From: Dr. David von Oheimb Date: Fri, 30 May 2025 07:36:03 +0000 (+0200) Subject: apps/cmp.c: make error/warning/info/debug log output text lines consistently start... X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=371b259013dc75f20ec1cd7f57bbf90f241d03d0;p=thirdparty%2Fopenssl.git apps/cmp.c: make error/warning/info/debug log output text lines consistently start upper-case Reviewed-by: Dmitry Belyavskiy Reviewed-by: Paul Dale MergeDate: Tue Feb 3 08:42:59 2026 (Merged from https://github.com/openssl/openssl/pull/28478) --- diff --git a/apps/cmp.c b/apps/cmp.c index fcb7e33c5a6..427ff0e5192 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -894,7 +894,7 @@ static int write_PKIMESSAGE(const OSSL_CMP_MSG *msg, char **filenames) file = *filenames; *filenames = next_item(file); if (OSSL_CMP_MSG_write(file, msg) < 0) { - CMP_err1("cannot write PKIMessage to file '%s'", file); + CMP_err1("Cannot write PKIMessage to file '%s'", file); return 0; } return 1; @@ -911,7 +911,7 @@ static OSSL_CMP_MSG *read_PKIMESSAGE(const char *desc, char **filenames) return NULL; } if (*filenames == NULL) { - CMP_err("too few file names provided for reading PKIMessage"); + CMP_err("Too few file names provided for reading PKIMessage"); return NULL; } @@ -920,7 +920,7 @@ static OSSL_CMP_MSG *read_PKIMESSAGE(const char *desc, char **filenames) ret = OSSL_CMP_MSG_read(file, app_get0_libctx(), app_get0_propq()); if (ret == NULL) - CMP_err1("cannot read PKIMessage from file '%s'", file); + CMP_err1("Cannot read PKIMessage from file '%s'", file); else CMP_info2("%s %s", desc, file); return ret; @@ -942,7 +942,7 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx, if (opt_reqout_only != NULL) { if (OSSL_CMP_MSG_write(opt_reqout_only, req) < 0) - CMP_err1("cannot write request PKIMessage to file '%s'", + CMP_err1("Cannot write request PKIMessage to file '%s'", opt_reqout_only); else reqout_only_done = 1; @@ -983,7 +983,7 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx, } else { #if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) if (opt_server == NULL) { - CMP_err("missing -server or -use_mock_srv option, or too few -rspin filename arguments"); + CMP_err("Missing -server or -use_mock_srv option, or too few -rspin filename arguments"); goto err; } if (rspin_in_use) @@ -1035,7 +1035,7 @@ static int set_name(const char *str, return 0; if (!(*set_fn)(ctx, n)) { X509_NAME_free(n); - CMP_err("out of memory"); + CMP_err("Out of memory"); return 0; } X509_NAME_free(n); @@ -1069,12 +1069,12 @@ static int set_gennames(OSSL_CMP_CTX *ctx, char *names, const char *desc) (void)ERR_pop_to_mark(); if (n == NULL) { - CMP_err2("bad syntax of %s '%s'", desc, names); + CMP_err2("Bad syntax of %s '%s'", desc, names); return 0; } if (!OSSL_CMP_CTX_push1_subjectAltName(ctx, n)) { GENERAL_NAME_free(n); - CMP_err("out of memory"); + CMP_err("Out of memory"); return 0; } GENERAL_NAME_free(n); @@ -1165,11 +1165,11 @@ static int transform_opts(void) } else if (!strcmp(opt_cmd_s, "genm")) { opt_cmd = CMP_GENM; } else { - CMP_err1("unknown cmp command '%s'", opt_cmd_s); + CMP_err1("Unknown cmp command '%s'", opt_cmd_s); return 0; } } else { - CMP_err("no cmp command to execute"); + CMP_err("No cmp command to execute"); return 0; } @@ -1177,7 +1177,7 @@ static int transform_opts(void) if (opt_keyform_s != NULL && !opt_format(opt_keyform_s, FORMAT_OPTIONS, &opt_keyform)) { - CMP_err("unknown option given for key loading format"); + CMP_err("Unknown option given for key loading format"); return 0; } @@ -1185,12 +1185,12 @@ static int transform_opts(void) if (opt_certform_s != NULL && !opt_format(opt_certform_s, OPT_FMT_PEMDER, &opt_certform)) { - CMP_err("unknown option given for certificate storing format"); + CMP_err("Unknown option given for certificate storing format"); return 0; } if (opt_crlform_s != NULL && !opt_format(opt_crlform_s, OPT_FMT_PEMDER, &opt_crlform)) { - CMP_err("unknown