if (tmp != otmp + cert_encoded->size)
return val_crypto_err("Signed object's 'certificate' element contains trailing garbage");
- x509_name_pr_debug("Issuer", X509_get_issuer_name(ee->x509));
+ x509_name_pr_clutter("Issuer", X509_get_issuer_name(ee->x509));
error = certificate_validate_chain(ee);
if (error)
* Ignore SIGHUP. SIGCHLD isn't ignored since we still do a fork to
* execute rsync; when that's not the case then:
* signal(SIGCHLD, SIG_IGN);
+ * XXX unsafe on multithreaded
*/
signal(SIGHUP, SIG_IGN);
size_t actual_len;
int error;
- pr_val_debug("Validating file hash: %s", path);
+ pr_clutter("Validating file hash: %s", path);
if (expected_len != hash_get_size(algorithm))
return pr_val_err("%s string has bogus size: %zu",
}
bool
-log_val_enabled(unsigned int level)
+pr_val_enabled(unsigned int level)
{
return val_config.level >= level;
}
bool
-log_op_enabled(unsigned int level)
+pr_op_enabled(unsigned int level)
{
return op_config.level >= level;
}
* Check if corresponding logging is enabled. You can use these to short-circuit
* out of heavy logging code.
*/
-bool log_val_enabled(unsigned int level);
-bool log_op_enabled(unsigned int level);
+bool pr_val_enabled(unsigned int level);
+bool pr_op_enabled(unsigned int level);
+
+#define pr_clutter_enabled() false
+#define pr_clutter(...)
/* == Operation logs == */
/* Like pr_op_err(), except it prints libcrypto's error stack as well. */
int op_crypto_err(const char *, ...) CHECK_FORMAT(1, 2);
-
/* == Validation logs == */
/* Status reports of no interest to the user. */
error = x509_name_decode(issuer, "issuer", &name);
if (error)
return error;
- pr_val_debug("Issuer: %s", x509_name_commonName(name));
+ pr_clutter("Issuer: %s", x509_name_commonName(name));
x509_name_put(name);
return 0;
error = x509_name_decode(X509_get_subject_name(cert), "subject", &name);
if (error)
return error;
- pr_val_debug("Subject: %s", x509_name_commonName(name));
+ pr_clutter("Subject: %s", x509_name_commonName(name));
x509_name_put(name);
return error;
}
static void
-pr_debug_x509_dates(X509 *x509)
+pr_clutter_x509_dates(X509 *x509)
{
char *nb, *na;
nb = asn1time2str(X509_get0_notBefore(x509));
na = asn1time2str(X509_get0_notAfter(x509));
- pr_val_debug("Valid range: [%s, %s]", nb, na);
+ pr_clutter("Valid range: [%s, %s]", nb, na);
free(nb);
free(na);
}
X509_STORE_CTX_set0_crls(ctx, crls);
- if (log_val_enabled(LOG_DEBUG))
- pr_debug_x509_dates(cert->x509);
+ if (pr_clutter_enabled())
+ pr_clutter_x509_dates(cert->x509);
/*
* HERE'S THE MEAT OF LIBCRYPTO'S VALIDATION.
{
struct sia_uris *uris = arg;
- pr_val_debug("rpkiManifest: %s", uri);
+ pr_clutter("rpkiManifest: %s", uri);
if (uris->rpkiManifest != NULL) {
pr_val_warn("Ignoring additional rpkiManifest: %s", uri);
{
struct sia_uris *uris = arg;
- pr_val_debug("caRepository: %s", uri);
+ pr_clutter("caRepository: %s", uri);
if (uris->caRepository != NULL) {
pr_val_warn("Ignoring additional caRepository: %s", uri);
{
struct sia_uris *uris = arg;
- pr_val_debug("rpkiNotify: %s", uri);
+ pr_clutter("rpkiNotify: %s", uri);
if (uris->rpkiNotify != NULL) {
pr_val_warn("Ignoring additional rpkiNotify: %s", uri);
handle_signedObject(char *uri, void *arg)
{
struct sia_uris *sias = arg;
- pr_val_debug("signedObject: %s", uri);
+ pr_clutter("signedObject: %s", uri);
sias->signedObject = uri;
}
switch (cert->type) {
case CERTYPE_TA:
- pr_val_debug("Type: TA");
+ pr_clutter("Type: TA");
break;
case CERTYPE_CA:
- pr_val_debug("Type: CA");
+ pr_clutter("Type: CA");
break;
case CERTYPE_BGPSEC:
- pr_val_debug("Type: BGPsec EE. Ignoring...");
+ pr_clutter("Type: BGPsec EE. Ignoring...");
// error = handle_bgpsec(cert, x509stack_peek_resources(
// validation_certstack(state)), rpp_parent);
goto end;
}
static void
-debug_revoked(ASN1_INTEGER const *serial_int)
+pr_clutter_revoked(ASN1_INTEGER const *serial_int)
{
BIGNUM *serial_bn;
char *serial_str;
goto end;
}
- pr_val_debug("Revoked: %s", serial_str);
+ pr_clutter("Revoked: %s", serial_str);
free(serial_str);
end: BN_free(serial_bn);
i + 1);
}
- if (log_val_enabled(LOG_DEBUG))
- debug_revoked(serial_int);
+ if (pr_clutter_enabled())
+ pr_clutter_revoked(serial_int);
if (X509_REVOKED_get0_revocationDate(revoked) == NULL) {
return pr_val_err("CRL's revoked entry #%d lacks a revocation date.",
