Changeset 974:2091bf698fb1 in freeDiameter for libfdcore/cnxctx.c
- Timestamp:
- Mar 15, 2013, 2:14:35 AM (11 years ago)
- Branch:
- default
- Phase:
- public
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
libfdcore/cnxctx.c
r961 r974 231 231 char buf[1024]; 232 232 sSA_DUMP_NODE( buf, sizeof(buf), &ss, NI_NUMERICHOST ); 233 fd_log_debug("%s : accepted new client [%s]. \n", fd_cnx_getid(serv), buf);233 fd_log_debug("%s : accepted new client [%s].", fd_cnx_getid(serv), buf); 234 234 } 235 235 … … 314 314 char buf[1024]; 315 315 sSA_DUMP_NODE_SERV( buf, sizeof(buf), sa, NI_NUMERICSERV); 316 fd_log_debug("Connection established to server '%s' (TCP:%d). \n", buf, sock);316 fd_log_debug("Connection established to server '%s' (TCP:%d).", buf, sock); 317 317 } 318 318 … … 406 406 char buf[1024]; 407 407 sSA_DUMP_NODE_SERV( buf, sizeof(buf), &primary, NI_NUMERICSERV); 408 fd_log_debug("Connection established to server '%s' (SCTP:%d, %d/%d streams). \n", buf, sock, cnx->cc_sctp_para.str_in, cnx->cc_sctp_para.str_out);408 fd_log_debug("Connection established to server '%s' (SCTP:%d, %d/%d streams).", buf, sock, cnx->cc_sctp_para.str_in, cnx->cc_sctp_para.str_out); 409 409 } 410 410 … … 857 857 { 858 858 if (TRACE_BOOL(INFO)) { 859 fd_log_debug("TLS re-handshake failed on socket %d (%s) : %s \n", conn->cc_socket, conn->cc_id, gnutls_strerror(ret));859 fd_log_debug("TLS re-handshake failed on socket %d (%s) : %s", conn->cc_socket, conn->cc_id, gnutls_strerror(ret)); 860 860 } 861 861 goto end; … … 902 902 { 903 903 if (TRACE_BOOL(INFO)) { 904 fd_log_debug("TLS re-handshake failed on socket %d (%s) : %s \n", conn->cc_socket, conn->cc_id, gnutls_strerror(ret));904 fd_log_debug("TLS re-handshake failed on socket %d (%s) : %s", conn->cc_socket, conn->cc_id, gnutls_strerror(ret)); 905 905 } 906 906 goto end; … … 1038 1038 const char * errorpos; 1039 1039 CHECK_GNUTLS_DO( gnutls_priority_set_direct( *session, priority, &errorpos ), 1040 { TRACE_DEBUG(INFO, "Error in priority string '%s' at position: '%s' \n", priority, errorpos); return EINVAL; } );1040 { TRACE_DEBUG(INFO, "Error in priority string '%s' at position: '%s'", priority, errorpos); return EINVAL; } ); 1041 1041 } else { 1042 1042 CHECK_GNUTLS_DO( gnutls_priority_set( *session, fd_g_config->cnf_sec_data.prio_cache ), return EINVAL ); … … 1075 1075 gnutls_credentials_type_t cred; 1076 1076 1077 fd_log_debug("TLS Session information for connection '%s': \n", conn->cc_id);1077 fd_log_debug("TLS Session information for connection '%s':", conn->cc_id); 1078 1078 1079 1079 /* print the key exchange's algorithm name */ 1080 1080 GNUTLS_TRACE( kx = gnutls_kx_get (session) ); 1081 1081 GNUTLS_TRACE( tmp = gnutls_kx_get_name (kx) ); 1082 fd_log_debug("\t - Key Exchange: %s \n", tmp);1082 fd_log_debug("\t - Key Exchange: %s", tmp); 1083 1083 1084 1084 /* Check the authentication type used and switch … … 1088 1088 { 1089 1089 case GNUTLS_CRD_IA: 1090 fd_log_debug("\t - TLS/IA session \n");1090 fd_log_debug("\t - TLS/IA session"); 1091 1091 break; 1092 1092 … … 1094 1094 /* This returns NULL in server side. */ 1095 1095 if (gnutls_psk_client_get_hint (session) != NULL) 1096 fd_log_debug("\t - PSK authentication. PSK hint '%s' \n",1096 fd_log_debug("\t - PSK authentication. PSK hint '%s'", 1097 1097 gnutls_psk_client_get_hint (session)); 1098 1098 /* This returns NULL in client side. */ 1099 1099 if (gnutls_psk_server_get_username (session) != NULL) 1100 fd_log_debug("\t - PSK authentication. Connected as '%s' \n",1100 fd_log_debug("\t - PSK authentication. Connected as '%s'", 1101 1101 gnutls_psk_server_get_username (session)); 1102 1102 break; 1103 1103 1104 1104 case GNUTLS_CRD_ANON: /* anonymous authentication */ 1105 fd_log_debug("\t - Anonymous DH using prime of %d bits \n",1105 fd_log_debug("\t - Anonymous DH using prime of %d bits", 1106 1106 gnutls_dh_get_prime_bits (session)); 1107 1107 break; … … 1110 1110 /* Check if we have been using ephemeral Diffie-Hellman. */ 1111 1111 if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) { 1112 fd_log_debug("\t - Ephemeral DH using prime of %d bits \n",1112 fd_log_debug("\t - Ephemeral DH using prime of %d bits", 1113 1113 gnutls_dh_get_prime_bits (session)); 1114 1114 } … … 1116 1116 #ifdef ENABLE_SRP 1117 1117 case GNUTLS_CRD_SRP: 1118 fd_log_debug("\t - SRP session with username %s \n",1118 fd_log_debug("\t - SRP session with username %s", 1119 1119 gnutls_srp_server_get_username (session)); 1120 1120 break; … … 1122 1122 1123 1123 default: 1124 fd_log_debug("\t - Different type of credentials for the session (%d). \n", cred);1124 fd_log_debug("\t - Different type of credentials for the session (%d).", cred); 1125 1125 break; 1126 1126 … … 1129 1129 /* print the protocol's name (ie TLS 1.0) */ 1130 1130 tmp = gnutls_protocol_get_name (gnutls_protocol_get_version (session)); 1131 fd_log_debug("\t - Protocol: %s \n", tmp);1131 fd_log_debug("\t - Protocol: %s", tmp); 1132 1132 1133 1133 /* print the certificate type of the peer. ie X.509 */ 1134 1134 tmp = gnutls_certificate_type_get_name (gnutls_certificate_type_get (session)); 1135 fd_log_debug("\t - Certificate Type: %s \n", tmp);1135 fd_log_debug("\t - Certificate Type: %s", tmp); 1136 1136 1137 1137 /* print the compression algorithm (if any) */ 1138 1138 tmp = gnutls_compression_get_name (gnutls_compression_get (session)); 1139 fd_log_debug("\t - Compression: %s \n", tmp);1139 fd_log_debug("\t - Compression: %s", tmp); 1140 1140 1141 1141 /* print the name of the cipher used. ie 3DES. */ 1142 1142 tmp = gnutls_cipher_get_name (gnutls_cipher_get (session)); 1143 fd_log_debug("\t - Cipher: %s \n", tmp);1143 fd_log_debug("\t - Cipher: %s", tmp); 1144 1144 1145 1145 /* Print the MAC algorithms name. ie SHA1 */ 1146 1146 tmp = gnutls_mac_get_name (gnutls_mac_get (session)); 1147 fd_log_debug("\t - MAC: %s \n", tmp);1147 fd_log_debug("\t - MAC: %s", tmp); 1148 1148 } 1149 1149 … … 1152 1152 if (gtret) { 1153 1153 if (TRACE_BOOL(INFO)) { 1154 fd_log_debug("TLS: Remote certificate invalid on socket %d (Remote: '%s')(Connection: '%s') : \n", conn->cc_socket, conn->cc_remid, conn->cc_id);1154 fd_log_debug("TLS: Remote certificate invalid on socket %d (Remote: '%s')(Connection: '%s') :", conn->cc_socket, conn->cc_remid, conn->cc_id); 1155 1155 if (gtret & GNUTLS_CERT_INVALID) 1156 fd_log_debug(" - The certificate