101 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Tw Timer ............... : %u\n", fd_g_config->cnf_timer_tw), return NULL); |
|
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
102 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Local port ............. : %hu\n", fd_g_config->cnf_port), return NULL); |
|
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
103 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Local secure port ...... : %hu\n", fd_g_config->cnf_port_tls), return NULL); |
|
1181
22de21feec64
Preparing for DTLS support
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1155
diff
changeset
|
104 if (fd_g_config->cnf_port_3436) { |
|
22de21feec64
Preparing for DTLS support
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1155
diff
changeset
|
105 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Local SCTP TLS port .... : %hu\n", fd_g_config->cnf_port_3436), return NULL); |
|
22de21feec64
Preparing for DTLS support
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1155
diff
changeset
|
106 } |
|
1085
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
107 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Number of SCTP streams . : %hu\n", fd_g_config->cnf_sctp_str), return NULL); |
|
1189
50bf33dc8fe0
Limit number of incoming connections under processing to configurable value
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1184
diff
changeset
|
108 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Number of clients thr .. : %d\n", fd_g_config->cnf_thr_srv), return NULL); |
|
50bf33dc8fe0
Limit number of incoming connections under processing to configurable value
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1184
diff
changeset
|
109 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Number of app threads .. : %hu\n", fd_g_config->cnf_dispthr), return NULL); |
|
1396
188c82b6690b
Add ProcessingPeersPattern and ProcessingPeersMinimum parameters.
Thomas Klausner <tk@giga.or.at>
parents:
1326
diff
changeset
|
110 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Minimal processing peers : %hu\n", fd_g_config->cnf_processing_peers_minimum), return NULL); |
|
1397
239ba25870d8
Allow parametrizing the number of threads for routing in/out.
Thomas Klausner <tk@giga.or.at>
parents:
1396
diff
changeset
|
111 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Number of rtin threads . : %hu\n", fd_g_config->cnf_rtinthr), return NULL); |
|
239ba25870d8
Allow parametrizing the number of threads for routing in/out.
Thomas Klausner <tk@giga.or.at>
parents:
1396
diff
changeset
|
112 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Number of rtout threads : %hu\n", fd_g_config->cnf_rtoutthr), return NULL); |
|
239ba25870d8
Allow parametrizing the number of threads for routing in/out.
Thomas Klausner <tk@giga.or.at>
parents:
1396
diff
changeset
|
113 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Incoming queue limit : %hu\n", fd_g_config->cnf_qin_limit), return NULL); |
|
239ba25870d8
Allow parametrizing the number of threads for routing in/out.
Thomas Klausner <tk@giga.or.at>
parents:
1396
diff
changeset
|
114 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Outgoing queue limit : %hu\n", fd_g_config->cnf_qout_limit), return NULL); |
|
239ba25870d8
Allow parametrizing the number of threads for routing in/out.
Thomas Klausner <tk@giga.or.at>
parents:
1396
diff
changeset
|
115 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Local queue limit : %hu\n", fd_g_config->cnf_qlocal_limit), return NULL); |
|
10
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
116 if (FD_IS_LIST_EMPTY(&fd_g_config->cnf_endpoints)) { |
|
1085
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
117 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Local endpoints ........ : Default (use all available)\n"), return NULL); |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
118 } else { |
|
1113
eb4ce68b6e5c
Added calls to remaining hooks
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1107
diff
changeset
|
119 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Local endpoints ........ : "), return NULL); |
|
eb4ce68b6e5c
Added calls to remaining hooks
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1107
diff
changeset
|
120 CHECK_MALLOC_DO( fd_ep_dump( FD_DUMP_STD_PARAMS, 0, 0, &fd_g_config->cnf_endpoints ), return NULL); |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
121 } |
|
10
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
122 if (FD_IS_LIST_EMPTY(&fd_g_config->cnf_apps)) { |
|
1113
eb4ce68b6e5c
Added calls to remaining hooks
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1107
diff
changeset
|
123 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Local applications ..... : (none)"), return NULL); |
|
10
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
124 } else { |
|
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
125 struct fd_list * li = fd_g_config->cnf_apps.next; |
|
1113
eb4ce68b6e5c
Added calls to remaining hooks
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1107
diff
changeset
|
126 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Local applications ..... : "), return NULL); |
|
10
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
127 while (li != &fd_g_config->cnf_apps) { |
|
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
128 struct fd_app * app = (struct fd_app *)li; |
|
1113
eb4ce68b6e5c
Added calls to remaining hooks
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1107
diff
changeset
|
129 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, "App: %u,%s%s,Vnd:%u\t", |
|
10
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
130 app->appid, |
|
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
131 app->flags.auth ? "Au" : "--", |
|
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
132 app->flags.acct ? "Ac" : "--", |
|
1085
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
133 app->vndid), return NULL); |
|
10
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
134 li = li->next; |
|
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
135 } |
|
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
136 } |
|
18
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
137 |
|
1113
eb4ce68b6e5c
Added calls to remaining hooks
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1107
diff
changeset
|
138 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, "\n Flags : - IP ........... : %s\n", fd_g_config->cnf_flags.no_ip4 ? "DISABLED" : "Enabled"), return NULL); |
|
1085
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
139 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " - IPv6 ......... : %s\n", fd_g_config->cnf_flags.no_ip6 ? "DISABLED" : "Enabled"), return NULL); |
|
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
140 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " - Relay app .... : %s\n", fd_g_config->cnf_flags.no_fwd ? "DISABLED" : "Enabled"), return NULL); |
|
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
141 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " - TCP .......... : %s\n", fd_g_config->cnf_flags.no_tcp ? "DISABLED" : "Enabled"), return NULL); |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
142 #ifdef DISABLE_SCTP |
|
1085
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
143 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " - SCTP ......... : DISABLED (at compilation)\n"), return NULL); |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
144 #else /* DISABLE_SCTP */ |
|
1085
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
145 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " - SCTP ......... : %s\n", fd_g_config->cnf_flags.no_sctp ? "DISABLED" : "Enabled"), return NULL); |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
146 #endif /* DISABLE_SCTP */ |
|
1085
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
147 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " - Pref. proto .. : %s\n", fd_g_config->cnf_flags.pr_tcp ? "TCP" : "SCTP"), return NULL); |
|
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
148 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " - TLS method ... : %s\n", fd_g_config->cnf_flags.tls_alg ? "INBAND" : "Separate port"), return NULL); |
|
18
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
149 |
|
1085
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
150 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " TLS : - Certificate .. : %s\n", fd_g_config->cnf_sec_data.cert_file ?: "(NONE)"), return NULL); |
|
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
151 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " - Private key .. : %s\n", fd_g_config->cnf_sec_data.key_file ?: "(NONE)"), return NULL); |
|
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
152 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " - CA (trust) ... : %s (%d certs)\n", fd_g_config->cnf_sec_data.ca_file ?: "(none)", fd_g_config->cnf_sec_data.ca_file_nr), return NULL); |
|
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
153 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " - CRL .......... : %s\n", fd_g_config->cnf_sec_data.crl_file ?: "(none)"), return NULL); |
|
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
154 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " - Priority ..... : %s\n", fd_g_config->cnf_sec_data.prio_string ?: "(default: '" GNUTLS_DEFAULT_PRIORITY "')"), return NULL); |
|
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