option given for CRL storing format"); + CMP_err("Unknown option given for CRL storing format"); return 0; } @@ -1210,7 +1210,7 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(void) if (opt_srv_ref == NULL) { if (opt_srv_cert == NULL) { /* opt_srv_cert should determine the sender */ - CMP_err("must give -srv_ref for mock server if no -srv_cert given"); + CMP_err("Must give -srv_ref for mock server if no -srv_cert given"); goto err; } } else { @@ -1232,7 +1232,7 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(void) goto err; } } else if (opt_srv_cert == NULL) { - CMP_err("server credentials (-srv_secret or -srv_cert) must be given if -use_mock_srv or -port is used"); + CMP_err("Server credentials (-srv_secret or -srv_cert) must be given if -use_mock_srv or -port is used"); goto err; } else { CMP_warn("server will not be able to handle PBM-protected requests since -srv_secret is not given"); @@ -1240,7 +1240,7 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(void) if (opt_srv_secret == NULL && ((opt_srv_cert == NULL) != (opt_srv_key == NULL))) { - CMP_err("must give both -srv_cert and -srv_key options or neither"); + CMP_err("Must give both -srv_cert and -srv_key options or neither"); goto err; } if (!setup_cert(ctx, opt_srv_cert, opt_srv_keypass, @@ -1483,7 +1483,7 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host) * the chain to be provided with the TLS client cert to the TLS server. */ if (!ok || !SSL_CTX_set0_chain(ssl_ctx, certs)) { - CMP_err1("unable to use client TLS certificate file '%s'", + CMP_err1("Unable to use client TLS certificate file '%s'", opt_tls_cert); OSSL_STACK_OF_X509_free(certs); goto err; @@ -1491,7 +1491,7 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host) for (i = 0; i < sk_X509_num(untrusted); i++) { cert = sk_X509_value(untrusted, i); if (!SSL_CTX_add1_chain_cert(ssl_ctx, cert)) { - CMP_err("could not add untrusted cert to TLS client cert chain"); + CMP_err("Could not add untrusted cert to TLS client cert chain"); goto err; } } @@ -1510,10 +1510,10 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host) | X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_POLICY_CHECK)); } - CMP_debug("trying to build cert chain for own TLS cert"); + CMP_debug("Trying to build cert chain for own TLS cert"); if (SSL_CTX_build_cert_chain(ssl_ctx, SSL_BUILD_CHAIN_FLAG_UNTRUSTED | SSL_BUILD_CHAIN_FLAG_NO_ROOT)) { - CMP_debug("success building cert chain for own TLS cert"); + CMP_debug("Success building cert chain for own TLS cert"); } else { OSSL_CMP_CTX_print_errors(ctx); CMP_warn("could not build cert chain for own TLS cert"); @@ -1565,7 +1565,7 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host) goto err; } if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) <= 0) { - CMP_err1("unable to use TLS client private key '%s'", opt_tls_key); + CMP_err1("Unable to use TLS client private key '%s'", opt_tls_key); EVP_PKEY_free(pkey); pkey = NULL; /* otherwise, for some reason double free! */ goto err; @@ -1599,7 +1599,7 @@ err: static int setup_protection_ctx(OSSL_CMP_CTX *ctx) { if (!opt_unprotected_requests && opt_secret == NULL && opt_key == NULL) { - CMP_err("must give -key or -secret unless -unprotected_requests is used"); + CMP_err("Must give -key or -secret unless -unprotected_requests is used"); return 0; } @@ -1609,7 +1609,7 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx) return 0; } if (opt_secret == NULL && ((opt_cert == NULL) != (opt_key == NULL))) { - CMP_err("must give both -cert and -key options or neither"); + CMP_err("Must give both -cert and -key options or neither"); return 0; } if (opt_secret != NULL) { @@ -1660,7 +1660,7 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx) ok = OSSL_CMP_CTX_set1_cert(ctx, cert); X509_free(cert); if (!ok) { - CMP_err("out of memory"); + CMP_err("Out of memory"); } else { if (opt_own_trusted != NULL) { own_trusted = load_trusted(opt_own_trusted, 0, @@ -1689,12 +1689,12 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx) int digest = OBJ_ln2nid(opt_digest); if (digest == NID_undef) { - CMP_err1("digest algorithm name not recognized: '%s'", opt_digest); + CMP_err1("Digest algorithm name not recognized: '%s'", opt_digest); return 0; } if (!OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_DIGEST_ALGNID, digest) || !