diff options
| author | Steffan Karger <steffan@karger.me> | 2015-10-06 18:20:40 +0200 |
|---|---|---|
| committer | Gert Doering <gert@greenie.muc.de> | 2015-10-08 10:11:30 +0200 |
| commit | d17d362dfec1abc5bedcea2f1154470018c82eca (patch) | |
| tree | feb1fe035d44e966c5e0830396dbffc2673b91ce /src/openvpn/ssl_verify_polarssl.c | |
| parent | b0fe94115fc4a75094d15452b7b89a0c0849087c (diff) | |
| download | openvpn-d17d362dfec1abc5bedcea2f1154470018c82eca.tar.gz openvpn-d17d362dfec1abc5bedcea2f1154470018c82eca.tar.xz openvpn-d17d362dfec1abc5bedcea2f1154470018c82eca.zip | |
polarssl: Improve PolarSSL logging
Use the new polar_log_err() and polar_ok() functions introduced in the
previous commit to provide more log/debug output for polarssl errors.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1444148440-10564-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10197
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/ssl_verify_polarssl.c')
| -rw-r--r-- | src/openvpn/ssl_verify_polarssl.c | 26 |
1 files changed, 7 insertions, 19 deletions
diff --git a/src/openvpn/ssl_verify_polarssl.c b/src/openvpn/ssl_verify_polarssl.c index 4852243..fa313ac 100644 --- a/src/openvpn/ssl_verify_polarssl.c +++ b/src/openvpn/ssl_verify_polarssl.c @@ -134,17 +134,12 @@ backend_x509_get_serial (openvpn_x509_cert_t *cert, struct gc_arena *gc) char *buf = NULL; size_t buflen = 0; mpi serial_mpi = { 0 }; - int retval = 0; /* Transform asn1 integer serial into PolarSSL MPI */ mpi_init(&serial_mpi); - retval = mpi_read_binary(&serial_mpi, cert->serial.p, cert->serial.len); - if (retval < 0) + if (!polar_ok(mpi_read_binary(&serial_mpi, cert->serial.p, cert->serial.len))) { - char errbuf[128]; - polarssl_strerror(retval, errbuf, sizeof(errbuf)); - - msg(M_WARN, "Failed to retrieve serial from certificate: %s.", errbuf); + msg(M_WARN, "Failed to retrieve serial from certificate."); return NULL; } @@ -153,13 +148,9 @@ backend_x509_get_serial (openvpn_x509_cert_t *cert, struct gc_arena *gc) buf = gc_malloc(buflen, true, gc); /* Write MPI serial as decimal string into buffer */ - retval = mpi_write_string(&serial_mpi, 10, buf, &buflen); - if (retval < 0) + if (!polar_ok(mpi_write_string(&serial_mpi, 10, buf, &buflen))) { - char errbuf[128]; - polarssl_strerror(retval, errbuf, sizeof(errbuf)); - - msg(M_WARN, "Failed to write serial to string: %s.", errbuf); + msg(M_WARN, "Failed to write serial to string."); return NULL; } @@ -376,12 +367,9 @@ x509_verify_crl(const char *crl_file, x509_crt *cert, const char *subject) struct gc_arena gc = gc_new(); char *serial; - int polar_retval = x509_crl_parse_file(&crl, crl_file); - if (polar_retval != 0) + if (!polar_ok(x509_crl_parse_file(&crl, crl_file))) { - char errstr[128]; - polarssl_strerror(polar_retval, errstr, sizeof(errstr)); - msg (M_WARN, "CRL: cannot read CRL from file %s (%s)", crl_file, errstr); + msg (M_WARN, "CRL: cannot read CRL from file %s", crl_file); goto end; } @@ -394,7 +382,7 @@ x509_verify_crl(const char *crl_file, x509_crt *cert, const char *subject) goto end; } - if (0 != x509_crt_revoked(cert, &crl)) + if (!polar_ok(x509_crt_revoked(cert, &crl))) { serial = backend_x509_get_serial_hex(cert, &gc); msg (D_HANDSHAKE, "CRL CHECK FAILED: %s (serial %s) is REVOKED", subject, (serial ? serial : "NOT AVAILABLE")); |