Silence openssl messages, use export SU_DEBUG=1 to get them back (part 1 of 2)
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@7291 d0543943-73ff-0310-b7d9-9358b9ac24b2
This commit is contained in:
Stefan Knoblich
parent
b3e0e29f8a
commit
a2812ea15a
|
|
@ -50,6 +50,7 @@
|
||||||
#include <sofia-sip/su_types.h>
|
#include <sofia-sip/su_types.h>
|
||||||
#include <sofia-sip/su.h>
|
#include <sofia-sip/su.h>
|
||||||
#include <sofia-sip/su_wait.h>
|
#include <sofia-sip/su_wait.h>
|
||||||
|
#include <sofia-sip/su_debug.h>
|
||||||
|
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
|
@ -127,17 +128,17 @@ int tls_verify_cb(int ok, X509_STORE_CTX *store)
|
||||||
|
|
||||||
#if nomore
|
#if nomore
|
||||||
509_NAME_oneline(X509_get_subject_name(cert), data, 256);
|
509_NAME_oneline(X509_get_subject_name(cert), data, 256);
|
||||||
fprintf(stderr,"depth=%d %s\n",depth,data);
|
SU_DEBUG_1(("depth=%d %s\n",depth,data));
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (!ok)
|
if (!ok)
|
||||||
{
|
{
|
||||||
fprintf(stderr, "-Error with certificate at depth: %i\n", depth);
|
SU_DEBUG_1(("-Error with certificate at depth: %i\n", depth));
|
||||||
X509_NAME_oneline(X509_get_issuer_name(cert), data, 256);
|
X509_NAME_oneline(X509_get_issuer_name(cert), data, 256);
|
||||||
fprintf(stderr, " issuer = %s\n", data);
|
SU_DEBUG_1((" issuer = %s\n", data));
|
||||||
X509_NAME_oneline(X509_get_subject_name(cert), data, 256);
|
X509_NAME_oneline(X509_get_subject_name(cert), data, 256);
|
||||||
fprintf(stderr, " subject = %s\n", data);
|
SU_DEBUG_1((" subject = %s\n", data));
|
||||||
fprintf(stderr, " err %i:%s\n", err, X509_verify_cert_error_string(err));
|
SU_DEBUG_1((" err %i:%s\n", err, X509_verify_cert_error_string(err)));
|
||||||
}
|
}
|
||||||
|
|
||||||
return 1; /* Always return "ok" */
|
return 1; /* Always return "ok" */
|
||||||
|
|
@ -156,8 +157,8 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti)
|
||||||
if (ti->randFile &&
|
if (ti->randFile &&
|
||||||
!RAND_load_file(ti->randFile, 1024 * 1024)) {
|
!RAND_load_file(ti->randFile, 1024 * 1024)) {
|
||||||
if (ti->configured > 1) {
|
if (ti->configured > 1) {
|
||||||
BIO_printf(tls->bio_err, "%s: cannot open randFile %s\n",
|
SU_DEBUG_1(("%s: cannot open randFile %s\n",
|
||||||
"tls_init_context", ti->randFile);
|
"tls_init_context", ti->randFile));
|
||||||
ERR_print_errors(tls->bio_err);
|
ERR_print_errors(tls->bio_err);
|
||||||
}
|
}
|
||||||
/* errno = EIO; */
|
/* errno = EIO; */
|
||||||
|
|
@ -197,8 +198,8 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti)
|
||||||
ti->cert,
|
ti->cert,
|
||||||
SSL_FILETYPE_PEM)) {
|
SSL_FILETYPE_PEM)) {
|
||||||
if (ti->configured > 0) {
|
if (ti->configured > 0) {
|
||||||
BIO_printf(tls->bio_err, "%s: invalid certificate: %s\n",
|
SU_DEBUG_1(("%s: invalid certificate: %s\n",
|
||||||
"tls_init_context", ti->cert);
|
"tls_init_context", ti->cert));
|
||||||
ERR_print_errors(tls->bio_err);
|
ERR_print_errors(tls->bio_err);
|
||||||
#if require_client_certificate
|
#if require_client_certificate
|
||||||
errno = EIO;
|
errno = EIO;
|
||||||
|
|
@ -221,8 +222,7 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti)