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_OWF_ALGNID, digest)) { - CMP_err1("digest algorithm name not supported: '%s'", opt_digest); + CMP_err1("Digest algorithm name not supported: '%s'", opt_digest); return 0; } } @@ -1729,21 +1729,18 @@ static int set_fallback_pubkey(OSSL_CMP_CTX *ctx) *end = bak; if (req == NULL) { - CMP_err1("failed to load ir/cr/kur file '%s' attempting to get fallback public key", - file); + CMP_err1("Failed to load ir/cr/kur file '%s' attempting to get fallback public key", file); return 0; } if ((pubkey = OSSL_CMP_MSG_get0_certreq_publickey(req)) == NULL || (pkey = X509_PUBKEY_get0(pubkey)) == NULL) { - CMP_err1("failed to get fallback public key from ir/cr/kur file '%s'", - file); + CMP_err1("Failed to get fallback public key from ir/cr/kur file '%s'", file); goto err; } pkey1 = EVP_PKEY_dup(pkey); if (pkey == NULL || !OSSL_CMP_CTX_set0_newPkey(ctx, 0 /* priv */, pkey1)) { EVP_PKEY_free(pkey1); - CMP_err1("failed to get fallback public key obtained from ir/cr/kur file '%s'", - file); + CMP_err1("Failed to get fallback public key obtained from ir/cr/kur file '%s'", file); goto err; } res = 1; @@ -1774,7 +1771,7 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx) if (opt_cmd == CMP_IR || opt_cmd == CMP_CR || opt_cmd == CMP_KUR) { if (opt_reqin == NULL && opt_newkey == NULL && !opt_centralkeygen && opt_key == NULL && opt_csr == NULL && opt_oldcert == NULL) { - CMP_err("missing -newkey (or -key) to be certified and no -csr, -oldcert, -cert, or -reqin option given, which could provide fallback public key." + CMP_err("Missing -newkey (or -key) to be certified and no -csr, -oldcert, -cert, or -reqin option given, which could provide fallback public key." " Neither central key generation is requested."); return 0; } @@ -1797,14 +1794,14 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx) && opt_popo != OSSL_CRMF_POPO_NONE && opt_popo != OSSL_CRMF_POPO_RAVERIFIED) { if (opt_csr != NULL) { - CMP_err1("no -newkey option given with private key for POPO, -csr option provides just public key%s", + CMP_err1("No -newkey option given with private key for POPO, -csr option provides just public key%s", opt_key == NULL ? "" : ", and -key option superseded by -csr"); if (opt_reqin != NULL) CMP_info("since -reqin is used, may use -popo -1 or -popo 0 to disable the needless generation of a POPO"); return 0; } if (opt_key == NULL) { - CMP_err("missing -newkey (or -key) option for key to be certified and for POPO"); + CMP_err("Missing -newkey (or -key) option for key to be certified and for POPO"); return 0; } } @@ -1860,21 +1857,21 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx) char *ref_cert = opt_oldcert != NULL ? opt_oldcert : opt_cert; if (ref_cert == NULL && opt_csr == NULL) { - CMP_err("missing -oldcert for certificate to be updated and no -csr given"); + CMP_err("Missing -oldcert for certificate to be updated and no -csr given"); return 0; } if (opt_subject != NULL) - CMP_warn2("given -subject '%s' overrides the subject of '%s' for KUR", + CMP_warn2("Given -subject '%s' overrides the subject of '%s' for KUR", opt_subject, ref_cert != NULL ? ref_cert : opt_csr); } if (opt_cmd == CMP_RR) { if (opt_issuer == NULL && opt_serial == NULL) { if (opt_oldcert == NULL && opt_csr == NULL) { - CMP_err("missing -oldcert or -issuer and -serial for certificate to be revoked and no -csr given"); + CMP_err("Missing -oldcert or -issuer and -serial for certificate to be revoked and no -csr given"); return 0; } if (opt_oldcert != NULL && opt_csr != NULL) - CMP_warn("ignoring -csr since certificate to be revoked is given"); + CMP_warn("Ignoring -csr since certificate to be revoked is given"); } else { #define OSSL_CMP_RR_MSG "since -issuer and -serial is given for command 'rr'" if (opt_issuer == NULL || opt_serial == NULL) { @@ -1890,12 +1887,12 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx) ASN1_INTEGER *sno; if ((sno = s2i_ASN1_INTEGER(NULL, opt_serial)) == NULL) { - CMP_err1("cannot read serial number: '%s'", opt_serial); + CMP_err1("Cannot read serial number: '%s'", opt_serial); return 0; } if (!OSSL_CMP_CTX_set1_serialNumber(ctx, sno)) { ASN1_INTEGER_free(sno); - CMP_err("out of memory"); + CMP_err("Out of memory"); return 0; } ASN1_INTEGER_free(sno); @@ -1908,13 +1905,13 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx) CMP_warn("Ignoring -serial for command other than 'rr'"); } if (opt_cmd == CMP_P10CR && opt_csr == NULL) { - CMP_err("missing PKCS#10 CSR for p10cr"); + CMP_err("Missing PKCS#10 CSR for p10cr"); return 0; } if (opt_recipient == NULL && opt_srvcert == NULL && opt_issuer == NULL && opt_oldcert == NULL && opt_cert == NULL) - CMP_warn("missing -recipient, -srvcert, -issuer, -oldcert or -cert; recipient for any requests not covered by -reqin will be set to \"NULL-DN\""); + CMP_warn("Missing -recipient, -srvcert, -issuer, -oldcert or -cert; recipient for any requests not covered by -reqin will be set to \"NULL-DN\""); if (opt_cmd == CMP_P10CR || opt_cmd == CMP_RR || opt_cmd == CMP_GENM) { const char *msg = "option is ignored for 'p10cr', 'rr', and 'genm' commands"; @@ -1962,14 +1959,13 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx) } if (opt_days > 0 - && !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_VALIDITY_DAYS, - opt_days)) { - CMP_err("could not set requested cert validity period"); + && !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_VALIDITY_DAYS, opt_days)) { + CMP_err("Could not set requested cert validity period"); return 0; } if (opt_policies != NULL && opt_policy_oids != NULL) { - CMP_err("cannot have policies both via -policies and via -policy_oids"); + CMP_err("Cannot have policies both via -policies and via -policy_oids"); return 0; } @@ -1991,14 +1987,12 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx) X509V3_set_nconf(&ext_ctx, conf); if (opt_reqexts != NULL && !X509V3_EXT_add_nconf_sk(conf, &ext_ctx, opt_reqexts, &exts)) { - CMP_err1("cannot load certificate request extension section '%s'", - opt_reqexts); + CMP_err1("Cannot load certificate request extension section '%s'", opt_reqexts); goto exts_err; } if (opt_policies != NULL && !X509V3_EXT_add_nconf_sk(conf, &ext_ctx, opt_policies, &exts)) { - CMP_err1("cannot load policy cert request extension section '%s'", - opt_policies); + CMP_err1("Cannot load policy cert request extension section '%s'", opt_policies); goto exts_err; } OSSL_CMP_CTX_set0_reqExtensions(ctx, exts); @@ -2007,7 +2001,7 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx) /* After here, must not goto oom/exts_err */ if (OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) && opt_sans != NULL) { - CMP_err("cannot have Subject Alternative Names both via -reqexts and via -sans"); + CMP_err("Cannot have Subject Alternative Names both via -reqexts and via -sans"); return 0; } if (!set_gennames(ctx, opt_sans, "Subject Alternative Name")) @@ -2045,7 +2039,7 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx) pinfo->policyid = policy; if (!OSSL_CMP_CTX_push0_policy(ctx, pinfo)) { - CMP_err1("cannot add policy with OID '%s'", opt_policy_oids); + CMP_err1("Cannot add policy with OID '%s'", opt_policy_oids); POLICYINFO_free(pinfo); return 0; } @@ -2071,7 +2065,7 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx) return 1; oom: - CMP_err("out of memory"); + CMP_err("Out of memory"); exts_err: sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); X509_REQ_free(csr); @@ -2193,7 +2187,7 @@ static int handle_opt_geninfo(OSSL_CMP_CTX *ctx) return 1; oom: - CMP_err("out of memory"); + CMP_err("Out of memory"); err: ASN1_OBJECT_free(obj); ASN1_TYPE_free(type); @@ -2225,26 +2219,25 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx) if (!opt_use_mock_srv && opt_rspin == NULL) { /* note: -port is not given */ #if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) if (opt_server == NULL && opt_reqout_only == NULL) { - CMP_err("missing -server or -use_mock_srv or -rspin option"); + CMP_err("Missing -server or -use_mock_srv or -rspin option"); goto err; } #else - CMP_err("missing -use_mock_srv or -rspin option; -server option is not supported due to no-sock build"); + CMP_err("Missing -use_mock_srv or -rspin option; -server option is not supported due to no-sock build"); goto err; #endif } #if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) if (opt_server == NULL) { if (opt_proxy != NULL) - CMP_warn("ignoring -proxy option since -server is not given"); + CMP_warn("Ignoring -proxy option since -server is not given"); if (opt_no_proxy != NULL) - CMP_warn("ignoring -no_proxy option since -server is not given"); + CMP_warn("Ignoring -no_proxy option since -server is not given"); goto set_path; } if (!OSSL_HTTP_parse_url(opt_server, &use_ssl, NULL /* user */, - &host, &port, &portnum, - &path, NULL /* q */, NULL /* frag */)) { - CMP_err1("cannot parse -server URL: %s", opt_server); + &host, &port, &portnum, &path, NULL /* q */, NULL /* frag */)) { + CMP_err1("Cannot parse -server URL: %s", opt_server); goto err; } if (use_ssl && !opt_tls_used) { @@ -2290,7 +2283,7 @@ set_path: strncat(id_buf, opt_infotype_s, sizeof(id_buf) - strlen(id_buf) - 1); if ((opt_infotype = OBJ_sn2nid(id_buf)) == NID_undef) { - CMP_err("unknown OID name in -infotype option"); + CMP_err("Unknown OID name in -infotype option"); goto err; } } @@ -2315,7 +2308,7 @@ set_path: CMP_warn1("-keyspec %s", msg); } else { if (opt_template == NULL) - CMP_err("missing -template option for genm with infotype certReqTemplate"); + CMP_err("Missing -template option for genm with infotype certReqTemplate"); } if (!setup_verification_ctx(ctx)) @@ -2355,10 +2348,10 @@ set_path: if (opt_tls_cert != NULL || opt_tls_key != NULL || opt_tls_keypass != NULL) { if (opt_tls_key == NULL) { - CMP_err("missing -tls_key option"); + CMP_err("Missing -tls_key option"); goto err; } else if (opt_tls_cert == NULL) { - CMP_err("missing -tls_cert option"); + CMP_err("Missing -tls_cert option"); goto err; } } @@ -2400,7 +2393,7 @@ set_path: /* not printing earlier, to minimize confusion in case setup fails before */ if (opt_reqout_only == NULL) - CMP_info3("will contact %s%s%s ", server_buf, proxy_buf, + CMP_info3("Will contact %s%s%s ", server_buf, proxy_buf, opt_rspin == NULL ? "" : " only if -rspin argument does not give enough filenames"); ret = 1; @@ -2411,7 +2404,7 @@ err: OPENSSL_free(path); return ret; oom: - CMP_err("out of memory"); + CMP_err("Out of memory"); goto err; } @@ -2464,14 +2457,13 @@ static int save_free_certs(STACK_OF(X509) *certs, if (file == NULL) goto end; if (certs != NULL) - CMP_info3("received %d %s certificate(s), saving to file '%s'", - n, desc, file); + CMP_info3("Received %d %s certificate(s), saving to file '%s'", n, desc, file); if (n > 1 && opt_certform != FORMAT_PEM) - CMP_warn("saving more than one certificate in non-PEM format"); + CMP_warn("Saving more than one certificate in non-PEM format"); if ((bio = BIO_new(BIO_s_file())) == NULL || !BIO_write_filename(bio, (char *)file)) { - CMP_err3("could not open file '%s' for %s %s certificate(s)", + CMP_err3("Could not open file '%s' for %s %s certificate(s)", file, certs == NULL ? "deleting" : "writing", desc); n = -1; goto end; @@ -2479,7 +2471,7 @@ static int save_free_certs(STACK_OF(X509) *certs, for (i = 0; i < n; i++) { if (!write_cert(bio, sk_X509_value(certs, i))) { - CMP_err2("cannot write %s certificate to file '%s'", desc, file); + CMP_err2("Cannot write %s certificate to file '%s'", desc, file); n = -1; goto end; } @@ -2500,17 +2492,16 @@ static int save_crl(X509_CRL *crl, if (file == NULL) return 1; if (crl != NULL) - CMP_info2("received %s, saving to file '%s'", desc, file); + CMP_info2("Received %s, saving to file '%s'", desc, file); if ((bio = BIO_new(BIO_s_file())) == NULL || !BIO_write_filename(bio, (char *)file)) { - CMP_err2("could not open file '%s' for writing %s", - file, desc); + CMP_err2("Could not open file '%s' for writing %s", file, desc); goto end; } if (!write_crl(bio, crl)) { - CMP_err2("cannot write %s to file '%s'", desc, file); + CMP_err2("Cannot write %s to file '%s'", desc, file); goto end; } res = 1; @@ -2565,18 +2556,15 @@ static int save_template(const char *file, const OSSL_CRMF_CERTTEMPLATE *tmpl) BIO *bio = BIO_new_file(file, "wb"); if (bio == NULL) { - CMP_err1("error saving certTemplate from genp: cannot open file %s", - file); + CMP_err1("Error saving certTemplate from genp: cannot open file %s", file); return 0; } - if (!ASN1_i2d_bio_of(OSSL_CRMF_CERTTEMPLATE, i2d_OSSL_CRMF_CERTTEMPLATE, - bio, tmpl)) { - CMP_err1("error saving certTemplate from genp: cannot write file %s", - file); + if (!ASN1_i2d_bio_of(OSSL_CRMF_CERTTEMPLATE, i2d_OSSL_CRMF_CERTTEMPLATE, bio, tmpl)) { + CMP_err1("Error saving certTemplate from genp: cannot write file %s", file); BIO_free(bio); return 0; } else { - CMP_info1("stored certTemplate from genp to file '%s'", file); + CMP_info1("Stored certTemplate from genp to file '%s'", file); } BIO_free(bio); return 1; @@ -2587,16 +2575,16 @@ static int save_keyspec(const char *file, const OSSL_CMP_ATAVS *keyspec) BIO *bio = BIO_new_file(file, "wb"); if (bio == NULL) { - CMP_err1("error saving keySpec from genp: cannot open file %s", file); + CMP_err1("Error saving keySpec from genp: cannot open file %s", file); return 0; } if (!ASN1_i2d_bio_of(OSSL_CMP_ATAVS, i2d_OSSL_CMP_ATAVS, bio, keyspec)) { - CMP_err1("error saving keySpec from genp: cannot write file %s", file); + CMP_err1("Error saving keySpec from genp: cannot write file %s", file); BIO_free(bio); return 0; } else { - CMP_info1("stored keySpec from genp to file '%s'", file); + CMP_info1("Stored keySpec from genp to file '%s'", file); } BIO_free(bio); return 1; @@ -2629,12 +2617,12 @@ static int print_itavs(const STACK_OF(OSSL_CMP_ITAV) *itavs) char name[80]; if (itav == NULL) { - CMP_err1("could not get ITAV #%d from genp", i); + CMP_err1("Could not get ITAV #%d from genp", i); ret = 0; continue; } if (i2t_ASN1_OBJECT(name, sizeof(name), type) <= 0) { - CMP_err1("error parsing type of ITAV #%d from genp", i); + CMP_err1("Error parsing type of ITAV #%d from genp", i); ret = 0; } else { CMP_info2("ITAV #%d from genp infoType=%s", i, name); @@ -2662,7 +2650,7 @@ static const char *prev_item(const char *opt, const char *end) } len = end - beg; if (len > SECTION_NAME_MAX) { - CMP_warn3("using only first %d characters of section name starting with \"%.*s\"", + CMP_warn3("Using only first %d characters of section name starting with \"%.*s\"", SECTION_NAME_MAX, SECTION_NAME_MAX, beg); len = SECTION_NAME_MAX; } @@ -2783,8 +2771,7 @@ static int read_config(void) } break; default: - CMP_err2("internal: unsupported type '%c' for option '%s'", - opt->valtype, opt->name); + CMP_err2("Internal: unsupported type '%c' for option '%s'", opt->valtype, opt->name); return 0; break; } @@ -2810,8 +2797,7 @@ static int read_config(void) if (provider_option ? !opt_provider(opt_next()) : !opt_verify(opt_next(), vpm)) { - CMP_err2("for option '%s' in config file section '%s'", - opt->name, opt_section); + CMP_err2("For option '%s' in config file section '%s'", opt->name, opt_section); return 0; } } @@ -3084,7 +3070,7 @@ static int get_opts(int argc, char **argv) opt_popo = opt_int_arg(); if (opt_popo < OSSL_CRMF_POPO_NONE || opt_popo > OSSL_CRMF_POPO_KEYENC) { - CMP_err("invalid popo spec. Valid values are -1 .. 2"); + CMP_err("Invalid popo spec. Valid values are -1 .. 2"); goto opthelp; } break; @@ -3114,7 +3100,7 @@ static int get_opts(int argc, char **argv) if (opt_revreason < CRL_REASON_NONE || opt_revreason > CRL_REASON_AA_COMPROMISE || opt_revreason == 7) { - CMP_err("invalid revreason. Valid values are -1 .. 6, 8 .. 10"); + CMP_err("Invalid revreason. Valid values are -1 .. 6, 8 .. 10"); goto opthelp; } break; @@ -3318,8 +3304,7 @@ static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx) if (req != NULL) { if (strcmp(path, "") != 0 && strcmp(path, "pkix/") != 0) { (void)http_server_send_status(prog, cbio, 404, "Not Found"); - CMP_err1("expecting empty path or 'pkix/' but got '%s'", - path); + CMP_err1("Expecting empty path or 'pkix/' but got '%s'", path); OPENSSL_free(path); OSSL_CMP_MSG_free(req); goto next; @@ -3466,7 +3451,7 @@ static int do_genm(OSSL_CMP_CTX *ctx) /* could check authorization of sender/origin at this point */ if (cacerts == NULL) { - CMP_warn("no CA certificates provided by server"); + CMP_warn("No CA certificates provided by server"); } else if (save_free_certs(cacerts, opt_cacertsout, "CA") < 0) { CMP_err1("Failed to store CA certificates from genp in %s", opt_cacertsout); @@ -3498,9 +3483,9 @@ static int do_genm(OSSL_CMP_CTX *ctx) /* At this point might check authorization of response sender/origin */ if (newwithnew == NULL) - CMP_info("no root CA certificate update available"); + CMP_info("No root CA certificate update available"); else if (oldwithold == NULL && oldwithnew != NULL) - CMP_warn("oldWithNew certificate received in genp for verifying oldWithOld, but oldWithOld was not provided"); + CMP_warn("OldWithNew certificate received in genp for verifying oldWithOld, but oldWithOld was not provided"); if (save_cert_or_delete(newwithnew, opt_newwithnew, "NewWithNew cert from genp") @@ -3556,7 +3541,7 @@ static int do_genm(OSSL_CMP_CTX *ctx) goto end_crlupd; if (crl == NULL) - CMP_info("no CRL update available"); + CMP_info("No CRL update available"); if (!save_crl_or_delete(crl, opt_crlout, desc)) goto end_crlupd; @@ -3577,7 +3562,7 @@ static int do_genm(OSSL_CMP_CTX *ctx) return 0; if (certTemplate == NULL) { - CMP_warn("no certificate request template available"); + CMP_warn("No certificate request template available"); if (!delete_file(opt_template, "certTemplate from genp")) return 0; if (opt_keyspec != NULL @@ -3591,7 +3576,7 @@ static int do_genm(OSSL_CMP_CTX *ctx) print_keyspec(keySpec); if (opt_keyspec != NULL) { if (keySpec == NULL) { - CMP_warn("no key specifications available"); + CMP_warn("No key specifications available"); if (!delete_file(opt_keyspec, "keySpec from genp")) goto tmpl_end; } else if (!save_keyspec(opt_keyspec, keySpec)) { @@ -3674,7 +3659,7 @@ int cmp_main(int argc, char **argv) vpm = X509_VERIFY_PARAM_new(); if (vpm == NULL) { - CMP_err("out of memory"); + CMP_err("Out of memory"); goto err; } @@ -3683,7 +3668,7 @@ int cmp_main(int argc, char **argv) if (configfile != NULL && configfile[0] != '\0' /* non-empty string */ && (configfile != default_config_file || access(configfile, F_OK) != -1)) { - CMP_info2("using section(s) '%s' of OpenSSL configuration file '%s'", + CMP_info2("Using section(s) '%s' of OpenSSL configuration file '%s'", opt_section, configfile); conf = app_load_config(configfile); if (conf == NULL) { @@ -3691,7 +3676,7 @@ int cmp_main(int argc, char **argv) } else { if (strcmp(opt_section, CMP_SECTION) == 0) { /* default */ if (!NCONF_get_section(conf, opt_section)) - CMP_info2("no [%s] section found in config file '%s';" + CMP_info2("No [%s] section found in config file '%s';" " will thus use just [default] and unnamed section if present", opt_section, configfile); } else { @@ -3699,8 +3684,7 @@ int cmp_main(int argc, char **argv) while ((end = prev_item(opt_section, end)) != NULL) { if (!NCONF_get_section(conf, opt_item)) { - CMP_err2("no [%s] section found in config file '%s'", - opt_item, configfile); + CMP_err2("No [%s] section found in config file '%s'", opt_item, configfile); goto err; } } @@ -3734,7 +3718,7 @@ int cmp_main(int argc, char **argv) OSSL_CMP_CTX_set_log_verbosity(cmp_ctx, opt_verbosity); if (!OSSL_CMP_CTX_set_log_cb(cmp_ctx, print_to_bio_out)) { - CMP_err1("cannot set up error reporting and logging for %s", prog); + CMP_err1("Cannot set up error reporting and logging for %s", prog); goto err; } @@ -3745,7 +3729,7 @@ int cmp_main(int argc, char **argv) if (opt_tls_used) CMP_warn("-tls_used is active without any other TLS options"); } else if (!opt_tls_used) { - CMP_warn("ignoring TLS options(s) since -tls_used is not active"); + CMP_warn("Ignoring TLS options(s) since -tls_used is not active"); } if (opt_port != NULL) { if (opt_tls_used) { @@ -3767,11 +3751,11 @@ int cmp_main(int argc, char **argv) } if (opt_server != NULL && opt_use_mock_srv) { - CMP_err("cannot use both -server and -use_mock_srv options"); + CMP_err("Cannot use both -server and -use_mock_srv options"); goto err; } if ((opt_server == NULL || opt_use_mock_srv) && opt_tls_used) { - CMP_warn("ignoring -tls_used option since -server is not given or -use_mock_srv is given"); + CMP_warn("Ignoring -tls_used option since -server is not given or -use_mock_srv is given"); opt_tls_used = 0; } @@ -3797,7 +3781,7 @@ int cmp_main(int argc, char **argv) srv_cmp_ctx = OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx); if (!OSSL_CMP_CTX_set_log_cb(srv_cmp_ctx, print_to_bio_err)) { - CMP_err1("cannot set up error reporting and logging for %s", prog); + CMP_err1("Cannot set up error reporting and logging for %s", prog); goto err; } OSSL_CMP_CTX_set_log_verbosity(srv_cmp_ctx, opt_verbosity); @@ -3832,15 +3816,15 @@ int cmp_main(int argc, char **argv) CMP_warn1("-no_proxy %s", msg); opt_no_proxy = NULL; } + if (opt_tls_used) { + CMP_warn1("-tls_used %s", msg); + opt_tls_used = 0; + } #endif if (opt_path != NULL) { CMP_warn1("-path %s", msg); opt_path = NULL; } - if (opt_tls_used) { - CMP_warn1("-tls_used %s", msg); - opt_tls_used = 0; - } if (opt_use_mock_srv) { CMP_warn1("-use_mock_srv %s", msg); @@ -3856,7 +3840,7 @@ int cmp_main(int argc, char **argv) } #if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) if (opt_server == NULL && !opt_use_mock_srv && opt_port == NULL) - CMP_info("will not contact any server"); + CMP_info("Will not contact any server"); #endif if (opt_rspin != NULL) { #if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) @@ -3868,7 +3852,7 @@ int cmp_main(int argc, char **argv) } if (!setup_client_ctx(cmp_ctx)) { - CMP_err("cannot set up CMP context"); + CMP_err("Cannot set up CMP context"); goto err; } for (i = 0; i < opt_repeat; i++) { @@ -3960,7 +3944,7 @@ int cmp_main(int argc, char **argv) cipher = EVP_CIPHER_fetch(app_get0_libctx(), SN_aes_256_cbc, app_get0_propq()); } - CMP_info1("saving centrally generated key to file '%s'", opt_newkeyout); + CMP_info1("Saving centrally generated key to file '%s'", opt_newkeyout); if (PEM_write_bio_PrivateKey(out, new_key, cipher, NULL, 0, NULL, (void *)pass_string) <= 0) diff --git a/test/recipes/80-test_cmp_http.t b/test/recipes/80-test_cmp_http.t index 63b25259f58..6f560216dcf 100644 --- a/test/recipes/80-test_cmp_http.t +++ b/test/recipes/80-test_cmp_http.t @@ -333,7 +333,7 @@ sub start_server { my $pid0 = $pid; while (<$server_fh>) { print "$server_name server output: $_"; - next if m/using section/; + next if m/[Uu]sing section/; s/\R$//; # Better chomp ($host, $port, $pid) = ($1, $2, $3) if /^ACCEPT\s(.*?):(\d+) PID=(\d+)$/;