This directory contains the source files of FORT's site and documentation.
-Github automatically compiles and publishes it at [https://nicmx.github.io/FORT-validator/](https://nicmx.github.io/FORT-validator/). **It's still under construction**.
+Github automatically compiles and publishes it at [https://nicmx.github.io/FORT-validator/](https://nicmx.github.io/FORT-validator/).
You can also compile the documentation yourself by running [Jekyll](http://jekyllrb.com/) right here.
<a class="item-menu{% if page.url == '/installation.html' %} active{% endif %}" href="installation.html">Compilation and Installation</a>
</li>
<li>
- <a class="item-menu{% if page.url == '/run.html' %} active{% endif %}" href="run.html">Running Fort</a>
+ <a class="item-menu{% if page.url == '/run.html' %} active{% endif %}" href="run.html">Basic Usage</a>
</li>
<li>
- <a class="item-menu{% if page.url == '/usage.html' %} active{% endif %}" href="usage.html">Fort usage</a>
+ <a class="item-menu{% if page.url == '/usage.html' %} active{% endif %}" href="usage.html">Program Arguments</a>
+ </li>
+ <li>
+ <a class="item-menu{% if page.url == '/logging.html' %} active{% endif %}" href="logging.html">Logging</a>
</li>
<li>
<a class="item-menu{% if page.url == '/slurm.html' %} active{% endif %}" href="slurm.html">SLURM</a>
## Introduction
-The RPKI RFCs define fairly strict profiles for RPKI objects, and are unequivocal in stating that incorrectly-formed objects are supposed to be rejected by Relying Party validation. In practice, however, this does not prevent a significant amount of Certificate Authorities from issuing incorrect objects.
+The RPKI RFCs define fairly strict profiles for RPKI objects, and are unequivocal in stating that incorrectly-formed objects are supposed to be rejected by Relying Party validation. In practice, however, this does not prevent a significant amount of legitimate Certificate Authorities from issuing incorrect objects.
-By default, Fort is lax with some of this bad practices. The `incidence` section of its configuration file is a means to modify its behavior upon encountering profile violations that, from experience, are often overlooked.
+The `incidence` section of Fort's configuration file is a means to modify its behavior upon encountering profile violations that, from experience, are often overlooked.
## `incidences` definition
]
```
-`name` is the identifier of an incidence. It is case-sensitive and developer-defined. It states an ID of the particular error condition that will be handled by the remaining field.
+`name` is the identifier of an incidence. It is case-sensitive and developer-defined. It states the ID of the particular error condition that will be handled by the remaining field.
`action` is an enumeration that states the outcome of a violation of the corresponding incidence. It can take one of three values:
2. `warn`: Print error message in `warning` log level, continue validation as if nothing happened.
3. `ignore`: Do not print error message, continue validation as if nothing happened.
-Since most of the incidences are result of a bad practice at the global RPKI, they have an `action` of `ignore` by default. If a strict behavior is desired, then the corresponding incidences should be configured with an `action` of `error`.
+Some incidences are `ignore`d by default, because they stem from bad practices (which are nonetheless likely harmless) in the global RPKI repositories. If a strict behavior is desired, then the corresponding incidence `action` should be upgraded.
## Incidence types
--- /dev/null
+---
+title: Logging
+---
+
+# {{ page.title }}
+
+- If Fort is run in [server mode](usage.html#--mode), all logging is sent to syslog.
+- If Fort is run in standalone mode, informational messages are printed in standard output and error messages are thrown to standard error.
+
+During the brief period in which configuration has not been completely parsed yet (and therefore, Fort is not yet aware of the desired running mode), the standard streams and syslog are used simultaneously.
+
---
-title: Running Fort
+title: Basic Usage
---
# {{ page.title }}
--server.port <your intended RTR server port>
{% endhighlight %}
-These are some examples to run Fort with distinct configurations; see [usage](usage.html) for more details.
\ No newline at end of file
+These are some examples to run Fort with distinct configurations; see [Program Arguments](usage.html) for more details.
---
-title: Fort Usage
+title: Program Arguments
command: fort
---
* to a tree leaf. Loops aren't possible.