155 if (fd_g_config->cnf_sec_data.dh_file) { |
|
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
156 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " - DH file ...... : %s\n", fd_g_config->cnf_sec_data.dh_file), return NULL); |
|
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
157 } else { |
|
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
158 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " - DH bits ...... : %d\n", fd_g_config->cnf_sec_data.dh_bits ?: GNUTLS_DEFAULT_DHBITS), return NULL); |
|
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
159 } |
|
18
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
160 |
|
1085
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
161 CHECK_MALLOC_DO( fd_dump_extend( FD_DUMP_STD_PARAMS, " Origin-State-Id ........ : %u", fd_g_config->cnf_orstateid), return NULL); |
|
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
162 |
|
7d7266115a34
Cleaning of the traces in progress
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1034
diff
changeset
|
163 return *buf; |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
164 } |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
165 |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
166 /* read contents of a file opened in "rb" mode and alloc this data into a gnutls_datum_t (must be freed afterwards) */ |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
167 int fd_conf_stream_to_gnutls_datum(FILE * pemfile, gnutls_datum_t *out) |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
168 { |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
169 size_t alloc = 0; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
170 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
171 CHECK_PARAMS( pemfile && out ); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
172 memset(out, 0, sizeof(gnutls_datum_t)); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
173 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
174 do { |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
175 uint8_t * realloced = NULL; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
176 size_t read = 0; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
177 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
178 if (alloc < out->size + BUFSIZ + 1) { |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
179 alloc += alloc / 2 + BUFSIZ + 1; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
180 CHECK_MALLOC_DO( realloced = realloc(out->data, alloc), |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
181 { |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
182 free(out->data); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
183 return ENOMEM; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
184 } ) |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
185 out->data = realloced; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
186 } |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
187 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
188 read = fread( out->data + out->size, 1, alloc - out->size - 1, pemfile ); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
189 out->size += read; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
190 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
191 if (ferror(pemfile)) { |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
192 int err = errno; |
|
974
2091bf698fb1
Remove newlines from fd_log_debug, TRACE_DEBUG, TRACE_ERROR, and TRACE_DEBUG_ERROR
Thomas Klausner <tk@giga.or.at>
parents:
965
diff
changeset
|
193 TRACE_DEBUG(INFO, "An error occurred while reading file: %s", strerror(err)); |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
194 return err; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
195 } |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
196 } while (!feof(pemfile)); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
197 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
198 out->data[out->size] = '\0'; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
199 return 0; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
200 } |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
201 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
202 #ifdef GNUTLS_VERSION_300 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
203 /* inspired from GnuTLS manual */ |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
204 static int fd_conf_print_details_func (gnutls_x509_crt_t cert, |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
205 gnutls_x509_crt_t issuer, gnutls_x509_crl_t crl, |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
206 unsigned int verification_output) |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
207 { |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
208 char name[512]; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
209 char issuer_name[512]; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
210 size_t name_size; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
211 size_t issuer_name_size; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
212 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
213 if (!TRACE_BOOL(GNUTLS_DBG_LEVEL)) |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
214 return 0; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
215 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
216 issuer_name_size = sizeof (issuer_name); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
217 gnutls_x509_crt_get_issuer_dn (cert, issuer_name, &issuer_name_size); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
218 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
219 name_size = sizeof (name); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
220 gnutls_x509_crt_get_dn (cert, name, &name_size); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
221 |
|
974
2091bf698fb1
Remove newlines from fd_log_debug, TRACE_DEBUG, TRACE_ERROR, and TRACE_DEBUG_ERROR
Thomas Klausner <tk@giga.or.at>
parents:
965
diff
changeset
|
222 fd_log_debug("\tSubject: %s", name); |
|
2091bf698fb1
Remove newlines from fd_log_debug, TRACE_DEBUG, TRACE_ERROR, and TRACE_DEBUG_ERROR
Thomas Klausner <tk@giga.or.at>
parents:
965
diff
changeset
|
223 fd_log_debug("\tIssuer: %s", issuer_name); |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
224 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
225 if (issuer != NULL) |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
226 { |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
227 issuer_name_size = sizeof (issuer_name); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
228 gnutls_x509_crt_get_dn (issuer, issuer_name, &issuer_name_size); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
229 |
|
974
2091bf698fb1
Remove newlines from fd_log_debug, TRACE_DEBUG, TRACE_ERROR, and TRACE_DEBUG_ERROR
Thomas Klausner <tk@giga.or.at>
parents:
965
diff
changeset
|
230 fd_log_debug("\tVerified against: %s", issuer_name); |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
231 } |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
232 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
233 if (crl != NULL) |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
234 { |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
235 issuer_name_size = sizeof (issuer_name); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
236 gnutls_x509_crl_get_issuer_dn (crl, issuer_name, &issuer_name_size); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
237 |
|
974
2091bf698fb1
Remove newlines from fd_log_debug, TRACE_DEBUG, TRACE_ERROR, and TRACE_DEBUG_ERROR
Thomas Klausner <tk@giga.or.at>
parents:
965
diff
changeset
|
238 fd_log_debug("\tVerified against CRL of: %s", issuer_name); |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
239 } |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
240 |
|
974
2091bf698fb1
Remove newlines from fd_log_debug, TRACE_DEBUG, TRACE_ERROR, and TRACE_DEBUG_ERROR
Thomas Klausner <tk@giga.or.at>
parents:
965
diff
changeset
|
241 fd_log_debug("\tVerification output: %x", verification_output); |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
242 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
243 return 0; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
244 } |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
245 #endif /* GNUTLS_VERSION_300 */ |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
246 |
|
1027
0117a7746b21
Fix a number of errors and warnings introduced/highlighted by recent commits
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1021
diff
changeset
|
247 #ifndef GNUTLS_VERSION_300 |
|
1034
f4a73a991623
Fix warning on old GCC versions
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1033
diff
changeset
|
248 GCC_DIAG_OFF("-Wdeprecated-declarations") |
|
1027
0117a7746b21
Fix a number of errors and warnings introduced/highlighted by recent commits
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1021
diff
changeset
|
249 #endif /* !GNUTLS_VERSION_300 */ |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
250 /* Parse the configuration file (using the yacc parser) */ |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
251 int fd_conf_parse() |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
252 { |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
253 extern FILE * fddin; |
|
947
cce5d4bace82
Make config file parameter const and convert another fprintf to TRACE_DEBUG_ERROR.
Thomas Klausner <tk@giga.or.at>
parents:
946
diff
changeset
|
254 const char * orig = NULL; |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
255 |
|
304
ad3c46016584
Added install directives for cmake; also allow default directory to seek for extensions and configuration files
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
258
diff
changeset
|
256 /* Attempt to find the configuration file */ |
|
ad3c46016584
Added install directives for cmake; also allow default directory to seek for extensions and configuration files
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
258
diff
changeset
|
257 if (!fd_g_config->cnf_file) |
|
ad3c46016584
Added install directives for cmake; also allow default directory to seek for extensions and configuration files
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
258
diff
changeset
|
258 fd_g_config->cnf_file = FD_DEFAULT_CONF_FILENAME; |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
259 |
|
10
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
260 fddin = fopen(fd_g_config->cnf_file, "r"); |
|
304
ad3c46016584
Added install directives for cmake; also allow default directory to seek for extensions and configuration files
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
258
diff
changeset
|
261 if ((fddin == NULL) && (*fd_g_config->cnf_file != '/')) { |
|
947
cce5d4bace82
Make config file parameter const and convert another fprintf to TRACE_DEBUG_ERROR.
Thomas Klausner <tk@giga.or.at>
parents:
946
diff
changeset
|
262 char * new_cnf = NULL; |
|
304
ad3c46016584
Added install directives for cmake; also allow default directory to seek for extensions and configuration files
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
258
diff
changeset
|
263 /* We got a relative path, attempt to add the default directory prefix */ |
|
706
4ffbc9f1e922
Large UNTESTED commit with the following changes:
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
686
diff
changeset
|
264 orig = fd_g_config->cnf_file; |
|
947
cce5d4bace82
Make config file parameter const and convert another fprintf to TRACE_DEBUG_ERROR.
Thomas Klausner <tk@giga.or.at>
parents:
946
diff
changeset
|
265 CHECK_MALLOC( new_cnf = malloc(strlen(orig) + strlen(DEFAULT_CONF_PATH) + 2) ); /* we will not free it, but not important */ |
|
cce5d4bace82
Make config file parameter const and convert another fprintf to TRACE_DEBUG_ERROR.
Thomas Klausner <tk@giga.or.at>
parents:
946
diff
changeset
|
266 sprintf( new_cnf, DEFAULT_CONF_PATH "/%s", orig ); |
|
cce5d4bace82
Make config file parameter const and convert another fprintf to TRACE_DEBUG_ERROR.
Thomas Klausner <tk@giga.or.at>
parents:
946
diff
changeset
|
267 fd_g_config->cnf_file = new_cnf; |
|
304
ad3c46016584
Added install directives for cmake; also allow default directory to seek for extensions and configuration files
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
258
diff
changeset
|
268 fddin = fopen(fd_g_config->cnf_file, "r"); |
|
ad3c46016584
Added install directives for cmake; also allow default directory to seek for extensions and configuration files
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
258
diff
changeset
|
269 } |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
270 if (fddin == NULL) { |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
271 int ret = errno; |
|
1155
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
272 LOG_F("Unable to open configuration file for reading; tried the following locations: %s%s%s; Error: %s", |
|
947
cce5d4bace82
Make config file parameter const and convert another fprintf to TRACE_DEBUG_ERROR.