|
||||||
|
|
||||||
if (!SSL_CTX_check_private_key(tls->ctx)) {
|
if (!SSL_CTX_check_private_key(tls->ctx)) {
|
||||||
if (ti->configured > 0) {
|
if (ti->configured > 0) {
|
||||||
BIO_printf(tls->bio_err,
|
SU_DEBUG_1(("Private key does not match the certificate public key\n"));
|
||||||
"Private key does not match the certificate public key\n");
|
|
||||||
}
|
}
|
||||||
#if require_client_certificate
|
#if require_client_certificate
|
||||||
errno = EIO;
|
errno = EIO;
|
||||||
|
|
@ -247,7 +247,7 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti)
|
||||||
tls_verify_cb);
|
tls_verify_cb);
|
||||||
|
|
||||||
if (!SSL_CTX_set_cipher_list(tls->ctx, ti->cipher)) {
|
if (!SSL_CTX_set_cipher_list(tls->ctx, ti->cipher)) {
|
||||||
BIO_printf(tls->bio_err,"error setting cipher list\n");
|
SU_DEBUG_1(("error setting cipher list\n"));
|
||||||
ERR_print_errors(tls->bio_err);
|
ERR_print_errors(tls->bio_err);
|
||||||
errno = EIO;
|
errno = EIO;
|
||||||
return -1;
|
return -1;
|
||||||
|
|
@ -331,7 +331,7 @@ tls_t *tls_init_master(tls_issues_t *ti)
|
||||||
tls->bio_con = BIO_new_socket(sock, BIO_NOCLOSE);
|
tls->bio_con = BIO_new_socket(sock, BIO_NOCLOSE);
|
||||||
|
|
||||||
if (tls->bio_con == NULL) {
|
if (tls->bio_con == NULL) {
|
||||||
BIO_printf(tls->bio_err, "tls_init_master: BIO_new_socket failed\n");
|
SU_DEBUG_1(("tls_init_master: BIO_new_socket failed\n"));
|
||||||
ERR_print_errors(tls->bio_err);
|
ERR_print_errors(tls->bio_err);
|
||||||
tls_free(tls);
|
tls_free(tls);
|
||||||
errno = EIO;
|
errno = EIO;
|
||||||
|
|
@ -361,9 +361,9 @@ int tls_accept(tls_t *tls)
|
||||||
return errno = EAGAIN, tls->read_events = SU_WAIT_OUT, 0;
|
return errno = EAGAIN, tls->read_events = SU_WAIT_OUT, 0;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
BIO_printf(tls->bio_err, "SSL_connect failed: %d %s\n",
|
SU_DEBUG_1(("SSL_connect failed: %d %s\n",
|
||||||
err,
|
err,
|
||||||
ERR_error_string(err, NULL));
|
ERR_error_string(err, NULL)));
|
||||||
ERR_print_errors(tls->bio_err);
|
ERR_print_errors(tls->bio_err);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
@ -372,9 +372,9 @@ int tls_accept(tls_t *tls)
|
||||||
verify_result = SSL_get_verify_result(tls->con);
|
verify_result = SSL_get_verify_result(tls->con);
|
||||||
|
|
||||||
if (verify_result != X509_V_OK) {
|
if (verify_result != X509_V_OK) {
|
||||||
BIO_printf(tls->bio_err,
|
SU_DEBUG_1((
|
||||||
"Client certificate doesn't verify: %s\n",
|
"Client certificate doesn't verify: %s\n",
|
||||||
X509_verify_cert_error_string(verify_result));
|
X509_verify_cert_error_string(verify_result)));
|
||||||
#if 0
|
#if 0
|
||||||
tls_free(tls);
|
tls_free(tls);
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
@ -382,7 +382,7 @@ int tls_accept(tls_t *tls)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (SSL_get_peer_certificate(tls->con) == NULL) {
|
if (SSL_get_peer_certificate(tls->con) == NULL) {
|
||||||
BIO_printf(tls->bio_err, "Client didn't send certificate\n");
|
SU_DEBUG_1(("Client didn't send certificate\n"));
|
||||||
#if 0
|
#if 0
|
||||||
tls_free(tls);
|
tls_free(tls);
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