*/
- pr_debug_add("EE Certificate (embedded) {");
+ pr_debug("EE Certificate (embedded) {");
/*
* "If the call is successful *in is incremented to the byte following
end2:
X509_free(cert);
end1:
- pr_debug_rm("}");
+ pr_debug("}");
return error;
}
struct option_field const *opt;
pr_info("Configuration {");
- pr_indent_add();
FOREACH_OPTION(options, opt, 0xFFFF)
if (is_rpki_config_field(opt) && opt->type->print != NULL)
opt->type->print(opt, get_rpki_config_field(opt));
- pr_indent_rm();
pr_info("}");
}
size_t i;
pr_info("%s:", field->name);
- pr_indent_add();
if (value->length == 0)
- pr_info("<Nothing>");
+ pr_info(" <Nothing>");
else for (i = 0; i < value->length; i++)
- pr_info("%s", value->array[i]);
-
- pr_indent_rm();
+ pr_info(" %s", value->array[i]);
}
static int
md = EVP_get_digestbyname(algorithm);
if (md == NULL) {
- printf("Unknown message digest %s\n", algorithm);
+ pr_err("Unknown message digest %s", algorithm);
return -EINVAL;
}
/**
* Important: -rdynamic needs to be enabled, otherwise this does not print
- * function names. See rpki_validator_LDFLAGS in Makefile.am.
+ * function names. See LDFLAGS_DEBUG in Makefile.am.
* Also: Only non-static functions will be labeled.
*
* During a segfault, the first three printed entries are usually not
array_index i;
pr_info("Custom incidences:");
- pr_indent_add();
for (i = 0; i < __INID_MAX; i++) {
- pr_info("%s (%s): %s", incidences[i].name,
+ pr_info(" %s (%s): %s", incidences[i].name,
incidences[i].description,
action2str(incidences[i].action));
}
-
- pr_indent_rm();
}
enum incidence_action
#include <openssl/bio.h>
#include <openssl/err.h>
+#include <syslog.h>
#include "config.h"
#include "debug.h"
#include "thread_var.h"
-#ifdef DEBUG
-#define COLOR_DEBUG "\x1B[36m" /* Cyan */
-#endif
-
-#define COLOR_INFO "\x1B[37m" /* Gray */
-#define COLOR_WARNING "\x1B[33m" /* Yellow */
-#define COLOR_ERROR "\x1B[31m" /* Red */
-#define COLOR_CRITICAL "\x1B[35m" /* Pink */
-#define COLOR_RESET "\x1B[0m" /* Reset */
+struct level {
+ char const *label;
+ char const *color;
+ FILE *stream;
+};
-#define STDOUT stdout
-#define STDERR stderr
+static struct level DBG = { "DBG", "\x1B[36m" };
+static struct level INF = { "INF", "\x1B[37m" };
+static struct level WRN = { "WRN", "\x1B[33m" };
+static struct level ERR = { "ERR", "\x1B[31m" };
+static struct level CRT = { "CRT", "\x1B[35m" };
+static struct level UNK = { "UNK", "" };
+#define COLOR_RESET "\x1B[0m"
-static unsigned int indent;
+/* LOG_PERROR is not portable, apparently, so I implemented it myself */
+static bool fprintf_enabled;
+static bool syslog_enabled;
-static void
-pr_prefix(FILE *stream, char const *color, char const *level)
+void
+log_setup(void)
{
- unsigned int i;
- if (config_get_color_output())
- fprintf(stream, "%s", color);
- fprintf(stream, "%s: ", level);
- for (i = 0; i < indent; i++)
- fprintf(stream, " ");
-}
-
-static void
-pr_file_name(FILE *stream)
-{
-#ifndef UNIT_TESTING
- char const *file = fnstack_peek();
- if (file == NULL)
- return;
- fprintf(stream, "%s: ", file);
-#endif
+ /* =_= */
+ DBG.stream = stdout;
+ INF.stream = stdout;
+ WRN.stream = stderr;
+ ERR.stream = stderr;
+ CRT.stream = stderr;
+ UNK.stream = stdout;
+
+ openlog("Fort", LOG_CONS | LOG_PID, LOG_DAEMON);
+ fprintf_enabled = true;
+ syslog_enabled = true;
}
void
-pr_indent_add(void)
+log_disable_std(void)
{
- indent++;
+ fprintf_enabled = false;
}
void
-pr_indent_rm(void)
+log_disable_syslog(void)
{
- if (indent > 0)
- indent--;
- else
- fprintf(STDERR, "Programming error: Too many pr_rm_indent()s.\n");
+ if (syslog_enabled) {
+ closelog();
+ syslog_enabled = false;
+ }
}
-#ifdef DEBUG
-
void
-pr_debug_prefix(void)
+log_teardown(void)
{
- pr_prefix(STDOUT, COLOR_DEBUG, "DBG");
+ log_disable_std();
+ log_disable_syslog();
}
-void
-pr_debug_suffix(void)
+static struct level const *
+level2struct(int level)
{
- if (config_get_color_output())
- fprintf(STDOUT, "%s", COLOR_RESET);
- fprintf(STDOUT, "\n");
+ switch (level) {
+ case LOG_CRIT:
+ return &CRT;
+ case LOG_ERR:
+ return &ERR;
+ case LOG_WARNING:
+ return &WRN;
+ case LOG_INFO:
+ return &INF;
+ case LOG_DEBUG:
+ return &DBG;
+ }
+
+ return &UNK;
}
-void
-pr_debug(const char *format, ...)
+static void
+__fprintf(int level, char const *format, ...)
{
+ struct level const *lvl;
va_list args;
- pr_debug_prefix();
+ lvl = level2struct(level);
+ if (config_get_color_output())
+ fprintf(lvl->stream, "%s", lvl->color);
+
+ fprintf(lvl->stream, "%s: ", lvl->label);
va_start(args, format);
- vfprintf(STDOUT, format, args);
+ vfprintf(lvl->stream, format, args);
va_end(args);
- pr_debug_suffix();
+
+ if (config_get_color_output())
+ fprintf(lvl->stream, COLOR_RESET);
+
+ fprintf(lvl->stream, "\n");
}
-void
-pr_debug_add(const char *format, ...)
+static bool
+pr_file_name(int level)
{
- va_list args;
+ char const *file_name;
- pr_debug_prefix();
+ file_name = fnstack_peek();
+ if (file_name == NULL)
+ return false;
- va_start(args, format);
- vfprintf(STDOUT, format, args);
- va_end(args);
- pr_debug_suffix();
+ if (syslog_enabled)
+ syslog(level, "%s:", file_name);
+ if (fprintf_enabled)
+ __fprintf(level, "%s:", file_name);
- pr_indent_add();
+ return true;
}
-void
-pr_debug_rm(const char *format, ...)
+#define MSG_LEN 512
+
+static void
+pr_syslog(int level, bool indent, const char *format, va_list args)
{
- va_list args;
+ char msg[MSG_LEN];
+ /* Can't use vsyslog(); it's not portable. */
+ vsnprintf(msg, MSG_LEN, format, args);
+ syslog(level, "%s%s", indent ? " " : "", msg);
+}
+
+static void
+pr_stream(int level, bool indent, const char *format, va_list args)
+{
+ struct level const *lvl = level2struct(level);
- pr_indent_rm();
+ if (config_get_color_output())
+ fprintf(lvl->stream, "%s", lvl->color);
- pr_debug_prefix();
+ fprintf(lvl->stream, "%s: ", lvl->label);
+ if (indent)
+ fprintf(lvl->stream, " ");
+ vfprintf(lvl->stream, format, args);
- va_start(args, format);
- vfprintf(STDOUT, format, args);
- va_end(args);
- pr_debug_suffix();
-}
+ if (config_get_color_output())
+ fprintf(lvl->stream, "%s", COLOR_RESET);
-#endif
+ fprintf(lvl->stream, "\n");
+}
-#define PR_PREFIX(stream, color, level, args) do { \
- pr_prefix(stream, color, level); \
- pr_file_name(stream); \
+#define PR_SIMPLE(level) \
+ do { \
+ va_list args; \
+ bool indent; \
+ \
+ indent = pr_file_name(level); \
\
- va_start(args, format); \
- vfprintf(stream, format, args); \
- va_end(args); \
-} while (0)
+ if (syslog_enabled) { \
+ va_start(args, format); \
+ pr_syslog(level, indent, format, args); \
+ va_end(args); \
+ } \
+ \
+ if (fprintf_enabled) { \
+ va_start(args, format); \
+ pr_stream(level, indent, format, args); \
+ va_end(args); \
+ } \
+ } while (0)
-#define PR_SUFFIX(stream) do { \
- if (config_get_color_output()) \
- fprintf(stream, "%s", COLOR_RESET); \
- fprintf(stream, "\n"); \
-} while (0)
+#ifdef DEBUG
+
+void
+pr_debug(const char *format, ...)