Thomas Klausner <tk@giga.or.at>
parents:
946
diff
changeset
|
273 orig ?: "", orig? " and " : "", fd_g_config->cnf_file, strerror(ret)); |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
274 return ret; |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
275 } |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
276 |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
277 /* call yacc parser */ |
|
304
ad3c46016584
Added install directives for cmake; also allow default directory to seek for extensions and configuration files
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
258
diff
changeset
|
278 TRACE_DEBUG (FULL, "Parsing configuration file: %s", fd_g_config->cnf_file); |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
279 CHECK_FCT( fddparse(fd_g_config) ); |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
280 |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
281 /* close the file */ |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
282 fclose(fddin); |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
283 |
|
18
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
284 /* Check that TLS private key was given */ |
|
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
285 if (! fd_g_config->cnf_sec_data.key_file) { |
|
1155
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
286 /* If TLS is not enabled, we allow empty TLS configuration */ |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
287 if ((fd_g_config->cnf_port_tls == 0) && (fd_g_config->cnf_flags.tls_alg == 0)) { |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
288 LOG_N("TLS is disabled, this is *NOT* a recommended practice! Diameter protocol conveys highly sensitive information on your users."); |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
289 fd_g_config->cnf_sec_data.tls_disabled = 1; |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
290 } else { |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
291 LOG_F( "Missing private key configuration for TLS. Please provide the TLS_cred configuration directive."); |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
292 return EINVAL; |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
293 } |
|
18
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
294 } |
|
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
295 |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
296 /* Resolve hostname if not provided */ |
|
10
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
297 if (fd_g_config->cnf_diamid == NULL) { |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
298 char buf[HOST_NAME_MAX + 1]; |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
299 struct addrinfo hints, *info; |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
300 int ret; |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
301 |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
302 /* local host name */ |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
303 CHECK_SYS(gethostname(buf, sizeof(buf))); |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
304 |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
305 /* get FQDN */ |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
306 memset(&hints, 0, sizeof hints); |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
307 hints.ai_flags = AI_CANONNAME; |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
308 |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
309 ret = getaddrinfo(buf, NULL, &hints, &info); |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
310 if (ret != 0) { |
| 994 | 311 TRACE_ERROR( "Error resolving local FQDN : '%s' : %s" |
| 312 ". Please provide Identity in configuration file.", | |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
313 buf, gai_strerror(ret)); |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
314 return EINVAL; |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
315 } |
|
706
4ffbc9f1e922
Large UNTESTED commit with the following changes:
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
686
diff
changeset
|
316 fd_g_config->cnf_diamid = info->ai_canonname; |
|
4ffbc9f1e922
Large UNTESTED commit with the following changes:
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
686
diff
changeset
|
317 CHECK_FCT( fd_os_validate_DiameterIdentity(&fd_g_config->cnf_diamid, &fd_g_config->cnf_diamid_len, 1) ); |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
318 freeaddrinfo(info); |
|
706
4ffbc9f1e922
Large UNTESTED commit with the following changes:
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
686
diff
changeset
|
319 } else { |
|
4ffbc9f1e922
Large UNTESTED commit with the following changes:
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
686
diff
changeset
|
320 CHECK_FCT( fd_os_validate_DiameterIdentity(&fd_g_config->cnf_diamid, &fd_g_config->cnf_diamid_len, 0) ); |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
321 } |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
322 |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
323 /* Handle the realm part */ |
|
10
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
324 if (fd_g_config->cnf_diamrlm == NULL) { |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
325 char * start = NULL; |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
326 |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
327 /* Check the diameter identity is a fqdn */ |
|
10
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
328 start = strchr(fd_g_config->cnf_diamid, '.'); |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
329 if ((start == NULL) || (start[1] == '\0')) { |
| 994 | 330 TRACE_ERROR( "Unable to extract realm from the Identity '%s'." |
| 331 " Please fix your Identity setting or provide Realm.", | |
|
10
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
332 fd_g_config->cnf_diamid); |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
333 return EINVAL; |
|
706
4ffbc9f1e922
Large UNTESTED commit with the following changes:
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
686
diff
changeset
|
334 } |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
335 |
|
706
4ffbc9f1e922
Large UNTESTED commit with the following changes:
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
686
diff
changeset
|
336 fd_g_config->cnf_diamrlm = start + 1; |
|
4ffbc9f1e922
Large UNTESTED commit with the following changes:
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
686
diff
changeset
|
337 CHECK_FCT( fd_os_validate_DiameterIdentity(&fd_g_config->cnf_diamrlm, &fd_g_config->cnf_diamrlm_len, 1) ); |
|
4ffbc9f1e922
Large UNTESTED commit with the following changes:
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
686
diff
changeset
|
338 } else { |
|
4ffbc9f1e922
Large UNTESTED commit with the following changes:
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
686
diff
changeset
|
339 CHECK_FCT( fd_os_validate_DiameterIdentity(&fd_g_config->cnf_diamrlm, &fd_g_config->cnf_diamrlm_len, 0) ); |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
340 } |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
341 |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
342 /* Validate some flags */ |
|
10
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
343 if (fd_g_config->cnf_flags.no_ip4 && fd_g_config->cnf_flags.no_ip6) { |
| 994 | 344 TRACE_ERROR( "IP and IPv6 cannot be disabled at the same time."); |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
345 return EINVAL; |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
346 } |
|
10
c5c99c73c2bf
Added some extensions and functions in the daemon
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
8
diff
changeset
|
347 if (fd_g_config->cnf_flags.no_tcp && fd_g_config->cnf_flags.no_sctp) { |
| 994 | 348 TRACE_ERROR( "TCP and SCTP cannot be disabled at the same time."); |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
349 return EINVAL; |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
350 } |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
351 |
|
22
0b3b46da2c12
Progress on server code
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
20
diff
changeset
|
352 /* Validate local endpoints */ |
|
0b3b46da2c12
Progress on server code
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
20
diff
changeset
|
353 if ((!FD_IS_LIST_EMPTY(&fd_g_config->cnf_endpoints)) && (fd_g_config->cnf_flags.no_ip4 || fd_g_config->cnf_flags.no_ip6)) { |
|
0b3b46da2c12
Progress on server code
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
20
diff
changeset
|
354 struct fd_list * li; |
|
0b3b46da2c12
Progress on server code
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
20
diff
changeset
|
355 for ( li = fd_g_config->cnf_endpoints.next; li != &fd_g_config->cnf_endpoints; li = li->next) { |
|
0b3b46da2c12
Progress on server code
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
20
diff
changeset
|
356 struct fd_endpoint * ep = (struct fd_endpoint *)li; |
|
23
db6c40b8b307
Added some code in cnxctx.c mainly
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
22
diff
changeset
|
357 if ( (fd_g_config->cnf_flags.no_ip4 && (ep->sa.sa_family == AF_INET)) |
|
db6c40b8b307
Added some code in cnxctx.c mainly
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
22
diff
changeset
|
358 ||(fd_g_config->cnf_flags.no_ip6 && (ep->sa.sa_family == AF_INET6)) ) { |
|
1107
96f2051215c8
Replaced calls to TRACE_sSA and sSA_DUMP_NODE* macros
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1093
diff
changeset
|
359 char sa_buf[sSA_DUMP_STRLEN];; |
|
22
0b3b46da2c12
Progress on server code
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
20
diff
changeset
|
360 li = li->prev; |
|
0b3b46da2c12
Progress on server code
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
20
diff
changeset
|
361 fd_list_unlink(&ep->chain); |
|
1107
96f2051215c8
Replaced calls to TRACE_sSA and sSA_DUMP_NODE* macros
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1093
diff
changeset
|
362 fd_sa_sdump_numeric(sa_buf, &ep->sa); |
|
96f2051215c8
Replaced calls to TRACE_sSA and sSA_DUMP_NODE* macros
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1093
diff
changeset
|
363 LOG_N("Info: Removing local address conflicting with the flags no_IP / no_IP6 : %s", sa_buf); |
|
22
0b3b46da2c12
Progress on server code
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
20
diff
changeset
|
364 free(ep); |
|
0b3b46da2c12
Progress on server code
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
20
diff
changeset
|
365 } |
|
0b3b46da2c12
Progress on server code
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
20
diff
changeset
|
366 } |
|
0b3b46da2c12
Progress on server code
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
20
diff
changeset
|
367 } |
|
0b3b46da2c12
Progress on server code
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
20
diff
changeset
|
368 |
|
18
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
369 /* Configure TLS default parameters */ |
|
1155
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
370 if ((!fd_g_config->cnf_sec_data.tls_disabled) && (!fd_g_config->cnf_sec_data.prio_string)) { |
|
18
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
371 const char * err_pos = NULL; |
|
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
372 CHECK_GNUTLS_DO( gnutls_priority_init( |
|
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
373 &fd_g_config->cnf_sec_data.prio_cache, |
|
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
374 GNUTLS_DEFAULT_PRIORITY, |
|
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
375 &err_pos), |
|
1006
6ce8322f3b78
Report an error if a problem is big enough to break startup.
