Swiftdiff options
Diffstat (limited to 'Swiften/TLS/OpenSSL/OpenSSLContext.cpp')
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLContext.cpp | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp index b7cf178..7034733 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp +++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp | |||
| @@ -207,7 +207,7 @@ static int certVerifyCallback(X509_STORE_CTX* store_ctx, void* arg) | |||
| 207 | if (cb != nullptr) { | 207 | if (cb != nullptr) { |
| 208 | ret = cb(static_cast<const OpenSSLContext*>(context)); | 208 | ret = cb(static_cast<const OpenSSLContext*>(context)); |
| 209 | } else { | 209 | } else { |
| 210 | SWIFT_LOG(warning) << "certVerifyCallback called but context.verifyCertCallback is unset" << std::endl; | 210 | //SWIFT_LOG(warning) << "certVerifyCallback called but context.verifyCertCallback is unset" << std::endl; |
| 211 | ret = 0; | 211 | ret = 0; |
| 212 | } | 212 | } |
| 213 | 213 | ||
| @@ -250,12 +250,12 @@ static int verifyCallback(int preverifyOk, X509_STORE_CTX* ctx) | |||
| 250 | SSL* ssl = static_cast<SSL*>(X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx())); | 250 | SSL* ssl = static_cast<SSL*>(X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx())); |
| 251 | SSL_CTX* sslctx = ssl ? SSL_get_SSL_CTX(ssl) : nullptr; | 251 | SSL_CTX* sslctx = ssl ? SSL_get_SSL_CTX(ssl) : nullptr; |
| 252 | if (!sslctx) { | 252 | if (!sslctx) { |
| 253 | SWIFT_LOG(error) << "verifyCallback: internal error" << std::endl; | 253 | //SWIFT_LOG(error) << "verifyCallback: internal error" << std::endl; |
| 254 | return preverifyOk; | 254 | return preverifyOk; |
| 255 | } | 255 | } |
| 256 | 256 | ||
| 257 | if (SSL_CTX_get_verify_mode(sslctx) == SSL_VERIFY_NONE) { | 257 | if (SSL_CTX_get_verify_mode(sslctx) == SSL_VERIFY_NONE) { |
| 258 | SWIFT_LOG(info) << "verifyCallback: no verification required" << std::endl; | 258 | //SWIFT_LOG(info) << "verifyCallback: no verification required" << std::endl; |
| 259 | // No verification requested | 259 | // No verification requested |
| 260 | return 1; | 260 | return 1; |
| 261 | } | 261 | } |
| @@ -286,12 +286,12 @@ static int verifyCallback(int preverifyOk, X509_STORE_CTX* ctx) | |||
| 286 | X509_NAME* issuerName = X509_get_issuer_name(errCert); | 286 | X509_NAME* issuerName = X509_get_issuer_name(errCert); |
| 287 | issuerString = X509_NAME_to_text(issuerName); | 287 | issuerString = X509_NAME_to_text(issuerName); |
| 288 | } | 288 | } |
| 289 | SWIFT_LOG(error) << "verifyCallback: verification error " << | 289 | // SWIFT_LOG(error) << "verifyCallback: verification error " << |
| 290 | X509_verify_cert_error_string(err) << " depth: " << | 290 | // X509_verify_cert_error_string(err) << " depth: " << |
| 291 | depth << " issuer: " << ((issuerString.length() > 0) ? issuerString : "<unknown>") << std::endl; | 291 | // depth << " issuer: " << ((issuerString.length() > 0) ? issuerString : "<unknown>") << std::endl; |
| 292 | } else { | 292 | // } else { |
| 293 | SWIFT_LOG(info) << "verifyCallback: SSL depth: " << depth << " Subject: " << | 293 | // SWIFT_LOG(info) << "verifyCallback: SSL depth: " << depth << " Subject: " << |
| 294 | ((subjectString.length() > 0) ? subjectString : "<>") << std::endl; | 294 | // ((subjectString.length() > 0) ? subjectString : "<>") << std::endl; |
| 295 | } | 295 | } |
| 296 | // Always return "OK", as check on verification status | 296 | // Always return "OK", as check on verification status |
| 297 | // will be performed once TLS handshake has completed, | 297 | // will be performed once TLS handshake has completed, |
| @@ -305,7 +305,7 @@ bool OpenSSLContext::configure(const TLSOptions &options) | |||
| 305 | if (options.cipherSuites) { | 305 | if (options.cipherSuites) { |
| 306 | std::string cipherSuites = *(options.cipherSuites); | 306 | std::string cipherSuites = *(options.cipherSuites); |
| 307 | if (SSL_CTX_set_cipher_list(context_.get(), cipherSuites.c_str()) != 1 ) { | 307 | if (SSL_CTX_set_cipher_list(context_.get(), cipherSuites.c_str()) != 1 ) { |