+{
+ PR_SIMPLE(LOG_DEBUG);
+}
+
+#endif
void
pr_info(const char *format, ...)
{
- va_list args;
- PR_PREFIX(STDOUT, COLOR_INFO, "INF", args);
- PR_SUFFIX(STDOUT);
+ PR_SIMPLE(LOG_INFO);
}
/**
int
pr_warn(const char *format, ...)
{
- va_list args;
- PR_PREFIX(STDERR, COLOR_WARNING, "WRN", args);
- PR_SUFFIX(STDERR);
+ PR_SIMPLE(LOG_WARNING);
return 0;
}
int
pr_err(const char *format, ...)
{
- va_list args;
- PR_PREFIX(STDERR, COLOR_ERROR, "ERR", args);
- PR_SUFFIX(STDERR);
+ PR_SIMPLE(LOG_ERR);
return -EINVAL;
}
int
pr_errno(int error, const char *format, ...)
{
- va_list args;
+ PR_SIMPLE(LOG_ERR);
- PR_PREFIX(STDERR, COLOR_ERROR, "ERR", args);
-
- if (error) {
- fprintf(STDERR, ": %s", strerror(error));
- } else {
- /*
- * If this function was called, then we need to assume that
- * there WAS an error; go generic.
- */
- fprintf(STDERR, ": (Unknown)");
- error = -EINVAL;
- }
+ if (!error)
+ return -EINVAL;
+
+ if (syslog_enabled)
+ syslog(LOG_ERR, " - %s", strerror(error));
+ if (fprintf_enabled)
+ __fprintf(LOG_ERR, " - %s", strerror(error));
- PR_SUFFIX(STDERR);
return error;
}
+static int log_crypto_error(const char *str, size_t len, void *arg)
+{
+ if (syslog_enabled)
+ syslog(LOG_ERR, " - %s", str);
+ if (fprintf_enabled)
+ __fprintf(LOG_ERR, " - %s", str);
+ return 1;
+}
+
/**
* This is like pr_err() and pr_errno(), except meant to log an error made
* during a libcrypto routine.
*
* This differs from usual printf-like functions:
*
- * - It returns the last error code libcrypto threw, not bytes written.
+ * - It returns -EINVAL, not bytes written.
* - It prints a newline.
- * - Also prints the cryptolib's error message after a colon.
- * (So don't include periods at the end of @format.)
+ * - Also prints the cryptolib's error message stack.
*
* Always appends a newline at the end.
*/
int
crypto_err(const char *format, ...)
{
- va_list args;
- int error;
-
- PR_PREFIX(STDERR, COLOR_ERROR, "ERR", args);
- fprintf(STDERR, ": ");
-
- error = ERR_GET_REASON(ERR_peek_last_error());
- if (error) {
- /*
- * Reminder: This clears the error queue.
- * BTW: The string format is pretty ugly. Maybe override this.
- */
- ERR_print_errors_fp(STDERR);
- } else {
- /*
- * If this function was called, then we need to assume that
- * there WAS an error; go generic.
- */
- fprintf(STDERR, "(There are no error messages in libcrypto's stack.)");
- error = -EINVAL;
+ unsigned int stack_size;
+
+ PR_SIMPLE(LOG_ERR);
+
+ if (syslog_enabled)
+ syslog(LOG_ERR, " libcrypto error stack:");
+ if (fprintf_enabled)
+ __fprintf(LOG_ERR, " libcrypto error stack:");
+
+ stack_size = 0;
+ ERR_print_errors_cb(log_crypto_error, &stack_size);
+ if (stack_size == 0) {
+ if (syslog_enabled)
+ syslog(LOG_ERR, " <Empty>");
+ if (fprintf_enabled)
+ __fprintf(LOG_ERR, " <Empty>\n");
}
- PR_SUFFIX(STDERR);
- return error;
+ return -EINVAL;
}
int
pr_enomem(void)
{
- pr_err("Out of memory.");
+ if (syslog_enabled)
+ syslog(LOG_ERR, "Out of memory.");
+ if (fprintf_enabled)
+ __fprintf(LOG_ERR, "Out of memory.\n");
return -ENOMEM;
}
__dead void
pr_crit(const char *format, ...)