Thomas Klausner <tk@giga.or.at>
parents:
994
diff
changeset
|
376 { TRACE_ERROR("Error in priority string at position : %s", err_pos); return EINVAL; } ); |
|
18
e7187583dcf8
Added CA helper script
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
17
diff
changeset
|
377 } |
|
542
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
378 |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
379 /* Verify that our certificate is valid -- otherwise remote peers will reject it */ |
|
1155
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
380 if (!fd_g_config->cnf_sec_data.tls_disabled) { |
|
542
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
381 int ret = 0, i; |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
382 |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
383 gnutls_datum_t certfile; |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
384 |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
385 gnutls_x509_crt_t * certs = NULL; |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
386 unsigned int cert_max = 0; |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
387 |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
388 |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
389 /* Read the certificate file */ |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
390 FILE *stream = fopen (fd_g_config->cnf_sec_data.cert_file, "rb"); |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
391 if (!stream) { |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
392 int err = errno; |
|
974
2091bf698fb1
Remove newlines from fd_log_debug, TRACE_DEBUG, TRACE_ERROR, and TRACE_DEBUG_ERROR
Thomas Klausner <tk@giga.or.at>
parents:
965
diff
changeset
|
393 TRACE_DEBUG(INFO, "An error occurred while opening '%s': %s", fd_g_config->cnf_sec_data.cert_file, strerror(err)); |
|
542
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
394 return err; |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
395 } |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
396 CHECK_FCT( fd_conf_stream_to_gnutls_datum(stream, &certfile) ); |
|
542
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
397 fclose(stream); |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
398 |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
399 /* Import the certificate(s) */ |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
400 GNUTLS_TRACE( ret = gnutls_x509_crt_list_import(NULL, &cert_max, &certfile, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED) ); |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
401 if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
402 CHECK_GNUTLS_DO(ret, return EINVAL); |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
403 } |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
404 |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
405 CHECK_MALLOC( certs = calloc(cert_max, sizeof(gnutls_x509_crt_t)) ); |
|
820
0eb64b3a3632
Fix compilation with gnutls < 3.x
Sebastien Decugis <sdecugis@freediameter.net>
parents:
808
diff
changeset
|
406 CHECK_GNUTLS_DO( gnutls_x509_crt_list_import(certs, &cert_max, &certfile, GNUTLS_X509_FMT_PEM, |
|
0eb64b3a3632
Fix compilation with gnutls < 3.x
Sebastien Decugis <sdecugis@freediameter.net>
parents:
808
diff
changeset
|
407 #ifdef GNUTLS_VERSION_300 |
|
0eb64b3a3632
Fix compilation with gnutls < 3.x
Sebastien Decugis <sdecugis@freediameter.net>
parents:
808
diff
changeset
|
408 GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED |
|
0eb64b3a3632
Fix compilation with gnutls < 3.x
Sebastien Decugis <sdecugis@freediameter.net>
parents:
808
diff
changeset
|
409 #else /* GNUTLS_VERSION_300 */ |
|
0eb64b3a3632
Fix compilation with gnutls < 3.x
Sebastien Decugis <sdecugis@freediameter.net>
parents:
808
diff
changeset
|
410 0 |
|
0eb64b3a3632
Fix compilation with gnutls < 3.x
Sebastien Decugis <sdecugis@freediameter.net>
parents:
808
diff
changeset
|
411 #endif /* GNUTLS_VERSION_300 */ |
|
0eb64b3a3632
Fix compilation with gnutls < 3.x
Sebastien Decugis <sdecugis@freediameter.net>
parents:
808
diff
changeset
|
412 ), |
|
542
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
413 { |
|
1006
6ce8322f3b78
Report an error if a problem is big enough to break startup.
Thomas Klausner <tk@giga.or.at>
parents:
994
diff
changeset
|
414 TRACE_ERROR("Failed to import the data from file '%s'", fd_g_config->cnf_sec_data.cert_file); |
|
542
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
415 free(certfile.data); |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
416 return EINVAL; |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
417 } ); |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
418 free(certfile.data); |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
419 |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
420 ASSERT(cert_max >= 1); |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
421 |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
422 /* Now, verify the list against the local CA and CRL */ |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
423 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
424 #ifdef GNUTLS_VERSION_300 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
425 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
426 /* We use the trust list for this purpose */ |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
427 { |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
428 unsigned int output; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
429 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
430 gnutls_x509_trust_list_verify_named_crt ( |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
431 fd_g_config->cnf_sec_data.trustlist, |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
432 certs[0], |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
433 fd_g_config->cnf_diamid, |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
434 fd_g_config->cnf_diamid_len, |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
435 0, |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
436 &output, |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
437 fd_conf_print_details_func); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
438 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
439 /* if this certificate is not explicitly trusted verify against CAs |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
440 */ |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
441 if (output != 0) |
|
542
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
442 { |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
443 gnutls_x509_trust_list_verify_crt ( |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
444 fd_g_config->cnf_sec_data.trustlist, |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
445 certs, |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
446 cert_max, |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
447 0, |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
448 &output, |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
449 fd_conf_print_details_func); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
450 } |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
451 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
452 if (output & GNUTLS_CERT_INVALID) |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
453 { |
|
974
2091bf698fb1
Remove newlines from fd_log_debug, TRACE_DEBUG, TRACE_ERROR, and TRACE_DEBUG_ERROR
Thomas Klausner <tk@giga.or.at>
parents:
965
diff
changeset
|
454 fd_log_debug("TLS: Local certificate chain '%s' is invalid :", fd_g_config->cnf_sec_data.cert_file); |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
455 if (output & GNUTLS_CERT_SIGNER_NOT_FOUND) |
|
1184
8c340f832127
Remove auto-use of the certificate as CA when CA was not provided, since now TLS_cred can be ignored when TLS is not used.
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1181
diff
changeset
|
456 TRACE_ERROR(" - The certificate hasn't got a known issuer. Did you forget to specify TLS_CA ?"); |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
457 if (output & GNUTLS_CERT_SIGNER_NOT_CA) |
|
1006
6ce8322f3b78
Report an error if a problem is big enough to break startup.
Thomas Klausner <tk@giga.or.at>
parents:
994
diff
changeset
|
458 TRACE_ERROR(" - The certificate signer is not a CA, or uses version 1, or 3 without basic constraints."); |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
459 if (output & GNUTLS_CERT_NOT_ACTIVATED) |
|
1006
6ce8322f3b78
Report an error if a problem is big enough to break startup.
Thomas Klausner <tk@giga.or.at>
parents:
994
diff
changeset
|
460 TRACE_ERROR(" - The certificate is not yet activated."); |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
461 if (output & GNUTLS_CERT_EXPIRED) |
|
1006
6ce8322f3b78
Report an error if a problem is big enough to break startup.
Thomas Klausner <tk@giga.or.at>
parents:
994
diff
changeset
|
462 TRACE_ERROR(" - The certificate is expired."); |
|
542
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
463 return EINVAL; |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
464 } |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
465 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
466 /* Now check the subject matches our hostname */ |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
467 if (!gnutls_x509_crt_check_hostname (certs[0], fd_g_config->cnf_diamid)) |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
468 { |
|
1006
6ce8322f3b78
Report an error if a problem is big enough to break startup.
Thomas Klausner <tk@giga.or.at>
parents:
994
diff
changeset
|
469 TRACE_ERROR("TLS: The certificate owner does not match the hostname '%s'", fd_g_config->cnf_diamid); |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
470 return EINVAL; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
471 } |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
472 |
|
542
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
473 } |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
474 |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
475 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
476 #else /* GNUTLS_VERSION_300 */ |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
477 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
478 /* GnuTLS 2.x way of checking certificates */ |
|
542
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
479 { |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
480 gnutls_x509_crt_t * CA_list; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
481 int CA_list_length; |
|
542
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
482 |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
483 gnutls_x509_crl_t * CRL_list; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
484 int CRL_list_length; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
485 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
486 unsigned int verify; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
487 time_t now; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
488 GNUTLS_TRACE( gnutls_certificate_get_x509_cas (fd_g_config->cnf_sec_data.credentials, &CA_list, (unsigned int *) &CA_list_length) ); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
489 GNUTLS_TRACE( gnutls_certificate_get_x509_crls (fd_g_config->cnf_sec_data.credentials, &CRL_list, (unsigned int *) &CRL_list_length) ); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
490 CHECK_GNUTLS_DO( gnutls_x509_crt_list_verify(certs, cert_max, CA_list, CA_list_length, CRL_list, CRL_list_length, 0, &verify), |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
491 { |
|
1008
d3d2a32320c4
Fix a compilation warning and protect CHECK_GNUTLS_DO macro
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1006
diff
changeset
|
492 TRACE_ERROR("Failed to verify the local certificate '%s' against local credentials. Please check your certificate is valid.", fd_g_config->cnf_sec_data.cert_file); |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
493 return EINVAL; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
494 } ); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
495 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
496 if (verify) { |
|
974
2091bf698fb1
Remove newlines from fd_log_debug, TRACE_DEBUG, TRACE_ERROR, and TRACE_DEBUG_ERROR
Thomas Klausner <tk@giga.or.at>
parents:
965
diff
changeset
|
497 fd_log_debug("TLS: Local certificate chain '%s' is invalid :", fd_g_config->cnf_sec_data.cert_file); |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
498 if (verify & GNUTLS_CERT_INVALID) |
|
1006
6ce8322f3b78
Report an error if a problem is big enough to break startup.
Thomas Klausner <tk@giga.or.at>
parents:
994
diff
changeset
|
499 TRACE_ERROR(" - The certificate is not trusted (unknown CA? expired?)"); |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
500 if (verify & GNUTLS_CERT_REVOKED) |
|
1006
6ce8322f3b78
Report an error if a problem is big enough to break startup.
Thomas Klausner <tk@giga.or.at>
parents:
994
diff
changeset
|
501 TRACE_ERROR(" - The certificate has been revoked."); |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
502 if (verify & GNUTLS_CERT_SIGNER_NOT_FOUND) |
|
1006
6ce8322f3b78
Report an error if a problem is big enough to break startup.
Thomas Klausner <tk@giga.or.at>
parents:
994
diff
changeset
|
503 TRACE_ERROR(" - The certificate hasn't got a known issuer."); |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
504 if (verify & GNUTLS_CERT_SIGNER_NOT_CA) |
|
1006
6ce8322f3b78
Report an error if a problem is big enough to break startup.
Thomas Klausner <tk@giga.or.at>
parents:
994
diff
changeset
|
505 TRACE_ERROR(" - The certificate signer is not a CA, or uses version 1, or 3 without basic constraints."); |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
506 if (verify & GNUTLS_CERT_INSECURE_ALGORITHM) |
|
1006
6ce8322f3b78
Report an error if a problem is big enough to break startup.
Thomas Klausner <tk@giga.or.at>
parents:
994
diff
changeset
|
507 TRACE_ERROR(" - The certificate signature uses a weak algorithm."); |
|
542
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
508 return EINVAL; |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
509 } |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
510 |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
511 /* Check the local Identity is valid with the certificate */ |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
512 if (!gnutls_x509_crt_check_hostname (certs[0], fd_g_config->cnf_diamid)) { |
|
1006
6ce8322f3b78
Report an error if a problem is big enough to break startup.
Thomas Klausner <tk@giga.or.at>
parents:
994
diff
changeset
|
513 TRACE_ERROR("TLS: Local certificate '%s' is invalid :", fd_g_config->cnf_sec_data.cert_file); |
|
6ce8322f3b78
Report an error if a problem is big enough to break startup.
Thomas Klausner <tk@giga.or.at>
parents:
994
diff
changeset
|
514 TRACE_ERROR(" - The certificate hostname does not match '%s'", fd_g_config->cnf_diamid); |
|
542
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
515 return EINVAL; |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
516 } |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
517 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
518 /* Check validity of all the certificates in the chain */ |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
519 now = time(NULL); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
520 for (i = 0; i < cert_max; i++) |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
521 { |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
522 time_t deadline; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
523 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
524 GNUTLS_TRACE( deadline = gnutls_x509_crt_get_expiration_time(certs[i]) ); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
525 if ((deadline != (time_t)-1) && (deadline < now)) { |
|
1006
6ce8322f3b78
Report an error if a problem is big enough to break startup.
Thomas Klausner <tk@giga.or.at>
parents:
994
diff
changeset
|
526 TRACE_ERROR("TLS: Local certificate chain '%s' is invalid :", fd_g_config->cnf_sec_data.cert_file); |
|
6ce8322f3b78
Report an error if a problem is big enough to break startup.
Thomas Klausner <tk@giga.or.at>
parents:
994
diff
changeset
|
527 TRACE_ERROR(" - The certificate %d in the chain is expired", i); |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
528 return EINVAL; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
529 } |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
530 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
531 GNUTLS_TRACE( deadline = gnutls_x509_crt_get_activation_time(certs[i]) ); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
532 if ((deadline != (time_t)-1) && (deadline > now)) { |
|
1006
6ce8322f3b78
Report an error if a problem is big enough to break startup.
Thomas Klausner <tk@giga.or.at>
parents:
994
diff
changeset
|
533 TRACE_ERROR("TLS: Local certificate chain '%s' is invalid :", fd_g_config->cnf_sec_data.cert_file); |
|
6ce8322f3b78
Report an error if a problem is big enough to break startup.
Thomas Klausner <tk@giga.or.at>
parents:
994
diff
changeset
|
534 TRACE_ERROR(" - The certificate %d in the chain is not yet activated", i); |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
535 return EINVAL; |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
536 } |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
537 } |
|
542
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
538 } |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
539 #endif /* GNUTLS_VERSION_300 */ |
|
542
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
540 |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
541 /* Everything checked OK, free the certificate list */ |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
542 for (i = 0; i < cert_max; i++) |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
543 { |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
544 GNUTLS_TRACE( gnutls_x509_crt_deinit (certs[i]) ); |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
545 } |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
546 free(certs); |
|
1155
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
547 |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
548 #ifdef GNUTLS_VERSION_300 |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
549 /* Use certificate verification during the handshake */ |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
550 gnutls_certificate_set_verify_function (fd_g_config->cnf_sec_data.credentials, fd_tls_verify_credentials_2); |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
551 #endif /* GNUTLS_VERSION_300 */ |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
552 |
|
542
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
553 } |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
554 |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
555 /* gnutls_certificate_set_verify_limits -- so far the default values are fine... */ |
|
0b6cee362f5d
Enforce validation of local certificate upon daemon start.
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
447
diff
changeset
|
556 |
|
578
7c9a00bfd115
Allow TLS Diffie-Hellmann parameters to be loaded from a file (ticket #17)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
542
diff
changeset
|
557 /* DH */ |
|
1155
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
558 if (!fd_g_config->cnf_sec_data.tls_disabled) { |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
559 if (fd_g_config->cnf_sec_data.dh_file) { |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
560 gnutls_datum_t dhparams = { NULL, 0 }; |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
561 size_t alloc = 0; |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
562 FILE *stream = fopen (fd_g_config->cnf_sec_data.dh_file, "rb"); |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
563 if (!stream) { |
|
578
7c9a00bfd115
Allow TLS Diffie-Hellmann parameters to be loaded from a file (ticket #17)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
542
diff
changeset
|
564 int err = errno; |
|
1155
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
565 TRACE_DEBUG(INFO, "An error occurred while opening '%s': %s", fd_g_config->cnf_sec_data.dh_file, strerror(err)); |
|
578
7c9a00bfd115
Allow TLS Diffie-Hellmann parameters to be loaded from a file (ticket #17)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
542
diff
changeset
|
566 return err; |
|
7c9a00bfd115
Allow TLS Diffie-Hellmann parameters to be loaded from a file (ticket #17)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
542
diff
changeset
|
567 } |
|
1155
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
568 do { |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
569 uint8_t * realloced = NULL; |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
570 size_t read = 0; |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
571 |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
572 if (alloc < dhparams.size + BUFSIZ + 1) { |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
573 alloc += alloc / 2 + BUFSIZ + 1; |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
574 CHECK_MALLOC_DO( realloced = realloc(dhparams.data, alloc), |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
575 { |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
576 free(dhparams.data); |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
577 return ENOMEM; |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
578 } ) |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
579 dhparams.data = realloced; |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
580 } |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
581 |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
