Changeset 1006:6ce8322f3b78 in freeDiameter for libfdcore/config.c
- Timestamp:
- Mar 22, 2013, 4:28:23 AM (11 years ago)
- Branch:
- default
- Phase:
- public
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
libfdcore/config.c
r994 r1006 274 274 GNUTLS_X509_FMT_PEM), 275 275 { 276 TRACE_ DEBUG(INFO,"Unable to use the local certificate as trusted security anchor (CA), please provide a valid TLS_CA='...' directive.");276 TRACE_ERROR("Unable to use the local certificate as trusted security anchor (CA), please provide a valid TLS_CA='...' directive."); 277 277 return EINVAL; 278 278 } ); … … 362 362 GNUTLS_DEFAULT_PRIORITY, 363 363 &err_pos), 364 { TRACE_ DEBUG(INFO,"Error in priority string at position : %s", err_pos); return EINVAL; } );364 { TRACE_ERROR("Error in priority string at position : %s", err_pos); return EINVAL; } ); 365 365 } 366 366 … … 400 400 ), 401 401 { 402 TRACE_ DEBUG(INFO,"Failed to import the data from file '%s'", fd_g_config->cnf_sec_data.cert_file);402 TRACE_ERROR("Failed to import the data from file '%s'", fd_g_config->cnf_sec_data.cert_file); 403 403 free(certfile.data); 404 404 return EINVAL; … … 442 442 fd_log_debug("TLS: Local certificate chain '%s' is invalid :", fd_g_config->cnf_sec_data.cert_file); 443 443 if (output & GNUTLS_CERT_SIGNER_NOT_FOUND) 444 fd_log_debug(" - The certificate hasn't got a known issuer.");444 TRACE_ERROR(" - The certificate hasn't got a known issuer."); 445 445 if (output & GNUTLS_CERT_SIGNER_NOT_CA) 446 fd_log_debug(" - The certificate signer is not a CA, or uses version 1, or 3 without basic constraints.");446 TRACE_ERROR(" - The certificate signer is not a CA, or uses version 1, or 3 without basic constraints."); 447 447 if (output & GNUTLS_CERT_NOT_ACTIVATED) 448 fd_log_debug(" - The certificate is not yet activated.");448 TRACE_ERROR(" - The certificate is not yet activated."); 449 449 if (output & GNUTLS_CERT_EXPIRED) 450 fd_log_debug(" - The certificate is expired.");450 TRACE_ERROR(" - The certificate is expired."); 451 451 return EINVAL; 452 452 } … … 455 455 if (!gnutls_x509_crt_check_hostname (certs[0], fd_g_config->cnf_diamid)) 456 456 { 457 fd_log_debug("TLS: The certificate owner does not match the hostname '%s'", fd_g_config->cnf_diamid);457 TRACE_ERROR("TLS: The certificate owner does not match the hostname '%s'", fd_g_config->cnf_diamid); 458 458 return EINVAL; 459 459 } … … 478 478 CHECK_GNUTLS_DO( gnutls_x509_crt_list_verify(certs, cert_max, CA_list, CA_list_length, CRL_list, CRL_list_length, 0, &verify), 479 479 { 480 TRACE_ DEBUG(INFO, "Failed to verify the local certificate '%s' against local credentials. Please check your certificate is valid.", fd_g_config->cnf_sec_data.cert_file);480 TRACE_ERROR(INFO, "Failed to verify the local certificate '%s' against local credentials. Please check your certificate is valid.", fd_g_config->cnf_sec_data.cert_file); 481 481 return EINVAL; 482 482 } ); … … 485 485 fd_log_debug("TLS: Local certificate chain '%s' is invalid :", fd_g_config->cnf_sec_data.cert_file); 486 486 if (verify & GNUTLS_CERT_INVALID) 487 fd_log_debug(" - The certificate is not trusted (unknown CA? expired?)");487 TRACE_ERROR(" - The certificate is not trusted (unknown CA? expired?)"); 488 488 if (verify & GNUTLS_CERT_REVOKED) 