{
- va_list args;
-
- pr_prefix(STDERR, COLOR_CRITICAL, "CRT");
- pr_file_name(STDERR);
-
- fprintf(STDERR, "Programming error: ");
- va_start(args, format);
- vfprintf(STDERR, format, args);
- va_end(args);
-
- PR_SUFFIX(STDERR);
-
+ PR_SIMPLE(LOG_CRIT);
print_stack_trace();
exit(-1);
}
incidence(enum incidence_id id, const char *format, ...)
{
enum incidence_action action;
- va_list args;
action = incidence_get_action(id);
switch (action) {
case INAC_IGNORE:
return 0;
case INAC_WARN:
- PR_PREFIX(STDERR, COLOR_WARNING, "WRN", args);
- PR_SUFFIX(STDERR);
+ PR_SIMPLE(LOG_WARNING);
return 0;
case INAC_ERROR:
- PR_PREFIX(STDERR, COLOR_ERROR, "ERR", args);
- PR_SUFFIX(STDERR);
+ PR_SIMPLE(LOG_ERR);
return -EINVAL;
}
* error printing functions, but we kind of need to do it:
*
* - It's convoluted to use err() and warn() on libcrypto errors.
- * - If debug is enabled, we want the error messages to be printed as a tree
- * to ease debugging.
+ * - I was tasked with using syslog anyway, but the API is kind of limited
+ * (especially since vsyslog() is not portable.)
+ * - We want to transparently always print offending file name.
*/
#if __GNUC__
#define CHECK_FORMAT(str, args) /* Nothing */
#endif
-void pr_indent_add(void);
-void pr_indent_rm(void);
+/* Only call this group of functions when you know there's only one thread. */
+void log_setup(void);
+void log_disable_std(void);
+void log_disable_syslog(void);
+void log_teardown(void);
-#ifdef DEBUG
-
-void pr_debug(const char *, ...) CHECK_FORMAT(1, 2);
-void pr_debug_add(const char *, ...) CHECK_FORMAT(1, 2);
-void pr_debug_rm(const char *, ...) CHECK_FORMAT(1, 2);
-void pr_debug_prefix(void);
-void pr_debug_suffix(void);
-
-#else
/*
- * I want to define these as empty, but then we get compiler warnings on
- *
- * ```
- * else
- * pr_debug(...);
- * ```
- *
- * Oh well.
+ * Please note: The log message (excluding pr_errno's strerror and libcrypto's
+ * error stack) cannot exceed 512 bytes at present.
*/
+#ifdef DEBUG
+void pr_debug(const char *, ...) CHECK_FORMAT(1, 2);
+#else
#define pr_debug(...) do {} while (0)
-#define pr_debug_add(...) do {} while (0)
-#define pr_debug_rm(...) do {} while (0)
-
#endif
void pr_info(const char *, ...) CHECK_FORMAT(1, 2);
}
int
-main(int argc, char **argv)
+__main(int argc, char **argv)
{
int error;
if (error)
return error;
+ switch (config_get_mode()) {
+ case SERVER:
+ pr_info("Server mode configured; disabling logging on standard streams.");
+ pr_info("(Logs will be sent to syslog only.)");
+ log_disable_std();
+ break;
+ case STANDALONE:
+ pr_info("Standalone mode configured; disabling logging on syslog.");
+ pr_info("(Logs will be sent to the standard streams only.)");
+ log_disable_syslog();
+ break;
+ }
+
error = nid_init();
if (error)
goto revert_config;
free_rpki_config();
return error;
}
+
+int
+main(int argc, char **argv)
+{
+ int error;
+
+ log_setup();
+ error = __main(argc, argv);
+ log_teardown();
+
+ return error;
+}
pr_debug_prefix();
fprintf(stdout, "serial Number: ");
BN_print_fp(stdout, number);
- fprintf(stdout, "\n");
+ pr_debug_suffix();
#endif
error = x509stack_store_serial(validation_certstack(state), number);
if (!X509_EXTENSION_get_critical(ext))
return pr_err("The IP extension is not marked as critical.");
