Changeset 974:2091bf698fb1 in freeDiameter for libfdcore/config.c
- Timestamp:
- Mar 15, 2013, 2:14:35 AM (11 years ago)
- Branch:
- default
- Phase:
- public
- File:
-
- 1 edited
-
libfdcore/config.c (modified) (18 diffs)
Legend:
- Unmodified
- Added
- Removed
-
libfdcore/config.c
r965 r974 86 86 return; 87 87 88 fd_log_debug("-- Configuration : \n");89 fd_log_debug(" Debug trace level ...... : %+d \n", fd_g_debug_lvl);90 fd_log_debug(" Configuration file ..... : %s \n", fd_g_config->cnf_file);91 fd_log_debug(" Diameter Identity ...... : %s (l:%Zi) \n", fd_g_config->cnf_diamid, fd_g_config->cnf_diamid_len);92 fd_log_debug(" Diameter Realm ......... : %s (l:%Zi) \n", fd_g_config->cnf_diamrlm, fd_g_config->cnf_diamrlm_len);93 fd_log_debug(" Tc Timer ............... : %u \n", fd_g_config->cnf_timer_tc);94 fd_log_debug(" Tw Timer ............... : %u \n", fd_g_config->cnf_timer_tw);95 fd_log_debug(" Local port ............. : %hu \n", fd_g_config->cnf_port);96 fd_log_debug(" Local secure port ...... : %hu \n", fd_g_config->cnf_port_tls);97 fd_log_debug(" Number of SCTP streams . : %hu \n", fd_g_config->cnf_sctp_str);98 fd_log_debug(" Number of server threads : %hu \n", fd_g_config->cnf_dispthr);88 fd_log_debug("-- Configuration :"); 89 fd_log_debug(" Debug trace level ...... : %+d", fd_g_debug_lvl); 90 fd_log_debug(" Configuration file ..... : %s", fd_g_config->cnf_file); 91 fd_log_debug(" Diameter Identity ...... : %s (l:%Zi)", fd_g_config->cnf_diamid, fd_g_config->cnf_diamid_len); 92 fd_log_debug(" Diameter Realm ......... : %s (l:%Zi)", fd_g_config->cnf_diamrlm, fd_g_config->cnf_diamrlm_len); 93 fd_log_debug(" Tc Timer ............... : %u", fd_g_config->cnf_timer_tc); 94 fd_log_debug(" Tw Timer ............... : %u", fd_g_config->cnf_timer_tw); 95 fd_log_debug(" Local port ............. : %hu", fd_g_config->cnf_port); 96 fd_log_debug(" Local secure port ...... : %hu", fd_g_config->cnf_port_tls); 97 fd_log_debug(" Number of SCTP streams . : %hu", fd_g_config->cnf_sctp_str); 98 fd_log_debug(" Number of server threads : %hu", fd_g_config->cnf_dispthr); 99 99 if (FD_IS_LIST_EMPTY(&fd_g_config->cnf_endpoints)) { 100 fd_log_debug(" Local endpoints ........ : Default (use all available) \n");100 fd_log_debug(" Local endpoints ........ : Default (use all available)"); 101 101 } else { 102 fd_log_debug(" Local endpoints ........ : \n");102 fd_log_debug(" Local endpoints ........ : "); 103 103 fd_ep_dump( 29, &fd_g_config->cnf_endpoints ); 104 104 } 105 105 if (FD_IS_LIST_EMPTY(&fd_g_config->cnf_apps)) { 106 fd_log_debug(" Local applications ..... : (none) \n");106 fd_log_debug(" Local applications ..... : (none)"); 107 107 } else { 108 108 struct fd_list * li = fd_g_config->cnf_apps.next; … … 111 111 struct fd_app * app = (struct fd_app *)li; 112 112 if (li != fd_g_config->cnf_apps.next) fd_log_debug(" "); 113 fd_log_debug("App: %u\t%s%s\tVnd: %u \n",113 fd_log_debug("App: %u\t%s%s\tVnd: %u", 114 114 app->appid, 115 115 app->flags.auth ? "Au" : "--", … … 120 120 } 121 121 122 fd_log_debug(" Flags : - IP ........... : %s \n", fd_g_config->cnf_flags.no_ip4 ? "DISABLED" : "Enabled");123 fd_log_debug(" - IPv6 ......... : %s \n", fd_g_config->cnf_flags.no_ip6 ? "DISABLED" : "Enabled");124 fd_log_debug(" - Relay app .... : %s \n", fd_g_config->cnf_flags.no_fwd ? "DISABLED" : "Enabled");125 fd_log_debug(" - TCP .......... : %s \n", fd_g_config->cnf_flags.no_tcp ? "DISABLED" : "Enabled");122 