582 read = fread( dhparams.data + dhparams.size, 1, alloc - dhparams.size - 1, stream ); |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
583 dhparams.size += read; |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
584 |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
585 if (ferror(stream)) { |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
586 int err = errno; |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
587 TRACE_DEBUG(INFO, "An error occurred while reading '%s': %s", fd_g_config->cnf_sec_data.dh_file, strerror(err)); |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
588 return err; |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
589 } |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
590 } while (!feof(stream)); |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
591 dhparams.data[dhparams.size] = '\0'; |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
592 fclose(stream); |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
593 CHECK_GNUTLS_DO( gnutls_dh_params_import_pkcs3( |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
594 fd_g_config->cnf_sec_data.dh_cache, |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
595 &dhparams, |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
596 GNUTLS_X509_FMT_PEM), |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
597 { TRACE_ERROR("Error in DH bits value : %d", fd_g_config->cnf_sec_data.dh_bits ?: GNUTLS_DEFAULT_DHBITS); return EINVAL; } ); |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
598 free(dhparams.data); |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
599 |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
600 } else { |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
601 LOG_D( "Generating fresh Diffie-Hellman parameters of size %d (this takes some time)... ", fd_g_config->cnf_sec_data.dh_bits ?: GNUTLS_DEFAULT_DHBITS); |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
602 CHECK_GNUTLS_DO( gnutls_dh_params_generate2( |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
603 fd_g_config->cnf_sec_data.dh_cache, |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
604 fd_g_config->cnf_sec_data.dh_bits ?: GNUTLS_DEFAULT_DHBITS), |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
605 { TRACE_ERROR("Error in DH bits value : %d", fd_g_config->cnf_sec_data.dh_bits ?: GNUTLS_DEFAULT_DHBITS); return EINVAL; } ); |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
606 } |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
607 |
|
d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1127
diff
changeset
|
608 } |
|
578
7c9a00bfd115
Allow TLS Diffie-Hellmann parameters to be loaded from a file (ticket #17)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
542
diff
changeset
|
609 |
|
8
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
610 return 0; |
|
3e143f047f78
Backup for the week-end
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
611 } |
|
1027
0117a7746b21
Fix a number of errors and warnings introduced/highlighted by recent commits
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1021
diff
changeset
|
612 #ifndef GNUTLS_VERSION_300 |
|
1034
f4a73a991623
Fix warning on old GCC versions
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1033
diff
changeset
|
613 GCC_DIAG_ON("-Wdeprecated-declarations") |
|
1027
0117a7746b21
Fix a number of errors and warnings introduced/highlighted by recent commits
Sebastien Decugis <sdecugis@freediameter.net>
parents:
1021
diff
changeset
|
614 #endif /* !GNUTLS_VERSION_300 */ |
|
447
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
615 |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
616 |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
617 /* Destroy contents of fd_g_config structure */ |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
618 int fd_conf_deinit() |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
619 { |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
620 TRACE_ENTRY(); |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
621 |
|
686
f83d9878bf66
Fixed in case of termination of several modules (before initialization completed)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
662
diff
changeset
|
622 if (!fd_g_config) |
|
f83d9878bf66
Fixed in case of termination of several modules (before initialization completed)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
662
diff
changeset
|
623 return 0; |
|
f83d9878bf66
Fixed in case of termination of several modules (before initialization completed)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
662
diff
changeset
|
624 |
|
447
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
625 /* Free the TLS parameters */ |
|
805
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
626 #ifdef GNUTLS_VERSION_300 |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
627 gnutls_x509_trust_list_deinit(fd_g_config->cnf_sec_data.trustlist, 1); |
|
fb5e0fd923ff
Updated verification of the local certificate following GnuTLS 3.x guideline
Sebastien Decugis <sdecugis@freediameter.net>
parents:
767
diff
changeset
|
628 #endif /* GNUTLS_VERSION_300 */ |
|
447
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
629 gnutls_priority_deinit(fd_g_config->cnf_sec_data.prio_cache); |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
630 gnutls_dh_params_deinit(fd_g_config->cnf_sec_data.dh_cache); |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
631 gnutls_certificate_free_credentials(fd_g_config->cnf_sec_data.credentials); |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
632 |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
633 free(fd_g_config->cnf_sec_data.cert_file); fd_g_config->cnf_sec_data.cert_file = NULL; |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
634 free(fd_g_config->cnf_sec_data.key_file); fd_g_config->cnf_sec_data.key_file = NULL; |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
635 free(fd_g_config->cnf_sec_data.ca_file); fd_g_config->cnf_sec_data.ca_file = NULL; |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
636 free(fd_g_config->cnf_sec_data.crl_file); fd_g_config->cnf_sec_data.crl_file = NULL; |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
637 free(fd_g_config->cnf_sec_data.prio_string); fd_g_config->cnf_sec_data.prio_string = NULL; |
|
578
7c9a00bfd115
Allow TLS Diffie-Hellmann parameters to be loaded from a file (ticket #17)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
542
diff
changeset
|
638 free(fd_g_config->cnf_sec_data.dh_file); fd_g_config->cnf_sec_data.dh_file = NULL; |
|
447
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
639 |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
640 /* Destroy dictionary */ |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
641 CHECK_FCT_DO( fd_dict_fini(&fd_g_config->cnf_dict), ); |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
642 |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
643 /* Destroy the main event queue */ |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
644 CHECK_FCT_DO( fd_fifo_del(&fd_g_config->cnf_main_ev), ); |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
645 |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
646 /* Destroy the local endpoints and applications */ |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
647 CHECK_FCT_DO(fd_ep_filter(&fd_g_config->cnf_endpoints, 0 ), ); |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
648 CHECK_FCT_DO(fd_app_empty(&fd_g_config->cnf_apps ), ); |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
649 |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
650 /* Destroy the local identity */ |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
651 free(fd_g_config->cnf_diamid); fd_g_config->cnf_diamid = NULL; |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
652 free(fd_g_config->cnf_diamrlm); fd_g_config->cnf_diamrlm = NULL; |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
653 |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
654 return 0; |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
655 } |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
656 |
|
097bae83b07a
Forgot to cleanup the configuration on exit, spotted by valgrind
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
403
diff
changeset
|
657 |