| 308 | SWIFT_LOG(error) << "Failed to set cipher-suites" << std::endl; | 308 | // SWIFT_LOG(error) << "Failed to set cipher-suites" << std::endl; |
| 309 | return false; | 309 | return false; |
| 310 | } | 310 | } |
| 311 | } | 311 | } |
| @@ -316,7 +316,7 @@ bool OpenSSLContext::configure(const TLSOptions &options) | |||
| 316 | if (SSL_CTX_set_session_id_context(context_.get(), | 316 | if (SSL_CTX_set_session_id_context(context_.get(), |
| 317 | reinterpret_cast<const unsigned char *>(contextId.c_str()), | 317 | reinterpret_cast<const unsigned char *>(contextId.c_str()), |
| 318 | contextId.length()) != 1) { | 318 | contextId.length()) != 1) { |
| 319 | SWIFT_LOG(error) << "Failed to set context-id" << std::endl; | 319 | // SWIFT_LOG(error) << "Failed to set context-id" << std::endl; |
| 320 | return false; | 320 | return false; |
| 321 | } | 321 | } |
| 322 | } | 322 | } |
| @@ -324,12 +324,12 @@ bool OpenSSLContext::configure(const TLSOptions &options) | |||
| 324 | if (options.sessionCacheTimeout) { | 324 | if (options.sessionCacheTimeout) { |
| 325 | int scto = *options.sessionCacheTimeout; | 325 | int scto = *options.sessionCacheTimeout; |
| 326 | if (scto <= 0) { | 326 | if (scto <= 0) { |
| 327 | SWIFT_LOG(error) << "Invalid value for session-cache-timeout" << std::endl; | 327 | // SWIFT_LOG(error) << "Invalid value for session-cache-timeout" << std::endl; |
| 328 | return false; | 328 | return false; |
| 329 | } | 329 | } |
| 330 | (void)SSL_CTX_set_timeout(context_.get(), scto); | 330 | (void)SSL_CTX_set_timeout(context_.get(), scto); |
| 331 | if (SSL_CTX_get_timeout(context_.get()) != scto) { | 331 | if (SSL_CTX_get_timeout(context_.get()) != scto) { |
| 332 | SWIFT_LOG(error) << "Failed to set session-cache-timeout" << std::endl; | 332 | // SWIFT_LOG(error) << "Failed to set session-cache-timeout" << std::endl; |
| 333 | return false; | 333 | return false; |
| 334 | } | 334 | } |
| 335 | } | 335 | } |
| @@ -371,7 +371,7 @@ bool OpenSSLContext::configure(const TLSOptions &options) | |||
| 371 | if (options.verifyDepth) { | 371 | if (options.verifyDepth) { |
| 372 | int depth = *options.verifyDepth; | 372 | int depth = *options.verifyDepth; |
| 373 | if (depth <= 0) { | 373 | if (depth <= 0) { |
| 374 | SWIFT_LOG(error) << "Invalid value for verify-depth" << std::endl; | 374 | // SWIFT_LOG(error) << "Invalid value for verify-depth" << std::endl; |
| 375 | return false; | 375 | return false; |
| 376 | } | 376 | } |
| 377 | 377 | ||
| @@ -593,7 +593,7 @@ void OpenSSLContext::sendPendingDataToApplication() { | |||
| 593 | 593 | ||
| 594 | bool OpenSSLContext::setCertificateChain(const std::vector<std::shared_ptr<Certificate>>& certificateChain) { | 594 | bool OpenSSLContext::setCertificateChain(const std::vector<std::shared_ptr<Certificate>>& certificateChain) { |
| 595 | if (certificateChain.size() == 0) { | 595 | if (certificateChain.size() == 0) { |
| 596 | SWIFT_LOG(warning) << "Trying to load empty certificate chain." << std::endl; | 596 | // SWIFT_LOG(warning) << "Trying to load empty certificate chain." << std::endl; |
| 597 | return false; | 597 | return false; |
| 598 | } | 598 | } |
| 599 | 599 | ||
| @@ -616,7 +616,7 @@ bool OpenSSLContext::setCertificateChain(const std::vector<std::shared_ptr<Certi | |||
| 616 | } | 616 | } |
| 617 | 617 | ||
| 618 | if (SSL_CTX_add_extra_chain_cert(context_.get(), openSSLCert->getInternalX509().get()) != 1) { | 618 | if (SSL_CTX_add_extra_chain_cert(context_.get(), openSSLCert->getInternalX509().get()) != 1) { |
| 619 | SWIFT_LOG(warning) << "Trying to load empty certificate chain." << std::endl; | 619 | // SWIFT_LOG(warning) << "Trying to load empty certificate chain." << std::endl; |
| 620 | return false; | 620 | return false; |
| 621 | } | 621 | } |
| 622 | // Have to manually increment reference count as SSL_CTX_add_extra_chain_cert does not do so | 622 | // Have to manually increment reference count as SSL_CTX_add_extra_chain_cert does not do so |