fd_log_debug(" Flags : - IP ........... : %s", fd_g_config->cnf_flags.no_ip4 ? "DISABLED" : "Enabled"); 123 fd_log_debug(" - IPv6 ......... : %s", fd_g_config->cnf_flags.no_ip6 ? "DISABLED" : "Enabled"); 124 fd_log_debug(" - Relay app .... : %s", fd_g_config->cnf_flags.no_fwd ? "DISABLED" : "Enabled"); 125 fd_log_debug(" - TCP .......... : %s", fd_g_config->cnf_flags.no_tcp ? "DISABLED" : "Enabled"); 126 126 #ifdef DISABLE_SCTP 127 fd_log_debug(" - SCTP ......... : DISABLED (at compilation) \n");127 fd_log_debug(" - SCTP ......... : DISABLED (at compilation)"); 128 128 #else /* DISABLE_SCTP */ 129 fd_log_debug(" - SCTP ......... : %s \n", fd_g_config->cnf_flags.no_sctp ? "DISABLED" : "Enabled");129 fd_log_debug(" - SCTP ......... : %s", fd_g_config->cnf_flags.no_sctp ? "DISABLED" : "Enabled"); 130 130 #endif /* DISABLE_SCTP */ 131 fd_log_debug(" - Pref. proto .. : %s \n", fd_g_config->cnf_flags.pr_tcp ? "TCP" : "SCTP");132 fd_log_debug(" - TLS method ... : %s \n", fd_g_config->cnf_flags.tls_alg ? "INBAND" : "Separate port");133 134 fd_log_debug(" TLS : - Certificate .. : %s \n", fd_g_config->cnf_sec_data.cert_file ?: "(NONE)");135 fd_log_debug(" - Private key .. : %s \n", fd_g_config->cnf_sec_data.key_file ?: "(NONE)");136 fd_log_debug(" - CA (trust) ... : %s (%d certs) \n", fd_g_config->cnf_sec_data.ca_file ?: "(none)", fd_g_config->cnf_sec_data.ca_file_nr);137 fd_log_debug(" - CRL .......... : %s \n", fd_g_config->cnf_sec_data.crl_file ?: "(none)");138 fd_log_debug(" - Priority ..... : %s \n", fd_g_config->cnf_sec_data.prio_string ?: "(default: '" GNUTLS_DEFAULT_PRIORITY "')");131 fd_log_debug(" - Pref. proto .. : %s", fd_g_config->cnf_flags.pr_tcp ? "TCP" : "SCTP"); 132 fd_log_debug(" - TLS method ... : %s", fd_g_config->cnf_flags.tls_alg ? "INBAND" : "Separate port"); 133 134 fd_log_debug(" TLS : - Certificate .. : %s", fd_g_config->cnf_sec_data.cert_file ?: "(NONE)"); 135 fd_log_debug(" - Private key .. : %s", fd_g_config->cnf_sec_data.key_file ?: "(NONE)"); 136 fd_log_debug(" - CA (trust) ... : %s (%d certs)", fd_g_config->cnf_sec_data.ca_file ?: "(none)", fd_g_config->cnf_sec_data.ca_file_nr); 137 fd_log_debug(" - CRL .......... : %s", fd_g_config->cnf_sec_data.crl_file ?: "(none)"); 138 fd_log_debug(" - Priority ..... : %s", fd_g_config->cnf_sec_data.prio_string ?: "(default: '" GNUTLS_DEFAULT_PRIORITY "')"); 139 139 if (fd_g_config->cnf_sec_data.dh_file) 140 fd_log_debug(" - DH file ...... : %s \n", fd_g_config->cnf_sec_data.dh_file);140 fd_log_debug(" - DH file ...... : %s", fd_g_config->cnf_sec_data.dh_file); 141 141 else 142 fd_log_debug(" - DH bits ...... : %d \n", fd_g_config->cnf_sec_data.dh_bits ?: GNUTLS_DEFAULT_DHBITS);143 144 fd_log_debug(" Origin-State-Id ........ : %u \n", fd_g_config->cnf_orstateid);142 fd_log_debug(" - DH bits ...... : %d", fd_g_config->cnf_sec_data.dh_bits ?: GNUTLS_DEFAULT_DHBITS); 143 144 fd_log_debug(" Origin-State-Id ........ : %u", fd_g_config->cnf_orstateid); 145 145 } 146 146 … … 172 172 if (ferror(pemfile)) { 173 173 int err = errno; 174 TRACE_DEBUG(INFO, "An error occurred while reading file: %s \n", strerror(err));174 TRACE_DEBUG(INFO, "An error occurred while reading file: %s", strerror(err)); 175 175 return err; 176 176 } … … 201 201 gnutls_x509_crt_get_dn (cert, name, &name_size); 202 202 203 fd_log_debug("\tSubject: %s \n", name);204 fd_log_debug("\tIssuer: %s \n", issuer_name);203 fd_log_debug("\tSubject: %s", name); 204 fd_log_debug("\tIssuer: %s", issuer_name); 205 205 206 206 if (issuer != NULL) … … 209 209 gnutls_x509_crt_get_dn (issuer, issuer_name, &issuer_name_size); 210 210 211 fd_log_debug("\tVerified against: %s \n", issuer_name);211 fd_log_debug("\tVerified against: %s", issuer_name); 212 212 } 213 213 … … 217 217 gnutls_x509_crl_get_issuer_dn (crl, issuer_name, &issuer_name_size); 218 218 219 fd_log_debug("\tVerified against CRL of: %s \n", issuer_name);219 fd_log_debug("\tVerified against CRL of: %s", issuer_name); 220 220 } 221 221 222 fd_log_debug("\tVerification output: %x \n\n", verification_output);222 fd_log_debug("\tVerification output: %x", verification_output); 223 223 224 224 return 0; … … 248 248 if (fddin == NULL) { 249 249 int ret = errno; 250 TRACE_ERROR("Unable to open configuration file for reading; tried the following locations: %s%s%s; Error: %s \n",250 TRACE_ERROR("Unable to open configuration file for reading; tried the following locations: %s%s%s; Error: %s", 251 251 orig ?: "", orig? " and " : "", fd_g_config->cnf_file, strerror(ret)); 252 252 return ret; … … 349 349 char buf[1024]; 350 350 sSA_DUMP_NODE( buf, sizeof(buf), &ep->sa, NI_NUMERICHOST ); 351 fd_log_debug("Info: Removing local address conflicting with the flags no_IP / no_IP6 : %s \n", buf);351 fd_log_debug("Info: Removing local address conflicting with the flags no_IP / no_IP6 : %s", buf); 352 352 } 353 353 free(ep); … … 380 380 if (!stream) { 381 381 int err = errno; 382 TRACE_DEBUG(INFO, "An error occurred while opening '%s': %s \n", fd_g_config->cnf_sec_data.cert_file, strerror(err));382 TRACE_DEBUG(INFO, "An error occurred while opening '%s': %s", fd_g_config->cnf_sec_data.cert_file, strerror(err)); 383 383 return err; 384 384 } … … 441 441 if (output & GNUTLS_CERT_INVALID) 442 442 { 443 fd_log_debug("TLS: Local certificate chain '%s' is invalid : \n", fd_g_config->cnf_sec_data.cert_file);443 fd_log_debug("TLS: Local certificate chain '%s' is invalid :", fd_g_config->cnf_sec_data.cert_file); 444 444 if (output & GNUTLS_CERT_SIGNER_NOT_FOUND) 445 fd_log_debug(" - The certificate hasn't got a known issuer. \n");445 fd_log_debug(" - The certificate hasn't got a known issuer."); 446 446 if (output & GNUTLS_CERT_SIGNER_NOT_CA) 447 fd_log_debug(" - The certificate signer is not a CA, or uses version 1, or 3 without basic constraints. \n");447 fd_log_debug(" - The certificate signer is not a CA, or uses version 1, or 3 without basic constraints."); 448 448 if (output & GNUTLS_CERT_NOT_ACTIVATED) 449 fd_log_debug(" - The certificate is not yet activated. \n");449 fd_log_debug(" - The certificate is not yet activated."); 450 450 if (output & GNUTLS_CERT_EXPIRED) 451 fd_log_debug(" - The certificate is expired. \n");451 fd_log_debug(" - The certificate is expired."); 452 452 return EINVAL; 453 453 } … … 456 456 if (!gnutls_x509_crt_check_hostname (certs[0], fd_g_config->cnf_diamid)) 457 457 { 458 fd_log_debug("TLS: The certificate owner does not match the hostname '%s' \n", fd_g_config->cnf_diamid);458 fd_log_debug("TLS: The certificate owner does not match the hostname '%s'", fd_g_config->cnf_diamid); 459 459 return EINVAL; 460 460 } … … 484 484 485 485 if (verify) { 486 fd_log_debug("TLS: Local certificate chain '%s' is invalid : \n", fd_g_config->cnf_sec_data.cert_file);486 fd_log_debug("TLS: Local certificate chain '%s' is invalid :", fd_g_config->cnf_sec_data.cert_file); 