Swiftdiff options
Diffstat (limited to 'Swiften/TLS/OpenSSL/OpenSSLContext.cpp')
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLContext.cpp | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp index a183a75..86b0504 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp +++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp @@ -204,13 +204,13 @@ static int certVerifyCallback(X509_STORE_CTX* store_ctx, void* arg) // This callback shouldn't have been set up if the context doesn't // have a verifyCertCallback set, but it doesn't hurt to double check std::function<int (const TLSContext *)> cb = context->getVerifyCertCallback(); if (cb != nullptr) { ret = cb(static_cast<const OpenSSLContext*>(context)); } else { - SWIFT_LOG(debug) << "certVerifyCallback called but context.verifyCertCallback is unset" << std::endl; + SWIFT_LOG(debug) << "certVerifyCallback called but context.verifyCertCallback is unset"; ret = 0; } context->setX509StoreContext(nullptr); return ret; } @@ -247,18 +247,18 @@ static int verifyCallback(int preverifyOk, X509_STORE_CTX* ctx) int err = X509_STORE_CTX_get_error(ctx); int depth = X509_STORE_CTX_get_error_depth(ctx); SSL* ssl = static_cast<SSL*>(X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx())); SSL_CTX* sslctx = ssl ? SSL_get_SSL_CTX(ssl) : nullptr; if (!sslctx) { - SWIFT_LOG(debug) << "verifyCallback: internal error" << std::endl; + SWIFT_LOG(debug) << "verifyCallback: internal error"; return preverifyOk; } if (SSL_CTX_get_verify_mode(sslctx) == SSL_VERIFY_NONE) { - SWIFT_LOG(debug) << "verifyCallback: no verification required" << std::endl; + SWIFT_LOG(debug) << "verifyCallback: no verification required"; // No verification requested return 1; } X509* errCert = X509_STORE_CTX_get_current_cert(ctx); std::string subjectString; @@ -285,16 +285,16 @@ static int verifyCallback(int preverifyOk, X509_STORE_CTX* ctx) if (errCert) { X509_NAME* issuerName = X509_get_issuer_name(errCert); issuerString = X509_NAME_to_text(issuerName); } SWIFT_LOG(debug) << "verifyCallback: verification error " << X509_verify_cert_error_string(err) << " depth: " << - depth << " issuer: " << ((issuerString.length() > 0) ? issuerString : "<unknown>") << std::endl; + depth << " issuer: " << ((issuerString.length() > 0) ? issuerString : "<unknown>"); } else { SWIFT_LOG(debug) << "verifyCallback: SSL depth: " << depth << " Subject: " << - ((subjectString.length() > 0) ? subjectString : "<>") << std::endl; + ((subjectString.length() > 0) ? subjectString : "<>"); } // Always return "OK", as check on verification status // will be performed once TLS handshake has completed, // by calling OpenSSLContext::getVerificationErrorTypeForResult() to // get the value set via X509_STORE_CTX_set_error() above. return 1; @@ -302,37 +302,37 @@ static int verifyCallback(int preverifyOk, X509_STORE_CTX* ctx) bool OpenSSLContext::configure(const TLSOptions &options) { if (options.cipherSuites) { std::string cipherSuites = *(options.cipherSuites); if (SSL_CTX_set_cipher_list(context_.get(), cipherSuites.c_str()) != 1 ) { - SWIFT_LOG(debug) << "Failed to set cipher-suites" << std::endl; + SWIFT_LOG(debug) << "Failed to set cipher-suites"; return false; } } if (options.context) { const auto& contextId = *options.context; if (SSL_CTX_set_session_id_context(context_.get(), reinterpret_cast<const unsigned char *>(contextId.c_str()), contextId.length()) != 1) { - SWIFT_LOG(debug) << "Failed to set context-id" << std::endl; + SWIFT_LOG(debug) << "Failed to set context-id"; return false; } } if (options.sessionCacheTimeout) { int scto = *options.sessionCacheTimeout; if (scto <= 0) { - SWIFT_LOG(debug) << "Invalid value for session-cache-timeout" << std::endl; + SWIFT_LOG(debug) << "Invalid value for session-cache-timeout"; return false; } (void)SSL_CTX_set_timeout(context_.get(), scto); if (SSL_CTX_get_timeout(context_.get()) != scto) { - SWIFT_LOG(debug) << "Failed to set session-cache-timeout" << std::endl; + SWIFT_LOG(debug) << "Failed to set session-cache-timeout"; return false; } } if (options.verifyCertificateCallback) { verifyCertCallback = *options.verifyCertificateCallback; @@ -368,13 +368,13 @@ bool OpenSSLContext::configure(const TLSOptions &options) } } if (options.verifyDepth) { int depth = *options.verifyDepth; if (depth <= 0) { - SWIFT_LOG(debug) << "Invalid value for verify-depth" << std::endl; + SWIFT_LOG(debug) << "Invalid value for verify-depth"; return false; } // Increase depth limit by one, so that verifyCallback() will log it SSL_CTX_set_verify_depth(context_.get(), depth + 1); } @@ -590,13 +590,13 @@ void OpenSSLContext::sendPendingDataToApplication() { onError(std::make_shared<TLSError>(TLSError::UnknownError, openSSLInternalErrorToString())); } } bool OpenSSLContext::setCertificateChain(const std::vector<std::shared_ptr<Certificate>>& certificateChain) { if (certificateChain.size() == 0) { - SWIFT_LOG(debug) << "Trying to load empty certificate chain." << std::endl; + SWIFT_LOG(debug) << "Trying to load empty certificate chain."; return false; } // load endpoint certificate auto openSSLCert = dynamic_cast<OpenSSLCertificate*>(certificateChain[0].get()); if (!openSSLCert) { @@ -613,13 +613,13 @@ bool OpenSSLContext::setCertificateChain(const std::vector<std::shared_ptr<Certi auto openSSLCert = dynamic_cast<OpenSSLCertificate*>(certificate->get()); if (!openSSLCert) { return false; } if (SSL_CTX_add_extra_chain_cert(context_.get(), openSSLCert->getInternalX509().get()) != 1) { - SWIFT_LOG(debug) << "Trying to load empty certificate chain." << std::endl; + SWIFT_LOG(debug) << "Trying to load empty certificate chain."; return false; } // Have to manually increment reference count as SSL_CTX_add_extra_chain_cert does not do so openSSLCert->incrementReferenceCount(); } } |