is not trusted (unknown CA? expired?) \n");1156 fd_log_debug(" - The certificate is not trusted (unknown CA? expired?)"); 1157 1157 if (gtret & GNUTLS_CERT_REVOKED) 1158 fd_log_debug(" - The certificate has been revoked. \n");1158 fd_log_debug(" - The certificate has been revoked."); 1159 1159 if (gtret & GNUTLS_CERT_SIGNER_NOT_FOUND) 1160 fd_log_debug(" - The certificate hasn't got a known issuer. \n");1160 fd_log_debug(" - The certificate hasn't got a known issuer."); 1161 1161 if (gtret & GNUTLS_CERT_SIGNER_NOT_CA) 1162 fd_log_debug(" - The certificate signer is not a CA, or uses version 1, or 3 without basic constraints. \n");1162 fd_log_debug(" - The certificate signer is not a CA, or uses version 1, or 3 without basic constraints."); 1163 1163 if (gtret & GNUTLS_CERT_INSECURE_ALGORITHM) 1164 fd_log_debug(" - The certificate signature uses a weak algorithm. \n");1164 fd_log_debug(" - The certificate signature uses a weak algorithm."); 1165 1165 } 1166 1166 return EINVAL; … … 1184 1184 time_t expiration_time, activation_time; 1185 1185 1186 fd_log_debug("TLS Certificate information for connection '%s' (%d certs provided): \n", conn->cc_id, cert_list_size);1186 fd_log_debug("TLS Certificate information for connection '%s' (%d certs provided):", conn->cc_id, cert_list_size); 1187 1187 for (i = 0; i < cert_list_size; i++) 1188 1188 { … … 1191 1191 CHECK_GNUTLS_DO( gnutls_x509_crt_import (cert, &cert_list[i], GNUTLS_X509_FMT_DER), return EINVAL); 1192 1192 1193 fd_log_debug(" Certificate %d info: \n", i);1193 fd_log_debug(" Certificate %d info:", i); 1194 1194 1195 1195 GNUTLS_TRACE( expiration_time = gnutls_x509_crt_get_expiration_time (cert) ); … … 1203 1203 gnutls_x509_crt_get_serial (cert, serial, &size); 1204 1204 1205 fd_log_debug("\t - Certificate serial number: ");1206 1205 { 1207 1206 int j; 1207 char buf[1024]; 1208 snprintf(buf, sizeof(buf), "\t - Certificate serial number: "); 1208 1209 for (j = 0; j < size; j++) { 1209 fd_log_debug("%02.2hhx", serial[j]);1210 snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "%02.2hhx", serial[j]); 1210 1211 } 1211 }1212 fd_log_debug("\n");1212 fd_log_debug(buf); 1213 } 1213 1214 1214 1215 /* Extract some of the public key algorithm's parameters */ 1215 1216 GNUTLS_TRACE( algo = gnutls_x509_crt_get_pk_algorithm (cert, &bits) ); 1216 fd_log_debug("\t - Certificate public key: %s \n",1217 fd_log_debug("\t - Certificate public key: %s", 1217 1218 gnutls_pk_algorithm_get_name (algo)); 1218 1219 1219 1220 /* Print the version of the X.509 certificate. */ 1220 fd_log_debug("\t - Certificate version: #%d \n",1221 fd_log_debug("\t - Certificate version: #%d", 1221 1222 gnutls_x509_crt_get_version (cert)); 1222 1223 1223 1224 size = sizeof (dn); 1224 1225 GNUTLS_TRACE( gnutls_x509_crt_get_dn (cert, dn, &size) ); 1225 fd_log_debug("\t - DN: %s \n", dn);1226 fd_log_debug("\t - DN: %s", dn); 1226 1227 1227 1228 size = sizeof (dn); 1228 1229 GNUTLS_TRACE( gnutls_x509_crt_get_issuer_dn (cert, dn, &size) ); 1229 fd_log_debug("\t - Issuer's DN: %s \n", dn);1230 fd_log_debug("\t - Issuer's DN: %s", dn); 1230 1231 1231 1232 GNUTLS_TRACE( gnutls_x509_crt_deinit (cert) ); … … 1244 1245 if ((deadline != (time_t)-1) && (deadline < now)) { 1245 1246 if (TRACE_BOOL(INFO)) { 1246 fd_log_debug("TLS: Remote certificate invalid on socket %d (Remote: '%s')(Connection: '%s') : \n", conn->cc_socket, conn->cc_remid, conn->cc_id);1247 fd_log_debug(" - The certificate %d in the chain is expired \n", i);1247 fd_log_debug("TLS: Remote certificate invalid on socket %d (Remote: '%s')(Connection: '%s') :", conn->cc_socket, conn->cc_remid, conn->cc_id); 1248 fd_log_debug(" - The certificate %d in the chain is expired", i); 1248 1249 } 1249 1250 ret = EINVAL; … … 1253 1254 if ((deadline != (time_t)-1) && (deadline > now)) { 1254 1255 if (TRACE_BOOL(INFO)) { 1255 fd_log_debug("TLS: Remote certificate invalid on socket %d (Remote: '%s')(Connection: '%s') : \n", conn->cc_socket, conn->cc_remid, conn->cc_id);1256 fd_log_debug(" - The certificate %d in the chain is not yet activated \n", i);1256 fd_log_debug("TLS: Remote certificate invalid on socket %d (Remote: '%s')(Connection: '%s') :", conn->cc_socket, conn->cc_remid, conn->cc_id); 1257 fd_log_debug(" - The certificate %d in the chain is not yet activated", i); 1257 1258 } 1258 1259 ret = EINVAL; … … 1262 1263 if (!gnutls_x509_crt_check_hostname (cert, conn->cc_tls_para.cn)) { 1263 1264 if (TRACE_BOOL(INFO)) { 1264 fd_log_debug("TLS: Remote certificate invalid on socket %d (Remote: '%s')(Connection: '%s') : \n", conn->cc_socket, conn->cc_remid, conn->cc_id);1265 fd_log_debug(" - The certificate hostname does not match '%s' \n", conn->cc_tls_para.cn);1265 fd_log_debug("TLS: Remote certificate invalid on socket %d (Remote: '%s')(Connection: '%s') :", conn->cc_socket, conn->cc_remid, conn->cc_id); 1266 fd_log_debug(" - The certificate hostname does not match '%s'", conn->cc_tls_para.cn); 1266 1267 } 1267 1268 ret = EINVAL; … … 1302 1303 dhe = ecdh = 0; 1303 1304 1304 fd_log_debug("TLS Session information for connection '%s': \n", conn->cc_id);1305 fd_log_debug("TLS Session information for connection '%s':", conn->cc_id); 1305 1306 1306 1307 /* print the key exchange's algorithm name … … 1308 1309 GNUTLS_TRACE( kx = gnutls_kx_get (session) ); 1309 1310 GNUTLS_TRACE( tmp = gnutls_kx_get_name (kx) ); 1310 fd_log_debug("\t- Key Exchange: %s \n", tmp);1311 fd_log_debug("\t- Key Exchange: %s", tmp); 1311 1312 1312 1313 /* Check the authentication type used and switch … … 1317 1318 { 1318 1319 case GNUTLS_CRD_IA: 1319 fd_log_debug("\t - TLS/IA session \n");1320 fd_log_debug("\t - TLS/IA session"); 1320 1321 break; 1321 1322 … … 1323 1324 #if (defined(ENABLE_SRP) || defined(GNUTLS_VERSION_300)) 1324 1325 case GNUTLS_CRD_SRP: 1325 fd_log_debug("\t - SRP session with username %s \n",1326 fd_log_debug("\t - SRP session with username %s", 1326 1327 gnutls_srp_server_get_username (session)); 1327 1328 break; … … 1332 1333 */ 1333 1334 if (gnutls_psk_client_get_hint (session) != NULL) 1334 fd_log_debug("\t - PSK authentication. PSK hint '%s' \n",1335 fd_log_debug("\t - PSK authentication. PSK hint '%s'", 1335 1336 gnutls_psk_client_get_hint (session)); 1336 1337 /* This returns NULL in client side. 1337 1338 */ 1338 1339 if (gnutls_psk_server_get_username (session) != NULL) 1339 fd_log_debug("\t - PSK authentication. Connected as '%s' \n",1340 fd_log_debug("\t - PSK authentication. Connected as '%s'", 1340 1341 gnutls_psk_server_get_username (session)); 1341 1342 … … 1347 1348 1348 1349 case GNUTLS_CRD_ANON: /* anonymous authentication */ 1349 fd_log_debug("\t - Anonymous DH using prime of %d bits \n",1350 fd_log_debug("\t - Anonymous DH using prime of %d bits", 1350 1351 gnutls_dh_get_prime_bits (session)); 1351 1352 if (kx == GNUTLS_KX_ANON_ECDH) … … 1370 1371 cert_list = gnutls_certificate_get_peers (session, &cert_list_size); 1371 1372 1372 fd_log_debug("\t Peer provided %d certificates. \n", cert_list_size);1373 fd_log_debug("\t Peer provided %d certificates.", cert_list_size); 1373 1374 1374 1375 if (cert_list_size > 0) … … 1382 1383 gnutls_x509_crt_import (cert, &cert_list[0], GNUTLS_X509_FMT_DER); 1383 1384 1384 fd_log_debug("\t Certificate info: \n");1385 fd_log_debug("\t Certificate info:"); 1385 1386 1386 1387 /* This is the preferred way of printing short information about … … 1390 1391 if (ret == 0) 1391 1392 { 1392 fd_log_debug("\t\t%s \n", cinfo.data);1393 fd_log_debug("\t\t%s", cinfo.data); 1393 1394 gnutls_free (cinfo.data); 1394 1395 } … … 1396 1397 if (conn->cc_tls_para.cn) { 1397 1398 if (!gnutls_x509_crt_check_hostname (cert, conn->cc_tls_para.cn)) { 1398 fd_log_debug("\tTLS: Remote certificate invalid on socket %d (Remote: '%s')(Connection: '%s') : \n", conn->cc_socket, conn->cc_remid, conn->cc_id);1399 fd_log_debug("\t - The certificate hostname does not match '%s' \n", conn->cc_tls_para.cn);1399 fd_log_debug("\tTLS: Remote certificate invalid on socket %d (Remote: '%s')(Connection: '%s') :", conn->cc_socket, conn->cc_remid, conn->cc_id); 1400 fd_log_debug("\t - The certificate hostname does not match '%s'", conn->cc_tls_para.cn); 1400 1401 gnutls_x509_crt_deinit (cert); 1401 1402 return GNUTLS_E_CERTIFICATE_ERROR; … … 1415 1416 1416 1417 if (ecdh != 0) 1417 fd_log_debug("\t - Ephemeral ECDH using curve %s \n",1418 fd_log_debug("\t - Ephemeral ECDH using curve %s", 1418 1419 gnutls_ecc_curve_get_name (gnutls_ecc_curve_get (session))); 1419 1420 else if (dhe != 0) 1420 fd_log_debug("\t - Ephemeral DH using prime of %d bits \n",1421 fd_log_debug("\t - Ephemeral DH using prime of %d bits", 1421 1422 gnutls_dh_get_prime_bits (session)); 1422 1423 … … 1424 1425 */ 1425 1426 tmp = gnutls_protocol_get_name (gnutls_protocol_get_version (session)); 1426 fd_log_debug("\t - Protocol: %s \n", tmp);1427 fd_log_debug("\t - Protocol: %s", tmp); 1427 1428 1428 1429 /* print the certificate type of the peer. … … 1430 1431 */ 1431 1432 tmp = gnutls_certificate_type_get_name (gnutls_certificate_type_get (session)); 1432 fd_log_debug("\t - Certificate Type: %s \n", tmp);1433 fd_log_debug("\t - Certificate Type: %s", tmp); 1433 1434 1434 1435 /* print the compression algorithm (if any) 1435 1436 */ 1436 1437 tmp = gnutls_compression_get_name (gnutls_compression_get (session)); 1437 fd_log_debug("\t - Compression: %s \n", tmp);1438 fd_log_debug("\t - Compression: %s", tmp); 1438 1439 1439 1440 /* print the name of the cipher used. … … 1441 1442 */ 1442 1443 tmp = gnutls_cipher_get_name (gnutls_cipher_get (session)); 