diff options
author | Christian Grothoff <christian@grothoff.org> | 2018-03-08 16:42:53 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2018-03-08 16:43:05 +0100 |
commit | da76b1b40e8a4492dfdffe6cd6201c13db1b5a24 (patch) | |
tree | 6005c7cb239d3d916f9f2e5e7878c0c51a04959d /src/gns | |
parent | 174fbee08315672dae1e9dae6df75eeab24808ac (diff) | |
download | gnunet-da76b1b40e8a4492dfdffe6cd6201c13db1b5a24.tar.gz gnunet-da76b1b40e8a4492dfdffe6cd6201c13db1b5a24.zip |
SSL->TLS / X.509 in log messages and comments, remove unnecessary check
Diffstat (limited to 'src/gns')
-rw-r--r-- | src/gns/gnunet-gns-proxy.c | 46 |
1 files changed, 15 insertions, 31 deletions
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c index ce06ccebe..8b9aa599e 100644 --- a/src/gns/gnunet-gns-proxy.c +++ b/src/gns/gnunet-gns-proxy.c | |||
@@ -88,7 +88,7 @@ | |||
88 | #define MAX_PEM_SIZE (10 * 1024) | 88 | #define MAX_PEM_SIZE (10 * 1024) |
89 | 89 | ||
90 | /** | 90 | /** |
91 | * After how long do we clean up unused MHD SSL/TLS instances? | 91 | * After how long do we clean up unused MHD TLS instances? |
92 | */ | 92 | */ |
93 | #define MHD_CACHE_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5) | 93 | #define MHD_CACHE_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5) |
94 | 94 | ||
@@ -343,7 +343,7 @@ struct MhdHttpList | |||
343 | struct MhdHttpList *next; | 343 | struct MhdHttpList *next; |
344 | 344 | ||
345 | /** | 345 | /** |
346 | * the domain name to server (only important for SSL) | 346 | * the domain name to server (only important for TLS) |
347 | */ | 347 | */ |
348 | char *domain; | 348 | char *domain; |
349 | 349 | ||
@@ -528,7 +528,7 @@ struct Socks5Request | |||
528 | struct MHD_Response *response; | 528 | struct MHD_Response *response; |
529 | 529 | ||
530 | /** | 530 | /** |
531 | * the domain name to server (only important for SSL) | 531 | * the domain name to server (only important for TLS) |
532 | */ | 532 | */ |
533 | char *domain; | 533 | char *domain; |
534 | 534 | ||
@@ -613,7 +613,7 @@ struct Socks5Request | |||
613 | struct HttpResponseHeader *header_tail; | 613 | struct HttpResponseHeader *header_tail; |
614 | 614 | ||
615 | /** | 615 | /** |
616 | * SSL Certificate status | 616 | * X.509 Certificate status |
617 | */ | 617 | */ |
618 | int ssl_checked; | 618 | int ssl_checked; |
619 | 619 | ||
@@ -689,7 +689,7 @@ static struct MhdHttpList *mhd_httpd_head; | |||
689 | static struct MhdHttpList *mhd_httpd_tail; | 689 | static struct MhdHttpList *mhd_httpd_tail; |
690 | 690 | ||
691 | /** | 691 | /** |
692 | * Daemon for HTTP (we have one per SSL certificate, and then one for | 692 | * Daemon for HTTP (we have one per X.509 certificate, and then one for |
693 | * all HTTP connections; this is the one for HTTP, not HTTPS). | 693 | * all HTTP connections; this is the one for HTTP, not HTTPS). |
694 | */ | 694 | */ |
695 | static struct MhdHttpList *httpd; | 695 | static struct MhdHttpList *httpd; |
@@ -705,7 +705,7 @@ static struct Socks5Request *s5r_head; | |||
705 | static struct Socks5Request *s5r_tail; | 705 | static struct Socks5Request *s5r_tail; |
706 | 706 | ||
707 | /** | 707 | /** |
708 | * The CA for SSL certificate generation | 708 | * The CA for X.509 certificate generation |
709 | */ | 709 | */ |
710 | static struct ProxyCA proxy_ca; | 710 | static struct ProxyCA proxy_ca; |
711 | 711 | ||
@@ -877,7 +877,7 @@ mhd_content_cb (void *cls, | |||
877 | 877 | ||
878 | 878 | ||
879 | /** | 879 | /** |
880 | * Check that the website has presented us with a valid SSL certificate. | 880 | * Check that the website has presented us with a valid X.509 certificate. |
881 | * The certificate must either match the domain name or the LEHO name | 881 | * The certificate must either match the domain name or the LEHO name |
882 | * (or, if available, the TLSA record). | 882 | * (or, if available, the TLSA record). |
883 | * | 883 | * |
@@ -898,7 +898,7 @@ check_ssl_certificate (struct Socks5Request *s5r) | |||
898 | 898 | ||
899 | s5r->ssl_checked = GNUNET_YES; | 899 | s5r->ssl_checked = GNUNET_YES; |
900 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 900 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
901 | "Checking SSL certificate\n"); | 901 | "Checking X.509 certificate\n"); |
902 | if (CURLE_OK != | 902 | if (CURLE_OK != |
903 | curl_easy_getinfo (s5r->curl, | 903 | curl_easy_getinfo (s5r->curl, |
904 | CURLINFO_TLS_SESSION, | 904 | CURLINFO_TLS_SESSION, |
@@ -907,7 +907,7 @@ check_ssl_certificate (struct Socks5Request *s5r) | |||
907 | if (CURLSSLBACKEND_GNUTLS != tlsinfo->backend) | 907 | if (CURLSSLBACKEND_GNUTLS != tlsinfo->backend) |
908 | { | 908 | { |
909 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 909 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
910 | _("Unsupported CURL SSL backend %d\n"), | 910 | _("Unsupported CURL TLS backend %d\n"), |
