size_t len );
};
+/**
+ * Get validator name (for debug messages)
+ *
+ * @v validator Certificate validator
+ * @ret name Validator name
+ */
+static const char * validator_name ( struct validator *validator ) {
+
+ /* Use name of first certificate in chain */
+ return x509_name ( x509_first ( validator->chain ) );
+}
+
/**
* Free certificate validator
*
struct validator *validator =
container_of ( refcnt, struct validator, refcnt );
- DBGC2 ( validator, "VALIDATOR %p freed\n", validator );
+ DBGC2 ( validator, "VALIDATOR %p \"%s\" freed\n",
+ validator, validator_name ( validator ) );
x509_chain_put ( validator->chain );
ocsp_put ( validator->ocsp );
xferbuf_free ( &validator->buffer );
/* Enter certificateSet */
if ( ( rc = asn1_enter ( &cursor, ASN1_SET ) ) != 0 ) {
- DBGC ( validator, "VALIDATOR %p could not enter "
- "certificateSet: %s\n", validator, strerror ( rc ) );
+ DBGC ( validator, "VALIDATOR %p \"%s\" could not enter "
+ "certificateSet: %s\n", validator,
+ validator_name ( validator ), strerror ( rc ) );
goto err_certificateset;
}
/* Add certificate to chain */
if ( ( rc = x509_append_raw ( certs, cursor.data,
cursor.len ) ) != 0 ) {
- DBGC ( validator, "VALIDATOR %p could not append "
- "certificate: %s\n",
- validator, strerror ( rc) );
+ DBGC ( validator, "VALIDATOR %p \"%s\" could not "
+ "append certificate: %s\n", validator,
+ validator_name ( validator ), strerror ( rc) );
DBGC_HDA ( validator, 0, cursor.data, cursor.len );
return rc;
}
cert = x509_last ( certs );
- DBGC ( validator, "VALIDATOR %p found certificate %s\n",
- validator, x509_name ( cert ) );
+ DBGC ( validator, "VALIDATOR %p \"%s\" found certificate ",
+ validator, validator_name ( validator ) );
+ DBGC ( validator, "%s\n", x509_name ( cert ) );
/* Move to next certificate */
asn1_skip_any ( &cursor );
/* Append certificates to chain */
last = x509_last ( validator->chain );
if ( ( rc = x509_auto_append ( validator->chain, certs ) ) != 0 ) {
- DBGC ( validator, "VALIDATOR %p could not append "
- "certificates: %s\n", validator, strerror ( rc ) );
+ DBGC ( validator, "VALIDATOR %p \"%s\" could not append "
+ "certificates: %s\n", validator,
+ validator_name ( validator ), strerror ( rc ) );
goto err_auto_append;
}
/* Check that at least one certificate has been added */
if ( last == x509_last ( validator->chain ) ) {
- DBGC ( validator, "VALIDATOR %p failed to append any "
- "applicable certificates\n", validator );
+ DBGC ( validator, "VALIDATOR %p \"%s\" failed to append any "
+ "applicable certificates\n", validator,
+ validator_name ( validator ) );
rc = -EACCES;
goto err_no_progress;
}
* Start download of cross-signing certificate
*
* @v validator Certificate validator
- * @v issuer Required issuer
+ * @v cert X.509 certificate
* @ret rc Return status code
*/
static int validator_start_download ( struct validator *validator,
- const struct asn1_cursor *issuer ) {
+ struct x509_certificate *cert ) {
+ const struct asn1_cursor *issuer = &cert->issuer.raw;
const char *crosscert;
char *crosscert_copy;
char *uri_string;
crosscert, crc );
base64_encode ( issuer->data, issuer->len, ( uri_string + len ),
( uri_string_len - len ) );
- DBGC ( validator, "VALIDATOR %p downloading cross-signed certificate "
- "from %s\n", validator, uri_string );
+ DBGC ( validator, "VALIDATOR %p \"%s\" downloading ",
+ validator, validator_name ( validator ) );
+ DBGC ( validator, "\"%s\" cross-signature from %s\n",
+ x509_name ( cert ), uri_string );
/* Set completion handler */
validator->done = validator_append;
/* Open URI */
if ( ( rc = xfer_open_uri_string ( &validator->xfer,
uri_string ) ) != 0 ) {
- DBGC ( validator, "VALIDATOR %p could not open %s: %s\n",
- validator, uri_string, strerror ( rc ) );
+ DBGC ( validator, "VALIDATOR %p \"%s\" could not open %s: "