if (error)
return error;
- pr_val_debug("address: %s/%u", addr2str4(&pfx.addr, buf), pfx.len);
+ pr_clutter("address: %s/%u", addr2str4(&pfx.addr, buf), pfx.len);
if (roa_addr->maxLength != NULL) {
error = asn_INTEGER2ulong(roa_addr->maxLength, &maxlen);
}
return pr_val_err("The ROA's IPv4 maxLength isn't a valid unsigned long");
}
- pr_val_debug("maxLength: %lu", maxlen);
+ pr_clutter("maxLength: %lu", maxlen);
if (maxlen > 32) {
return pr_val_err("maxLength (%lu) is out of bounds (0-32).",
if (error)
return error;
- pr_val_debug("address: %s/%u", addr2str6(&pfx.addr, buf), pfx.len);
+ pr_clutter("address: %s/%u", addr2str6(&pfx.addr, buf), pfx.len);
if (roa_addr->maxLength != NULL) {
error = asn_INTEGER2ulong(roa_addr->maxLength, &maxlen);
}
return pr_val_err("The ROA's IPv6 maxLength isn't a valid unsigned long");
}
- pr_val_debug("maxLength: %lu", maxlen);
+ pr_clutter("maxLength: %lu", maxlen);
if (maxlen > 128) {
return pr_val_err("maxLength (%lu) is out of bounds (0-128).",
resources->ip4s = parent->ip4s;
if (resources->ip4s != NULL)
res4_get(resources->ip4s);
- pr_val_debug("<Inherit IPv4>");
+ pr_clutter("<Inherit IPv4>");
return 0;
case AF_INET6:
resources->ip6s = parent->ip6s;
if (resources->ip6s != NULL)
res6_get(resources->ip6s);
- pr_val_debug("<Inherit IPv6>");
+ pr_clutter("<Inherit IPv6>");
return 0;
}
return error;
}
- pr_val_debug("Prefix: %s/%u", addr2str4(&prefix.addr, buf), prefix.len);
+ pr_clutter("Prefix: %s/%u", addr2str4(&prefix.addr, buf), prefix.len);
return 0;
}
return error;
}
- pr_val_debug("Prefix: %s/%u", addr2str6(&prefix.addr, buf), prefix.len);
+ pr_clutter("Prefix: %s/%u", addr2str6(&prefix.addr, buf), prefix.len);
return 0;
}
return error;
}
- pr_val_debug("Range: %s-%s",
+ pr_clutter("Range: %s-%s",
addr2str4(&range.min, buf1),
addr2str4(&range.max, buf2));
return 0;
return error;
}
- pr_val_debug("Range: %s-%s",
+ pr_clutter("Range: %s-%s",
addr2str6(&range.min, buf1),
addr2str6(&range.max, buf2));
return 0;
resources->asns = parent->asns;
if (resources->asns != NULL)
rasn_get(resources->asns);
- pr_val_debug("<Inherit ASN>");
+ pr_clutter("<Inherit ASN>");
return 0;
}
}
if (asns->min == asns->max)
- pr_val_debug("ASN: %u", asns->min);
+ pr_clutter("ASN: %u", asns->min);
else
- pr_val_debug("ASN: %u-%u", asns->min, asns->max);
+ pr_clutter("ASN: %u-%u", asns->min, asns->max);
return 0;
}
if (error)
goto end;
- pr_val_debug("Publish %s", logv_filename(tag.meta.uri));
+ pr_clutter("Publish %s", logv_filename(tag.meta.uri));
len = strlen(tag.meta.uri);
file = state_find_file(args->state, tag.meta.uri, len);
if (error)
goto end;
- pr_val_debug("Withdraw %s", logv_filename(tag.meta.uri));
+ pr_clutter("Withdraw %s", logv_filename(tag.meta.uri));
len = strlen(tag.meta.uri);
file = state_find_file(args->state, tag.meta.uri, len);
output_atexit();
/* Trigger default handler */
+ /* XXX unsafe on multithreaded */
signal(signum, SIG_DFL);
kill(getpid(), signum);
}
error = x509_name_decode(issuer, "issuer", &child_issuer);
if (error)
goto end;
- pr_val_debug("Issuer: %s", child_issuer->commonName);
+ pr_clutter("Issuer: %s", child_issuer->commonName);
if (!x509_name_equals(parent_subject, child_issuer)) {
char const *parent_serial;
}
void
-x509_name_pr_debug(const char *prefix, X509_NAME *name)
+x509_name_pr_clutter(const char *prefix, X509_NAME *name)
{
- if (!log_val_enabled(LOG_DEBUG))
+ if (!pr_clutter_enabled())
return;
struct rfc5280_name *printable;
if (name == NULL) {
- pr_val_debug("%s: (null)", prefix);
+ pr_clutter("%s: (null)", prefix);
return;
}
if (x509_name_decode(name, prefix, &printable) != 0)
return; /* Error message already printed */
- pr_val_debug("%s: %s", prefix, printable->commonName);
+ pr_clutter("%s: %s", prefix, printable->commonName);
x509_name_put(printable);
}
/* X509_NAME utils */
int validate_issuer_name(X509_NAME *, X509 *);
-void x509_name_pr_debug(char const *, X509_NAME *);
+void x509_name_pr_clutter(char const *, X509_NAME *);
#endif /* SRC_TYPES_NAME_H_ */
/* Some core functions, as linked from unit tests. */
-MOCK_TRUE(log_val_enabled, unsigned int l)
-MOCK_TRUE(log_op_enabled, unsigned int l)
-
/* CFLAGS=-DPRINT_PRS make check */
#ifdef PRINT_PRS
#define MOCK_PRINT(color) \
projects / thirdparty / FORT-validator.git / commitdiff