911 | tlsinfo->backend); | 911 | tlsinfo->backend); |
912 | return GNUNET_SYSERR; | 912 | return GNUNET_SYSERR; |
913 | } | 913 | } |
@@ -1015,7 +1015,7 @@ check_ssl_certificate (struct Socks5Request *s5r) | |||
1015 | name))) | 1015 | name))) |
1016 | { | 1016 | { |
1017 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 1017 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
1018 | _("SSL certificate subject name (%s) does not match `%s'\n"), | 1018 | _("TLS certificate subject name (%s) does not match `%s'\n"), |
1019 | certdn, | 1019 | certdn, |
1020 | name); | 1020 | name); |
1021 | gnutls_x509_crt_deinit (x509_cert); | 1021 | gnutls_x509_crt_deinit (x509_cert); |
@@ -1068,7 +1068,7 @@ curl_check_hdr (void *buffer, | |||
1068 | 1068 | ||
1069 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1069 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1070 | "Receiving HTTP response header from CURL\n"); | 1070 | "Receiving HTTP response header from CURL\n"); |
1071 | /* first, check SSL certificate */ | 1071 | /* first, check TLS certificate */ |
1072 | if ( (GNUNET_YES != s5r->ssl_checked) && | 1072 | if ( (GNUNET_YES != s5r->ssl_checked) && |
1073 | (HTTPS_PORT == s5r->port)) | 1073 | (HTTPS_PORT == s5r->port)) |
1074 | { | 1074 | { |
@@ -2382,7 +2382,7 @@ generate_gns_certificate (const char *name) | |||
2382 | struct ProxyGNSCertificate *pgc; | 2382 | struct ProxyGNSCertificate *pgc; |
2383 | 2383 | ||
2384 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 2384 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
2385 | "Generating TLS/SSL certificate for `%s'\n", | 2385 | "Generating x.509 certificate for `%s'\n", |
2386 | name); | 2386 | name); |
2387 | GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_init (&request)); | 2387 | GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_init (&request)); |
2388 | GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_set_key (request, proxy_ca.key)); | 2388 | GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_set_key (request, proxy_ca.key)); |
@@ -2439,9 +2439,9 @@ mhd_error_log_callback (void *cls, | |||
2439 | 2439 | ||
2440 | 2440 | ||
2441 | /** | 2441 | /** |
2442 | * Lookup (or create) an SSL MHD instance for a particular domain. | 2442 | * Lookup (or create) an TLS MHD instance for a particular domain. |
2443 | * | 2443 | * |
2444 | * @param domain the domain the SSL daemon has to serve | 2444 | * @param domain the domain the TLS daemon has to serve |
2445 | * @return NULL on error | 2445 | * @return NULL on error |
2446 | */ | 2446 | */ |
2447 | static struct MhdHttpList * | 2447 | static struct MhdHttpList * |
@@ -2932,14 +2932,6 @@ do_s5r_read (void *cls) | |||
2932 | struct sockaddr_in *in; | 2932 | struct sockaddr_in *in; |
2933 | 2933 | ||
2934 | s5r->port = ntohs (*port); | 2934 | s5r->port = ntohs (*port); |
2935 | if (HTTPS_PORT == s5r->port) | ||
2936 | { | ||
2937 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2938 | _("SSL connection to plain IPv4 address requested\n")); | ||
2939 | signal_socks_failure (s5r, | ||
2940 | SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE); | ||
2941 | return; | ||
2942 | } | ||
2943 | alen = sizeof (struct in_addr); | 2935 | alen = sizeof (struct in_addr); |
2944 | if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) + | 2936 | if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) + |
2945 | alen + sizeof (uint16_t)) | 2937 | alen + sizeof (uint16_t)) |
@@ -2961,14 +2953,6 @@ do_s5r_read (void *cls) | |||
2961 | struct sockaddr_in6 *in; | 2953 | struct sockaddr_in6 *in; |
2962 | 2954 | ||
2963 | s5r->port = ntohs (*port); | 2955 | s5r->port = ntohs (*port); |
2964 | if (HTTPS_PORT == s5r->port) | ||
2965 | { | ||
2966 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2967 | _("SSL connection to plain IPv4 address requested\n")); | ||
2968 | signal_socks_failure (s5r, | ||
2969 | SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE); | ||
2970 | return; | ||
2971 | } | ||
2972 | alen = sizeof (struct in6_addr); | 2956 | alen = sizeof (struct in6_addr); |
2973 | if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) + | 2957 | if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) + |
2974 | alen + sizeof (uint16_t)) | 2958 | alen + sizeof (uint16_t)) |
@@ -3295,7 +3279,7 @@ run (void *cls, | |||
3295 | cafile)) ) | 3279 | cafile)) ) |
3296 | { | 3280 | { |
3297 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 3281 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
3298 | _("Failed to load SSL/TLS key and certificate from `%s'\n"), | 3282 | _("Failed to load X.509 key and certificate from `%s'\n"), |
3299 | cafile); | 3283 | cafile); |
3300 | gnutls_x509_crt_deinit (proxy_ca.cert); | 3284 | gnutls_x509_crt_deinit (proxy_ca.cert); |
3301 | gnutls_x509_privkey_deinit (proxy_ca.key); | 3285 | gnutls_x509_privkey_deinit (proxy_ca.key); |