Changeset 403:26aafbbc1640 in freeDiameter for freeDiameter/cnxctx.c
- Timestamp:
- Jul 8, 2010, 2:24:19 PM (14 years ago)
- Branch:
- default
- Phase:
- public
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
freeDiameter/cnxctx.c
r402 r403 162 162 #else /* DISABLE_SCTP */ 163 163 struct cnxctx * cnx = NULL; 164 sSS dummy;165 sSA * sa = (sSA *) &dummy;166 164 167 165 TRACE_ENTRY("%hu %p", port, ep_list); … … 224 222 socklen_t ss_len = sizeof(ss); 225 223 int cli_sock = 0; 226 struct fd_endpoint * ep;227 224 228 225 TRACE_ENTRY("%p", serv); … … 988 985 int fd_tls_verify_credentials(gnutls_session_t session, struct cnxctx * conn, int verbose) 989 986 { 990 int ret, i; 987 int i; 988 unsigned int gtret; 991 989 const gnutls_datum_t *cert_list; 992 990 unsigned int cert_list_size; … … 1018 1016 fd_log_debug("\t - TLS/IA session\n"); 1019 1017 break; 1020 1021 1022 #ifdef ENABLE_SRP1023 case GNUTLS_CRD_SRP:1024 fd_log_debug("\t - SRP session with username %s\n",1025 gnutls_srp_server_get_username (session));1026 break;1027 #endif1028 1018 1029 1019 case GNUTLS_CRD_PSK: … … 1049 1039 gnutls_dh_get_prime_bits (session)); 1050 1040 } 1041 break; 1042 1043 case GNUTLS_CRD_SRP: 1044 fd_log_debug("\t - SRP session with username %s\n", 1045 gnutls_srp_server_get_username (session)); 1046 break; 1047 1048 default: 1049 fd_log_debug("\t - Different type of credentials for the session (%d).\n", cred); 1050 break; 1051 1051 1052 } 1052 1053 … … 1073 1074 1074 1075 /* First, use built-in verification */ 1075 CHECK_GNUTLS_DO( gnutls_certificate_verify_peers2 (session, & ret), return EINVAL );1076 if ( ret) {1076 CHECK_GNUTLS_DO( gnutls_certificate_verify_peers2 (session, >ret), return EINVAL ); 1077 if (gtret) { 1077 1078 if (TRACE_BOOL(INFO)) { 1078 1079 fd_log_debug("TLS: Remote certificate invalid on socket %d (Remote: '%s')(Connection: '%s') :\n", conn->cc_socket, conn->cc_remid, conn->cc_id); 1079 if ( ret & GNUTLS_CERT_INVALID)1080 if (gtret & GNUTLS_CERT_INVALID) 1080 1081 fd_log_debug(" - The certificate is not trusted (unknown CA? expired?)\n"); 1081 if ( ret & GNUTLS_CERT_REVOKED)1082 if (gtret & GNUTLS_CERT_REVOKED) 1082 1083 fd_log_debug(" - The certificate has been revoked.\n"); 1083 if ( ret & GNUTLS_CERT_SIGNER_NOT_FOUND)1084 if (gtret & GNUTLS_CERT_SIGNER_NOT_FOUND) 1084 1085 fd_log_debug(" - The certificate hasn't got a known issuer.\n"); 1085 if ( ret & GNUTLS_CERT_SIGNER_NOT_CA)1086 if (gtret & GNUTLS_CERT_SIGNER_NOT_CA) 1086 1087 fd_log_debug(" - The certificate signer is not a CA, or uses version 1, or 3 without basic constraints.\n"); 1087 if ( ret & GNUTLS_CERT_INSECURE_ALGORITHM)1088 if (gtret & GNUTLS_CERT_INSECURE_ALGORITHM) 1088 1089 fd_log_debug(" - The certificate signature uses a weak algorithm.\n"); 1089 1090 }
Note: See TracChangeset
for help on using the changeset viewer.