+ "%s\n", validator, validator_name ( validator ),
+ uri_string, strerror ( rc ) );
goto err_open_uri_string;
}
/* Record OCSP response */
if ( ( rc = ocsp_response ( validator->ocsp, data, len ) ) != 0 ) {
- DBGC ( validator, "VALIDATOR %p could not record OCSP "
- "response: %s\n", validator, strerror ( rc ) );
+ DBGC ( validator, "VALIDATOR %p \"%s\" could not record OCSP "
+ "response: %s\n", validator,
+ validator_name ( validator ),strerror ( rc ) );
return rc;
}
/* Validate OCSP response */
now = time ( NULL );
if ( ( rc = ocsp_validate ( validator->ocsp, now ) ) != 0 ) {
- DBGC ( validator, "VALIDATOR %p could not validate OCSP "
- "response: %s\n", validator, strerror ( rc ) );
+ DBGC ( validator, "VALIDATOR %p \"%s\" could not validate "
+ "OCSP response: %s\n", validator,
+ validator_name ( validator ), strerror ( rc ) );
return rc;
}
/* Create OCSP check */
assert ( validator->ocsp == NULL );
if ( ( rc = ocsp_check ( cert, issuer, &validator->ocsp ) ) != 0 ) {
- DBGC ( validator, "VALIDATOR %p could not create OCSP check: "
- "%s\n", validator, strerror ( rc ) );
+ DBGC ( validator, "VALIDATOR %p \"%s\" could not create OCSP "
+ "check: %s\n", validator, validator_name ( validator ),
+ strerror ( rc ) );
return rc;
}
/* Open URI */
uri_string = validator->ocsp->uri_string;
- DBGC ( validator, "VALIDATOR %p performing OCSP check at %s\n",
- validator, uri_string );
+ DBGC ( validator, "VALIDATOR %p \"%s\" checking ",
+ validator, validator_name ( validator ) );
+ DBGC ( validator, "\"%s\" via %s\n",
+ x509_name ( cert ), uri_string );
if ( ( rc = xfer_open_uri_string ( &validator->xfer,
uri_string ) ) != 0 ) {
- DBGC ( validator, "VALIDATOR %p could not open %s: %s\n",
- validator, uri_string, strerror ( rc ) );
+ DBGC ( validator, "VALIDATOR %p \"%s\" could not open %s: "
+ "%s\n", validator, validator_name ( validator ),
+ uri_string, strerror ( rc ) );
return rc;
}
/* Check for errors */
if ( rc != 0 ) {
- DBGC ( validator, "VALIDATOR %p transfer failed: %s\n",
- validator, strerror ( rc ) );
+ DBGC ( validator, "VALIDATOR %p \"%s\" transfer failed: %s\n",
+ validator, validator_name ( validator ),
+ strerror ( rc ) );
goto err_transfer;
}
- DBGC2 ( validator, "VALIDATOR %p transfer complete\n", validator );
+ DBGC2 ( validator, "VALIDATOR %p \"%s\" transfer complete\n",
+ validator, validator_name ( validator ) );
/* Process completed download */
assert ( validator->done != NULL );
/* Add data to buffer */
if ( ( rc = xferbuf_deliver ( &validator->buffer, iob_disown ( iobuf ),
meta ) ) != 0 ) {
- DBGC ( validator, "VALIDATOR %p could not receive data: %s\n",
- validator, strerror ( rc ) );
+ DBGC ( validator, "VALIDATOR %p \"%s\" could not receive "
+ "data: %s\n", validator, validator_name ( validator ),
+ strerror ( rc ) );
validator_finished ( validator, rc );
return rc;
}
now = time ( NULL );
if ( ( rc = x509_validate_chain ( validator->chain, now, NULL,
NULL ) ) == 0 ) {
+ DBGC ( validator, "VALIDATOR %p \"%s\" validated\n",
+ validator, validator_name ( validator ) );
validator_finished ( validator, 0 );
return;
}
/* Otherwise, try to download a suitable cross-signing
* certificate.
*/
- if ( ( rc = validator_start_download ( validator,
- &last->issuer.raw ) ) != 0 ) {
+ if ( ( rc = validator_start_download ( validator, last ) ) != 0 ) {
validator_finished ( validator, rc );
return;
}
/* Attach parent interface, mortalise self, and return */
intf_plug_plug ( &validator->job, job );
ref_put ( &validator->refcnt );
- DBGC2 ( validator, "VALIDATOR %p validating X509 chain %p\n",
- validator, validator->chain );
+ DBGC2 ( validator, "VALIDATOR %p \"%s\" validating X509 chain %p\n",
+ validator, validator_name ( validator ), validator->chain );
return 0;
validator_finished ( validator, rc );
projects / thirdparty / ipxe.git / commitdiff