487 487 if (verify & GNUTLS_CERT_INVALID) 488 fd_log_debug(" - The certificate is not trusted (unknown CA? expired?) \n");488 fd_log_debug(" - The certificate is not trusted (unknown CA? expired?)"); 489 489 if (verify & GNUTLS_CERT_REVOKED) 490 fd_log_debug(" - The certificate has been revoked. \n");490 fd_log_debug(" - The certificate has been revoked."); 491 491 if (verify & GNUTLS_CERT_SIGNER_NOT_FOUND) 492 fd_log_debug(" - The certificate hasn't got a known issuer. \n");492 fd_log_debug(" - The certificate hasn't got a known issuer."); 493 493 if (verify & GNUTLS_CERT_SIGNER_NOT_CA) 494 fd_log_debug(" - The certificate signer is not a CA, or uses version 1, or 3 without basic constraints. \n");494 fd_log_debug(" - The certificate signer is not a CA, or uses version 1, or 3 without basic constraints."); 495 495 if (verify & GNUTLS_CERT_INSECURE_ALGORITHM) 496 fd_log_debug(" - The certificate signature uses a weak algorithm. \n");496 fd_log_debug(" - The certificate signature uses a weak algorithm."); 497 497 return EINVAL; 498 498 } … … 500 500 /* Check the local Identity is valid with the certificate */ 501 501 if (!gnutls_x509_crt_check_hostname (certs[0], fd_g_config->cnf_diamid)) { 502 fd_log_debug("TLS: Local certificate '%s' is invalid : \n", fd_g_config->cnf_sec_data.cert_file);503 fd_log_debug(" - The certificate hostname does not match '%s' \n", fd_g_config->cnf_diamid);502 fd_log_debug("TLS: Local certificate '%s' is invalid :", fd_g_config->cnf_sec_data.cert_file); 503 fd_log_debug(" - The certificate hostname does not match '%s'", fd_g_config->cnf_diamid); 504 504 return EINVAL; 505 505 } … … 513 513 GNUTLS_TRACE( deadline = gnutls_x509_crt_get_expiration_time(certs[i]) ); 514 514 if ((deadline != (time_t)-1) && (deadline < now)) { 515 fd_log_debug("TLS: Local certificate chain '%s' is invalid : \n", fd_g_config->cnf_sec_data.cert_file);516 fd_log_debug(" - The certificate %d in the chain is expired \n", i);515 fd_log_debug("TLS: Local certificate chain '%s' is invalid :", fd_g_config->cnf_sec_data.cert_file); 516 fd_log_debug(" - The certificate %d in the chain is expired", i); 517 517 return EINVAL; 518 518 } … … 520 520 GNUTLS_TRACE( deadline = gnutls_x509_crt_get_activation_time(certs[i]) ); 521 521 if ((deadline != (time_t)-1) && (deadline > now)) { 522 fd_log_debug("TLS: Local certificate chain '%s' is invalid : \n", fd_g_config->cnf_sec_data.cert_file);523 fd_log_debug(" - The certificate %d in the chain is not yet activated \n", i);522 fd_log_debug("TLS: Local certificate chain '%s' is invalid :", fd_g_config->cnf_sec_data.cert_file); 523 fd_log_debug(" - The certificate %d in the chain is not yet activated", i); 524 524 return EINVAL; 525 525 } … … 551 551 if (!stream) { 552 552 int err = errno; 553 TRACE_DEBUG(INFO, "An error occurred while opening '%s': %s \n", fd_g_config->cnf_sec_data.dh_file, strerror(err));553 TRACE_DEBUG(INFO, "An error occurred while opening '%s': %s", fd_g_config->cnf_sec_data.dh_file, strerror(err)); 554 554 return err; 555 555 } … … 573 573 if (ferror(stream)) { 574 574 int err = errno; 575 TRACE_DEBUG(INFO, "An error occurred while reading '%s': %s \n", fd_g_config->cnf_sec_data.dh_file, strerror(err));575 TRACE_DEBUG(INFO, "An error occurred while reading '%s': %s", fd_g_config->cnf_sec_data.dh_file, strerror(err)); 576 576 return err; 577 577 }
Note: See TracChangeset
for help on using the changeset viewer.