- pr_debug_add("IP {");
+ pr_debug("IP {");
error = handle_ip_extension(ext, resources);
- pr_debug_rm("}");
+ pr_debug("}");
ip_ext_found = true;
if (error)
if (!X509_EXTENSION_get_critical(ext))
return pr_err("The AS extension is not marked as critical.");
- pr_debug_add("ASN {");
+ pr_debug("ASN {");
error = handle_asn_extension(ext, resources,
allow_asn_inherit);
- pr_debug_rm("}");
+ pr_debug("}");
asn_ext_found = true;
if (error)
#ifdef DEBUG
if (IS_TA)
- pr_debug_add("TA Certificate '%s' {",
+ pr_debug("TA Certificate '%s' {",
uri_get_printable(cert_uri));
else
- pr_debug_add("Certificate '%s' {",
+ pr_debug("Certificate '%s' {",
uri_get_printable(cert_uri));
#endif
fnstack_push_uri(cert_uri);
X509_free(cert);
revert_fnstack_and_debug:
fnstack_pop();
- pr_debug_rm("}");
+ pr_debug("}");
return error;
}
pr_debug_prefix();
fprintf(stdout, "Revoked: ");
BN_print_fp(stdout, serial_bn);
- fprintf(stdout, "\n");
BN_free(serial_bn);
+ pr_debug_suffix();
#endif
if (X509_REVOKED_get0_revocationDate(revoked) == NULL) {
crl_load(struct rpki_uri *uri, X509_CRL **result)
{
int error;
- pr_debug_add("CRL '%s' {", uri_get_printable(uri));
+ pr_debug("CRL '%s' {", uri_get_printable(uri));
error = __crl_load(uri, result);
if (!error)
error = crl_validate(*result);
- pr_debug_rm("}");
+ pr_debug("}");
return error;
}
int error;
/* Prepare */
- pr_debug_add("Ghostbusters '%s' {", uri_get_printable(uri));
+ pr_debug("Ghostbusters '%s' {", uri_get_printable(uri));
fnstack_push_uri(uri);
/* Decode */
revert_sobj:
signed_object_cleanup(&sobj);
revert_log:
- pr_debug_rm("}");
+ pr_debug("}");
fnstack_pop();
return error;
}
int error;
/* Prepare */
- pr_debug_add("Manifest '%s' {", uri_get_printable(uri));
+ pr_debug("Manifest '%s' {", uri_get_printable(uri));
fnstack_push_uri(uri);
/* Decode */
revert_sobj:
signed_object_cleanup(&sobj);
revert_log:
- pr_debug_rm("}");
+ pr_debug("}");
fnstack_pop();
return error;
}
if (error)
return error;
- pr_debug_add("ROAIPAddress {");
+ pr_debug("ROAIPAddress {");
pr_debug("address: %s/%u", v4addr2str(&prefix.addr), prefix.len);
if (roa_addr->maxLength != NULL) {
goto end_error;
}
- pr_debug_rm("}");
+ pr_debug("}");
return vhandler_handle_roa_v4(asn, &prefix, max_length);
end_error:
- pr_debug_rm("}");
+ pr_debug("}");
return error;
}
if (error)
return error;
- pr_debug_add("ROAIPAddress {");
+ pr_debug("ROAIPAddress {");
pr_debug("address: %s/%u", v6addr2str(&prefix.addr), prefix.len);
if (roa_addr->maxLength != NULL) {
goto end_error;
}
- pr_debug_rm("}");
+ pr_debug("}");
return vhandler_handle_roa_v6(asn, &prefix, max_length);
end_error:
- pr_debug_rm("}");
+ pr_debug("}");
return error;
}
int a;
int error;
- pr_debug_add("eContent {");
+ pr_debug("eContent {");
if (roa->version != NULL) {
error = asn_INTEGER2ulong(roa->version, &version);
if (error) {
goto end_error;
}
- pr_debug_add("ipAddrBlocks {");
+ pr_debug("ipAddrBlocks {");
for (b = 0; b < roa->ipAddrBlocks.list.count; b++) {
block = roa->ipAddrBlocks.list.array[b];
if (block == NULL) {
if (block->addressFamily.buf[1] != 1
&& block->addressFamily.buf[1] != 2)
goto family_error;
- pr_debug_add("%s {",
+ pr_debug("%s {",
block->addressFamily.buf[1] == 1 ? "v4" : "v6");
if (block->addresses.list.array == NULL) {
error = pr_err("ROA's address list array is NULL.");
- pr_debug_rm("}");
+ pr_debug("}");
goto ip_error;
}
block->addressFamily.buf[1],
block->addresses.list.array[a]);
if (error) {
- pr_debug_rm("}");
+ pr_debug("}");
goto ip_error;
}
}
- pr_debug_rm("}");
+ pr_debug("}");
}
/* Error 0 it's ok */
family_error:
error = pr_err("ROA's IP family is not v4 or v6.");
ip_error:
- pr_debug_rm("}");
+ pr_debug("}");
end_error:
- pr_debug_rm("}");
+ pr_debug("}");
return error;
}
int error;
/* Prepare */
- pr_debug_add("ROA '%s' {", uri_get_printable(uri));
+ pr_debug("ROA '%s' {", uri_get_printable(uri));
fnstack_push_uri(uri);
/* Decode */
signed_object_cleanup(&sobj);
revert_log:
fnstack_pop();
- pr_debug_rm("}");
+ pr_debug("}");
return error;
}
return ENSURE_NEGATIVE(error);
}
- pr_debug_add("TAL URI '%s' {", uri_get_printable(uri));
+ pr_debug("TAL URI '%s' {", uri_get_printable(uri));
if (!uri_is_certificate(uri)) {
error = pr_err("TAL file does not point to a certificate. (Expected .cer, got '%s')",
fail: error = ENSURE_NEGATIVE(error);
end: validation_destroy(state);
- pr_debug_rm("}");
+ pr_debug("}");
return error;
}
return error;
for (addr = addrs; addr != NULL; addr = addr->ai_next) {
- printf(
- "Attempting to bind socket to address '%s', port '%s'.\n",
+ pr_info(
+ "Attempting to bind socket to address '%s', port '%s'.",
(addr->ai_canonname != NULL) ? addr->ai_canonname : "any",
config_get_server_port());
port = (unsigned char)(addr->ai_addr->sa_data[0]) << 8;
port += (unsigned char)(addr->ai_addr->sa_data[1]);
- printf("Success, bound to address '%s', port '%ld'.\n",
+ pr_info("Success; bound to address '%s', port '%ld'.",
(addr->ai_canonname != NULL) ? addr->ai_canonname : "any",
port);
freeaddrinfo(addrs);
if (error)
pr_err("Error %d while trying to update the ROA database.",
error);
+ else
+ pr_info("Validation finished.");
goto revert_clients_db; /* Error 0 it's ok */
}
error = pthread_key_create(&state_key, NULL);
if (error) {
- fprintf(stderr,
- "Fatal: Errcode %d while initializing the validation state thread variable.\n",
+ pr_err(
+ "Fatal: Errcode %d while initializing the validation state thread variable.",
error);
return error;
}
*/
error = pthread_key_create(&filenames_key, fnstack_discard);
if (error) {
- fprintf(stderr,
- "Fatal: Errcode %d while initializing the file name stack thread variable.\n",
+ pr_err(
+ "Fatal: Errcode %d while initializing the file name stack thread variable.",
error);
return error;
}
error = pthread_setspecific(state_key, state);
if (error)
- fprintf(stderr, "pthread_setspecific() returned %d.", error);
+ pr_err("pthread_setspecific() returned %d.", error);
return error;
}
state = pthread_getspecific(state_key);
if (state == NULL)
- fprintf(stderr, "Programming error: This thread lacks a validation state.\n");
+ pr_err("Programming error: This thread lacks a validation state.");
return state;
}
error = pthread_setspecific(filenames_key, files);
if (error)
- fprintf(stderr, "pthread_setspecific() returned %d.", error);
+ pr_err("pthread_setspecific() returned %d.", error);
}
void
error = pthread_setspecific(filenames_key, NULL);
if (error)
- fprintf(stderr, "pthread_setspecific() returned %d.", error);
+ pr_err("pthread_setspecific() returned %d.", error);
}
/**
projects / thirdparty / FORT-validator.git / commitdiff
