diff options
| author | Alon Levy <alevy@redhat.com> | 2011-01-17 16:02:39 +0200 |
|---|---|---|
| committer | Alon Levy <alevy@redhat.com> | 2011-02-07 18:49:37 +0200 |
| commit | bf6f246b2e8a921e6a524d092dd6f2d8cc1ced68 (patch) | |
| tree | b233b00b5cd4582b426304033192a50b498b4fa2 /client | |
| parent | e2d6e8ef4f190273b6fcc848575f37f2c37dc89d (diff) | |
| download | spice-bf6f246b2e8a921e6a524d092dd6f2d8cc1ced68.tar.gz spice-bf6f246b2e8a921e6a524d092dd6f2d8cc1ced68.tar.xz spice-bf6f246b2e8a921e6a524d092dd6f2d8cc1ced68.zip | |
client: log subject-host mismatch, and raise ssl warnings to errors
Diffstat (limited to 'client')
| -rw-r--r-- | client/red_peer.cpp | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/client/red_peer.cpp b/client/red_peer.cpp index 6ff58446..86a90478 100644 --- a/client/red_peer.cpp +++ b/client/red_peer.cpp @@ -365,7 +365,7 @@ bool RedPeer::verify_subject(X509* cert, const HostAuthOptions::CertFieldValueLi } if ((size_t)X509_NAME_entry_count(cert_subject) != subject.size()) { - DBG(0, "subject mismatch: #entries cert=%d, input=%d", + LOG_ERROR("subject mismatch: #entries cert=%d, input=%d", X509_NAME_entry_count(cert_subject), subject.size()); return false; } @@ -396,7 +396,7 @@ bool RedPeer::verify_subject(X509* cert, const HostAuthOptions::CertFieldValueLi DBG(0, "subjects match"); return true; } else { - DBG(0, "subjects mismatch"); + LOG_ERROR("host-subject mismatch"); return false; } } @@ -505,7 +505,7 @@ void RedPeer::connect_secure(const ConnectionOptions& options, const char* host) auth_data.info.type_flags = RedPeer::HostAuthOptions::HOST_AUTH_OP_PUBKEY; } else { - LOG_WARN("SSL_CTX_load_verify_locations failed CA_file=%s", CA_file.c_str()); + LOG_ERROR("SSL_CTX_load_verify_locations failed CA_file=%s", CA_file.c_str()); ssl_error(); } } @@ -517,7 +517,7 @@ void RedPeer::connect_secure(const ConnectionOptions& options, const char* host) return_code = SSL_CTX_set_cipher_list(_ctx, options.ciphers.c_str()); if (return_code != 1) { - LOG_WARN("SSL_CTX_set_cipher_list failed, ciphers=%s", options.ciphers.c_str()); + LOG_ERROR("SSL_CTX_set_cipher_list failed, ciphers=%s", options.ciphers.c_str()); ssl_error(); } @@ -537,7 +537,7 @@ void RedPeer::connect_secure(const ConnectionOptions& options, const char* host) return_code = SSL_connect(_ssl); if (return_code <= 0) { int ssl_error_code = SSL_get_error(_ssl, return_code); - LOG_WARN("failed to connect w/SSL, ssl_error %s", + LOG_ERROR("failed to connect w/SSL, ssl_error %s", ERR_error_string(ssl_error_code, NULL)); ssl_error(); } |