@ -413,7 +413,7 @@ tls_t *tls_clone(tls_t *master, int sock, int accept)
|
||||||
tls->con = SSL_new(tls->ctx);
|
tls->con = SSL_new(tls->ctx);
|
||||||
|
|
||||||
if (tls->con == NULL) {
|
if (tls->con == NULL) {
|
||||||
BIO_printf(tls->bio_err, "tls_clone: SSL_new failed\n");
|
SU_DEBUG_1(("tls_clone: SSL_new failed\n"));
|
||||||
ERR_print_errors(tls->bio_err);
|
ERR_print_errors(tls->bio_err);
|
||||||
tls_free(tls);
|
tls_free(tls);
|
||||||
errno = EIO;
|
errno = EIO;
|
||||||
|
|
@ -594,8 +594,8 @@ int tls_error(tls_t *tls, int ret, char const *who, char const *operation,
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
BIO_printf(tls->bio_err, "%s: %s failed (%d): %s\n",
|
SU_DEBUG_1(("%s: %s failed (%d): %s\n",
|
||||||
who, operation, err, ERR_error_string(err, errorbuf));
|
who, operation, err, ERR_error_string(err, errorbuf)));
|
||||||
ERR_print_errors(tls->bio_err);
|
ERR_print_errors(tls->bio_err);
|
||||||
errno = EIO;
|
errno = EIO;
|
||||||
return -1;
|
return -1;
|
||||||
|
|
@ -623,9 +623,9 @@ ssize_t tls_read(tls_t *tls)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (0)
|
if (0)
|
||||||
fprintf(stderr, "tls_read(%p) called on %s (events %u)\n", (void *)tls,
|
SU_DEBUG_1(("tls_read(%p) called on %s (events %u)\n", (void *)tls,
|
||||||
tls->type == tls_slave ? "server" : "client",
|
tls->type == tls_slave ? "server" : "client",
|
||||||
tls->read_events);
|
tls->read_events));
|
||||||
|
|
||||||
if (tls->read_buffer_len)
|
if (tls->read_buffer_len)
|
||||||
return (ssize_t)tls->read_buffer_len;
|
return (ssize_t)tls->read_buffer_len;
|
||||||
|
|
@ -643,9 +643,9 @@ ssize_t tls_read(tls_t *tls)
|
||||||
err != SSL_ERROR_SYSCALL &&
|
err != SSL_ERROR_SYSCALL &&
|
||||||
err != SSL_ERROR_WANT_WRITE &&
|
err != SSL_ERROR_WANT_WRITE &&
|
||||||
err != SSL_ERROR_WANT_READ) {
|
err != SSL_ERROR_WANT_READ) {
|
||||||
BIO_printf(tls->bio_err,
|
SU_DEBUG_1((
|
||||||
"%s: server certificate doesn't verify\n",
|
"%s: server certificate doesn't verify\n",
|
||||||
"tls_read");
|
"tls_read"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -695,9 +695,9 @@ ssize_t tls_write(tls_t *tls, void *buf, size_t size)
|
||||||
ssize_t ret;
|
ssize_t ret;
|
||||||
|
|
||||||
if (0)
|
if (0)
|
||||||
fprintf(stderr, "tls_write(%p, %p, "MOD_ZU") called on %s\n",
|
SU_DEBUG_1(("tls_write(%p, %p, "MOD_ZU") called on %s\n",
|
||||||
(void *)tls, buf, size,
|
(void *)tls, buf, size,
|
||||||
tls && tls->type == tls_slave ? "server" : "client");
|
tls && tls->type == tls_slave ? "server" : "client"));
|
||||||
|
|
||||||
if (tls == NULL || buf == NULL) {
|
if (tls == NULL || buf == NULL) {
|
||||||
errno = EINVAL;
|
errno = EINVAL;
|
||||||
|
|
@ -731,8 +731,8 @@ ssize_t tls_write(tls_t *tls, void *buf, size_t size)
|
||||||
|
|
||||||
if (!tls->verified) {
|
if (!tls->verified) {
|
||||||
if (tls_post_connection_check(tls) != X509_V_OK) {
|
if (tls_post_connection_check(tls) != X509_V_OK) {
|
||||||
BIO_printf(tls->bio_err,
|
SU_DEBUG_1((
|
||||||
"tls_read: server certificate doesn't verify\n");
|
"tls_read: server certificate doesn't verify\n"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue