From: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx> Show usage of a Spice log category. Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx> --- common/ssl_verify.c | 54 +++++++++++++++++++++++++++-------------------------- 1 file changed, 28 insertions(+), 26 deletions(-) diff --git a/common/ssl_verify.c b/common/ssl_verify.c index 4b963bc..2d1a136 100644 --- a/common/ssl_verify.c +++ b/common/ssl_verify.c @@ -33,6 +33,8 @@ #include <string.h> #include <gio/gio.h> +SPICE_LOG_CATEGORY(common_ssl, "SSL verification") + #if OPENSSL_VERSION_NUMBER < 0x10100000 static const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *asn1) { @@ -51,36 +53,36 @@ static int verify_pubkey(X509* cert, const char *key, size_t key_size) return 0; if (!cert) { - g_debug("warning: no cert!"); + spice_log(common_ssl, "warning: no cert!"); return 0; } cert_pubkey = X509_get_pubkey(cert); if (!cert_pubkey) { - g_debug("warning: reading public key from certificate failed"); + spice_log(common_ssl, "warning: reading public key from certificate failed"); goto finish; } bio = BIO_new_mem_buf((void*)key, key_size); if (!bio) { - g_debug("creating BIO failed"); + spice_log(common_ssl, "creating BIO failed"); goto finish; } orig_pubkey = d2i_PUBKEY_bio(bio, NULL); if (!orig_pubkey) { - g_debug("reading pubkey from bio failed"); + spice_log(common_ssl, "reading pubkey from bio failed"); goto finish; } ret = EVP_PKEY_cmp(orig_pubkey, cert_pubkey); if (ret == 1) { - g_debug("public keys match"); + spice_log(common_ssl, "public keys match"); } else if (ret == 0) { - g_debug("public keys mismatch"); + spice_log(common_ssl, "public keys mismatch"); } else { - g_debug("public keys types mismatch"); + spice_log(common_ssl, "public keys types mismatch"); } finish: @@ -162,7 +164,7 @@ static int verify_hostname(X509* cert, const char *hostname) g_return_val_if_fail(hostname != NULL, 0); if (!cert) { - g_debug("warning: no cert!"); + spice_log(common_ssl, "warning: no cert!"); return 0; } @@ -192,7 +194,7 @@ static int verify_hostname(X509* cert, const char *hostname) if (_gnutls_hostname_compare((const char *)ASN1_STRING_get0_data(name->d.dNSName), ASN1_STRING_length(name->d.dNSName), hostname)) { - g_debug("alt name match=%s", ASN1_STRING_get0_data(name->d.dNSName)); + spice_log(common_ssl, "alt name match=%s", ASN1_STRING_get0_data(name->d.dNSName)); GENERAL_NAMES_free(subject_alt_names); return 1; } @@ -222,7 +224,7 @@ static int verify_hostname(X509* cert, const char *hostname) alt_ip = g_inet_address_new_from_bytes(ASN1_STRING_get0_data(name->d.iPAddress), g_inet_address_get_family(ip)); alt_ip_string = g_inet_address_to_string(alt_ip); - g_debug("alt name IP match=%s", alt_ip_string); + spice_log(common_ssl, "alt name IP match=%s", alt_ip_string); g_free(alt_ip_string); g_object_unref(alt_ip); @@ -239,7 +241,7 @@ static int verify_hostname(X509* cert, const char *hostname) } if (found_dns_name) { - g_debug("warning: SubjectAltName mismatch"); + spice_log(common_ssl, "warning: SubjectAltName mismatch"); return 0; } @@ -263,7 +265,7 @@ static int verify_hostname(X509* cert, const char *hostname) if (_gnutls_hostname_compare((const char*)ASN1_STRING_get0_data(cn_asn1), ASN1_STRING_length(cn_asn1), hostname)) { - g_debug("common name match=%s", (char*)ASN1_STRING_get0_data(cn_asn1)); + spice_log(common_ssl, "common name match=%s", (char*)ASN1_STRING_get0_data(cn_asn1)); cn_match = 1; break; } @@ -271,7 +273,7 @@ static int verify_hostname(X509* cert, const char *hostname) } if (!cn_match) { - g_debug("warning: common name mismatch"); + spice_log(common_ssl, "warning: common name mismatch"); } return cn_match; @@ -295,7 +297,7 @@ static X509_NAME* subject_to_x509_name(const char *subject, int *nentries) in_subject = X509_NAME_new(); if (!in_subject || !key || !val) { - g_debug("failed to allocate"); + spice_log(common_ssl, "failed to allocate"); return NULL; } @@ -308,7 +310,7 @@ static X509_NAME* subject_to_x509_name(const char *subject, int *nentries) if (*p == '\\') { ++p; if (*p != '\\' && *p != ',') { - g_debug("Invalid character after \\"); + spice_log(common_ssl, "Invalid character after \\"); goto fail; } escape = 1; @@ -342,7 +344,7 @@ static X509_NAME* subject_to_x509_name(const char *subject, int *nentries) MBSTRING_UTF8, (const unsigned char*)val, -1, -1, 0)) { - g_debug("warning: failed to add entry %s=%s to X509_NAME", + spice_log(common_ssl, "warning: failed to add entry %s=%s to X509_NAME", key, val); goto fail; } @@ -377,25 +379,25 @@ static int verify_subject(X509* cert, SpiceOpenSSLVerify* verify) int in_entries; if (!cert) { - g_debug("warning: no cert!"); + spice_log(common_ssl, "warning: no cert!"); return 0; } cert_subject = X509_get_subject_name(cert); if (!cert_subject) { - g_debug("warning: reading certificate subject failed"); + spice_log(common_ssl, "warning: reading certificate subject failed"); return 0; } in_subject = subject_to_x509_name(verify->subject, &in_entries); if (!in_subject) { - g_debug("warning: no in_subject!"); + spice_log(common_ssl, "warning: no in_subject!"); return 0; } /* Note: this check is redundant with the pre-condition in X509_NAME_cmp */ if (X509_NAME_entry_count(cert_subject) != in_entries) { - g_debug("subject mismatch: #entries cert=%d, input=%d", + spice_log(common_ssl, "subject mismatch: #entries cert=%d, input=%d", X509_NAME_entry_count(cert_subject), in_entries); X509_NAME_free(in_subject); return 0; @@ -404,17 +406,17 @@ static int verify_subject(X509* cert, SpiceOpenSSLVerify* verify) ret = X509_NAME_cmp(cert_subject, in_subject); if (ret == 0) { - g_debug("subjects match"); + spice_log(common_ssl, "subjects match"); } else { char *p; - g_debug("subjects mismatch"); + spice_log(common_ssl, "subjects mismatch"); p = X509_NAME_oneline(cert_subject, NULL, 0); - g_debug("cert_subject: %s", p); + spice_log(common_ssl, "cert_subject: %s", p); free(p); p = X509_NAME_oneline(in_subject, NULL, 0); - g_debug("in_subject: %s", p); + spice_log(common_ssl, "in_subject: %s", p); free(p); } X509_NAME_free(in_subject); @@ -451,7 +453,7 @@ static int openssl_verify(int preverify_ok, X509_STORE_CTX *ctx) return 1; if (err == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) - g_debug("server certificate not being signed by the provided CA"); + spice_log(common_ssl, "server certificate not being signed by the provided CA"); return 0; } else @@ -460,7 +462,7 @@ static int openssl_verify(int preverify_ok, X509_STORE_CTX *ctx) /* depth == 0 */ if (!cert) { - g_debug("failed to get server certificate"); + spice_log(common_ssl, "failed to get server certificate"); return 0; } -- 2.13.0.91.g00982b8dd _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel