/*
- * $Id: client_side.cc,v 1.582 2002/07/20 12:30:04 hno Exp $
+ * $Id: client_side.cc,v 1.583 2002/07/20 23:23:17 hno Exp $
*
* DEBUG: section 33 Client-side Routines
* AUTHOR: Duane Wessels
}
ret = ERR_get_error();
if (ret) {
- debug(81, 1) ("clientNegotiateSSL: Error negotiating SSL connection on FD %d: %s\n",
+ debug(83, 1) ("clientNegotiateSSL: Error negotiating SSL connection on FD %d: %s\n",
fd, ERR_error_string(ret, NULL));
}
comm_close(fd);
return;
}
- debug(81, 5) ("clientNegotiateSSL: FD %d negotiated cipher %s\n", fd,
+ debug(83, 5) ("clientNegotiateSSL: FD %d negotiated cipher %s\n", fd,
SSL_get_cipher(fd_table[fd].ssl));
client_cert = SSL_get_peer_certificate(fd_table[fd].ssl);
if (client_cert != NULL) {
- debug(81, 5) ("clientNegotiateSSL: FD %d client certificate: subject: %s\n", fd,
+ debug(83, 5) ("clientNegotiateSSL: FD %d client certificate: subject: %s\n", fd,
X509_NAME_oneline(X509_get_subject_name(client_cert), 0, 0));
- debug(81, 5) ("clientNegotiateSSL: FD %d client certificate: issuer: %s\n", fd,
+ debug(83, 5) ("clientNegotiateSSL: FD %d client certificate: issuer: %s\n", fd,
X509_NAME_oneline(X509_get_issuer_name(client_cert), 0, 0));
X509_free(client_cert);
} else {
- debug(81, 5) ("clientNegotiateSSL: FD %d has no certificate.\n", fd);
+ debug(83, 5) ("clientNegotiateSSL: FD %d has no certificate.\n", fd);
}
commSetSelect(fd, COMM_SELECT_READ, clientReadRequest, conn, 0);
}
if ((ssl = SSL_new(sslContext)) == NULL) {
ssl_error = ERR_get_error();
- debug(81, 1) ("httpsAccept: Error allocating handle: %s\n",
+ debug(83, 1) ("httpsAccept: Error allocating handle: %s\n",
ERR_error_string(ssl_error, NULL));
break;
}
/*
- * $Id: ssl_support.cc,v 1.5 2001/10/24 06:55:44 hno Exp $
+ * $Id: ssl_support.cc,v 1.6 2002/07/20 23:23:17 hno Exp $
*
* AUTHOR: Benno Rice
- * DEBUG: section 81 SSL accelerator support
+ * DEBUG: section 83 SSL accelerator support
*
* SQUID Internet Object Cache http://squid.nlanr.net/Squid/
* ----------------------------------------------------------
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buffer,
sizeof(buffer));
if (ok)
- debug(81, 5) ("SSL Certificate OK: %s\n", buffer);
+ debug(83, 5) ("SSL Certificate OK: %s\n", buffer);
else {
switch (ctx->error) {
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- debug(81, 5) ("SSL Certficate error: CA not known: %s\n", buffer);
+ debug(83, 5) ("SSL Certficate error: CA not known: %s\n", buffer);
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
- debug(81, 5) ("SSL Certficate not yet valid: %s\n", buffer);
+ debug(83, 5) ("SSL Certficate not yet valid: %s\n", buffer);
break;
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
- debug(81, 5) ("SSL Certificate has illegal \'not before\' field: %s\n", buffer);
+ debug(83, 5) ("SSL Certificate has illegal \'not before\' field: %s\n", buffer);
break;
case X509_V_ERR_CERT_HAS_EXPIRED:
- debug(81, 5) ("SSL Certificate expired: %s\n", buffer);
+ debug(83, 5) ("SSL Certificate expired: %s\n", buffer);
break;
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
- debug(81, 5) ("SSL Certificate has invalid \'not after\' field: %s\n", buffer);
+ debug(83, 5) ("SSL Certificate has invalid \'not after\' field: %s\n", buffer);
break;
default:
- debug(81, 5) ("SSL unknown certificate error %d in %s\n",
+ debug(83, 5) ("SSL unknown certificate error %d in %s\n",
ctx->error, buffer);
break;
}
if (!certfile)
certfile = keyfile;
- debug(81, 1) ("Initialising SSL.\n");
+ debug(83, 1) ("Initialising SSL.\n");
switch (version) {
case 2:
- debug(81, 5) ("Using SSLv2.\n");
+ debug(83, 5) ("Using SSLv2.\n");
method = SSLv2_server_method();
break;
case 3:
- debug(81, 5) ("Using SSLv3.\n");
+ debug(83, 5) ("Using SSLv3.\n");
method = SSLv3_server_method();
break;
case 4:
- debug(81, 5) ("Using TLSv1.\n");
+ debug(83, 5) ("Using TLSv1.\n");
method = TLSv1_server_method();
break;
case 1:
default:
- debug(81, 5) ("Using SSLv2/SSLv3.\n");
+ debug(83, 5) ("Using SSLv2/SSLv3.\n");
method = SSLv23_server_method();
break;
}
SSL_CTX_set_options(sslContext, ssl_parse_options(options));
if (cipher) {
- debug(81, 5) ("Using chiper suite %s.\n", cipher);
+ debug(83, 5) ("Using chiper suite %s.\n", cipher);
if (!SSL_CTX_set_cipher_list(sslContext, cipher)) {
ssl_error = ERR_get_error();
fatalf("Failed to set SSL cipher suite: %s\n",
ERR_error_string(ssl_error, NULL));
}
}
- debug(81, 1) ("Using certificate in %s\n", certfile);
+ debug(83, 1) ("Using certificate in %s\n", certfile);
if (!SSL_CTX_use_certificate_file(sslContext, certfile, SSL_FILETYPE_PEM)) {
ssl_error = ERR_get_error();
fatalf("Failed to acquire SSL certificate: %s\n",
ERR_error_string(ssl_error, NULL));
}
- debug(81, 1) ("Using private key in %s\n", keyfile);
+ debug(83, 1) ("Using private key in %s\n", keyfile);
if (!SSL_CTX_use_PrivateKey_file(sslContext, keyfile, SSL_FILETYPE_PEM)) {
ssl_error = ERR_get_error();
fatalf("Failed to acquire SSL private key: %s\n",
ERR_error_string(ssl_error, NULL));
}
- debug(81, 5) ("Comparing private and public SSL keys.\n");
+ debug(83, 5) ("Comparing private and public SSL keys.\n");
if (!SSL_CTX_check_private_key(sslContext))
fatal("SSL private key does not match public key: %s\n");
- debug(81, 9) ("Setting RSA key generation callback.\n");
+ debug(83, 9) ("Setting RSA key generation callback.\n");
SSL_CTX_set_tmp_rsa_callback(sslContext, ssl_temp_rsa_cb);
- debug(81, 9) ("Setting certificate verification callback.\n");
+ debug(83, 9) ("Setting certificate verification callback.\n");
SSL_CTX_set_verify(sslContext, SSL_VERIFY_NONE, ssl_verify_cb);
- debug(81, 9) ("Setting default CA certificate location.\n");
+ debug(83, 9) ("Setting default CA certificate location.\n");
if (!SSL_CTX_set_default_verify_paths(sslContext)) {
ssl_error = ERR_get_error();
- debug(81, 1) ("Error error setting default CA certificate location: %s\n",
+ debug(83, 1) ("Error error setting default CA certificate location: %s\n",
ERR_error_string(ssl_error, NULL));
- debug(81, 1) ("continuing anyway...\n");
+ debug(83, 1) ("continuing anyway...\n");
}
- debug(81, 9) ("Set client certifying authority list.\n");
+ debug(83, 9) ("Set client certifying authority list.\n");
SSL_CTX_set_client_CA_list(sslContext, SSL_load_client_CA_file(certfile));
return sslContext;
}
i = SSL_read(fd_table[fd].ssl, buf, len);
if (i > 0 && SSL_pending(fd_table[fd].ssl) > 0) {
- debug(81, 2) ("SSL fd %d is pending\n", fd);
+ debug(83, 2) ("SSL fd %d is pending\n", fd);
fd_table[fd].flags.read_pending = 1;
} else
fd_table[fd].flags.read_pending = 0;
projects / thirdparty / squid.git / commitdiff