489 fd_log_debug(" - The certificate has been revoked.");489 TRACE_ERROR(" - The certificate has been revoked."); 490 490 if (verify & GNUTLS_CERT_SIGNER_NOT_FOUND) 491 fd_log_debug(" - The certificate hasn't got a known issuer.");491 TRACE_ERROR(" - The certificate hasn't got a known issuer."); 492 492 if (verify & GNUTLS_CERT_SIGNER_NOT_CA) 493 fd_log_debug(" - The certificate signer is not a CA, or uses version 1, or 3 without basic constraints.");493 TRACE_ERROR(" - The certificate signer is not a CA, or uses version 1, or 3 without basic constraints."); 494 494 if (verify & GNUTLS_CERT_INSECURE_ALGORITHM) 495 fd_log_debug(" - The certificate signature uses a weak algorithm.");495 TRACE_ERROR(" - The certificate signature uses a weak algorithm."); 496 496 return EINVAL; 497 497 } … … 499 499 /* Check the local Identity is valid with the certificate */ 500 500 if (!gnutls_x509_crt_check_hostname (certs[0], fd_g_config->cnf_diamid)) { 501 fd_log_debug("TLS: Local certificate '%s' is invalid :", fd_g_config->cnf_sec_data.cert_file);502 fd_log_debug(" - The certificate hostname does not match '%s'", fd_g_config->cnf_diamid);501 TRACE_ERROR("TLS: Local certificate '%s' is invalid :", fd_g_config->cnf_sec_data.cert_file); 502 TRACE_ERROR(" - The certificate hostname does not match '%s'", fd_g_config->cnf_diamid); 503 503 return EINVAL; 504 504 } … … 512 512 GNUTLS_TRACE( deadline = gnutls_x509_crt_get_expiration_time(certs[i]) ); 513 513 if ((deadline != (time_t)-1) && (deadline < now)) { 514 fd_log_debug("TLS: Local certificate chain '%s' is invalid :", fd_g_config->cnf_sec_data.cert_file);515 fd_log_debug(" - The certificate %d in the chain is expired", i);514 TRACE_ERROR("TLS: Local certificate chain '%s' is invalid :", fd_g_config->cnf_sec_data.cert_file); 515 TRACE_ERROR(" - The certificate %d in the chain is expired", i); 516 516 return EINVAL; 517 517 } … … 519 519 GNUTLS_TRACE( deadline = gnutls_x509_crt_get_activation_time(certs[i]) ); 520 520 if ((deadline != (time_t)-1) && (deadline > now)) { 521 fd_log_debug("TLS: Local certificate chain '%s' is invalid :", fd_g_config->cnf_sec_data.cert_file);522 fd_log_debug(" - The certificate %d in the chain is not yet activated", i);521 TRACE_ERROR("TLS: Local certificate chain '%s' is invalid :", fd_g_config->cnf_sec_data.cert_file); 522 TRACE_ERROR(" - The certificate %d in the chain is not yet activated", i); 523 523 return EINVAL; 524 524 } … … 582 582 &dhparams, 583 583 GNUTLS_X509_FMT_PEM), 584 { TRACE_ DEBUG(INFO,"Error in DH bits value : %d", fd_g_config->cnf_sec_data.dh_bits ?: GNUTLS_DEFAULT_DHBITS); return EINVAL; } );584 { TRACE_ERROR("Error in DH bits value : %d", fd_g_config->cnf_sec_data.dh_bits ?: GNUTLS_DEFAULT_DHBITS); return EINVAL; } ); 585 585 free(dhparams.data); 586 586 … … 590 590 fd_g_config->cnf_sec_data.dh_cache, 591 591 fd_g_config->cnf_sec_data.dh_bits ?: GNUTLS_DEFAULT_DHBITS), 592 { TRACE_ DEBUG(INFO,"Error in DH bits value : %d", fd_g_config->cnf_sec_data.dh_bits ?: GNUTLS_DEFAULT_DHBITS); return EINVAL; } );592 { TRACE_ERROR("Error in DH bits value : %d", fd_g_config->cnf_sec_data.dh_bits ?: GNUTLS_DEFAULT_DHBITS); return EINVAL; } ); 593 593 } 594 594
Note: See TracChangeset
for help on using the changeset viewer.