1443 fd_log_debug("\t - Cipher: %s \n", tmp);1444 fd_log_debug("\t - Cipher: %s", tmp); 1444 1445 1445 1446 /* Print the MAC algorithms name. … … 1447 1448 */ 1448 1449 tmp = gnutls_mac_get_name (gnutls_mac_get (session)); 1449 fd_log_debug("\t - MAC: %s \n", tmp);1450 fd_log_debug("\t - MAC: %s", tmp); 1450 1451 1451 1452 } … … 1456 1457 CHECK_GNUTLS_DO( gnutls_certificate_verify_peers2 (session, &status), return GNUTLS_E_CERTIFICATE_ERROR ); 1457 1458 if (TRACE_BOOL(INFO) && (status & GNUTLS_CERT_INVALID)) { 1458 fd_log_debug("TLS: Remote certificate invalid on socket %d (Remote: '%s')(Connection: '%s') : \n", conn->cc_socket, conn->cc_remid, conn->cc_id);1459 fd_log_debug("TLS: Remote certificate invalid on socket %d (Remote: '%s')(Connection: '%s') :", conn->cc_socket, conn->cc_remid, conn->cc_id); 1459 1460 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) 1460 fd_log_debug(" - The certificate hasn't got a known issuer. \n");1461 fd_log_debug(" - The certificate hasn't got a known issuer."); 1461 1462 1462 1463 if (status & GNUTLS_CERT_REVOKED) 1463 fd_log_debug(" - The certificate has been revoked. \n");1464 fd_log_debug(" - The certificate has been revoked."); 1464 1465 1465 1466 if (status & GNUTLS_CERT_EXPIRED) 1466 fd_log_debug(" - The certificate has expired. \n");1467 fd_log_debug(" - The certificate has expired."); 1467 1468 1468 1469 if (status & GNUTLS_CERT_NOT_ACTIVATED) 1469 fd_log_debug(" - The certificate is not yet activated. \n");1470 fd_log_debug(" - The certificate is not yet activated."); 1470 1471 } 1471 1472 if (status & GNUTLS_CERT_INVALID) … … 1480 1481 if ((!hostname_verified) && (conn->cc_tls_para.cn)) { 1481 1482 if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509) { 1482 TRACE_DEBUG(INFO, "TLS: Remote credentials are not x509, rejected on socket %d (Remote: '%s')(Connection: '%s') : \n", conn->cc_socket, conn->cc_remid, conn->cc_id);1483 TRACE_DEBUG(INFO, "TLS: Remote credentials are not x509, rejected on socket %d (Remote: '%s')(Connection: '%s') :", conn->cc_socket, conn->cc_remid, conn->cc_id); 1483 1484 return GNUTLS_E_CERTIFICATE_ERROR; 1484 1485 } … … 1493 1494 if (!gnutls_x509_crt_check_hostname (cert, conn->cc_tls_para.cn)) { 1494 1495 if (TRACE_BOOL(INFO)) { 1495 fd_log_debug("TLS: Remote certificate invalid on socket %d (Remote: '%s')(Connection: '%s') : \n", conn->cc_socket, conn->cc_remid, conn->cc_id);1496 fd_log_debug(" - The certificate hostname does not match '%s' \n", conn->cc_tls_para.cn);1496 fd_log_debug("TLS: Remote certificate invalid on socket %d (Remote: '%s')(Connection: '%s') :", conn->cc_socket, conn->cc_remid, conn->cc_id); 1497 fd_log_debug(" - The certificate hostname does not match '%s'", conn->cc_tls_para.cn); 1497 1498 } 1498 1499 gnutls_x509_crt_deinit (cert); … … 1573 1574 { 1574 1575 if (TRACE_BOOL(INFO)) { 1575 fd_log_debug("TLS Handshake failed on socket %d (%s) : %s \n", conn->cc_socket, conn->cc_id, gnutls_strerror(ret));1576 fd_log_debug("TLS Handshake failed on socket %d (%s) : %s", conn->cc_socket, conn->cc_id, gnutls_strerror(ret)); 1576 1577 } 1577 1578 fd_cnx_markerror(conn);
Note: See TracChangeset
for help on using the changeset viewer.