Commit 6d5de50d authored by Sebastien Decugis's avatar Sebastien Decugis
Browse files

Cleanup all compilation warnings in base code for 32 bit arch

parent dc051dff
......@@ -87,7 +87,6 @@ struct split_name {
static int parse_name(char * name, struct split_name * result)
{
int i, l, prev_offset;
char * c;
TRACE_ENTRY("%p %p", name, result);
......
......@@ -58,6 +58,9 @@
/* Forward declaration */
int yyparse(char * conffile);
/* The Lex parser prototype */
int acct_conflex(YYSTYPE *lvalp, YYLTYPE *llocp);
/* the global configuration */
struct acct_conf * acct_config = NULL;
......@@ -88,9 +91,10 @@ int acct_conf_check(char * conffile)
return EINVAL;
}
struct fd_list * li;
if (!TRACE_BOOL(FULL))
return;
return 0;
struct fd_list * li;
fd_log_debug("[app_acct] Configuration dump:\n");
fd_log_debug(" Database:\n");
......@@ -109,6 +113,7 @@ int acct_conf_check(char * conffile)
fd_log_debug("as ::%s\n", diam2db_types_mapping[a->avptype]);
}
fd_log_debug("[app_acct] Complete.\n");
return 0;
}
void acct_conf_free(void)
......
......@@ -63,7 +63,6 @@ int acct_db_init(void)
char * sql=NULL; /* The buffer that will contain the SQL query */
size_t sql_allocd = 0; /* The malloc'd size of the buffer */
size_t sql_offset = 0; /* The actual data already written in this buffer */
size_t p;
int idx = 0;
PGresult * res;
#define REALLOC_SIZE 1024 /* We extend the buffer by this amount */
......
......@@ -47,11 +47,9 @@ static struct {
/* Callback for incoming Base Accounting Accounting-Request messages */
static int acct_cb( struct msg ** msg, struct avp * avp, struct session * sess, enum disp_action * act)
{
struct msg_hdr *hdr = NULL;
struct msg * m;
struct avp * a = NULL;
struct avp_hdr * art=NULL, *arn=NULL; /* We keep a pointer on the Accounting-Record-{Type, Number} AVPs from the query */
char * s;
struct acct_record_list rl;
TRACE_ENTRY("%p %p %p %p", msg, avp, sess, act);
......
......@@ -6,8 +6,6 @@
* In addition to this notice, only the #include directives have been modified.
*/
#include "rgw_common.h"
/* Forward declaration: */
void md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac);
/*********************************************************************************/
......
......@@ -3,8 +3,8 @@
* The content from this file comes directly from the hostap project.
* It is redistributed under the terms of the BSD license, as allowed
* by the original copyright reproduced bellow.
* The file has not been modified, except for this notice.
*/
/*********************************************************************************/
/*
......@@ -40,4 +40,7 @@ void MD5Update(struct MD5Context *context, unsigned char const *buf,
void MD5Final(unsigned char digest[16], struct MD5Context *context);
#endif /* CONFIG_CRYPTO_INTERNAL */
/* Forward declaration: */
void md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac);
#endif /* MD5_H */
......@@ -101,8 +101,6 @@ int rgw_clients_getkey(struct rgw_client * cli, unsigned char **key, size_t *key
int rgw_clients_search(struct sockaddr * ip_port, struct rgw_client ** ref);
int rgw_clients_check_dup(struct rgw_radius_msg_meta **msg, struct rgw_client *cli);
int rgw_clients_check_origin(struct rgw_radius_msg_meta *msg, struct rgw_client *cli);
int rgw_clients_get_origin(struct rgw_client *cli, char **fqdn, char **realm);
char * rgw_clients_id(struct rgw_client *cli);
int rgw_client_finish_send(struct radius_msg ** msg, struct rgw_radius_msg_meta * req, struct rgw_client * cli);
void rgw_clients_dispose(struct rgw_client ** ref);
void rgw_clients_dump(void);
......
......@@ -188,7 +188,6 @@ static void client_unlink(struct rgw_client * client)
Returns other error code on other error. */
static int client_search(struct rgw_client ** res, struct sockaddr * ip_port )
{
int ret = 0;
int cmp;
struct fd_list *ref = NULL;
......@@ -300,7 +299,6 @@ int rgw_clients_check_origin(struct rgw_radius_msg_meta *msg, struct rgw_client
/* Find the relevant attributes, if any */
for (idx = 0; idx < msg->radius.attr_used; idx++) {
struct radius_attr_hdr * attr = (struct radius_attr_hdr *)(msg->radius.buf + msg->radius.attr_pos[idx]);
unsigned char * attr_val = (unsigned char *)(attr + 1);
size_t attr_len = attr->length - sizeof(struct radius_attr_hdr);
if ((attr->type == RADIUS_ATTR_NAS_IP_ADDRESS) && (attr_len = 4)) {
......
......@@ -55,8 +55,10 @@ struct rgwp_config;
/* This structure points to a RADIUS client description, the definition is not known to plugins */
struct rgw_client;
/* This function is required to be able to translate user paswords */
int rgw_clients_getkey(struct rgw_client * cli, unsigned char **key, size_t *key_len);
int rgw_clients_getkey(struct rgw_client * cli, unsigned char **key, size_t *key_len);
char * rgw_clients_id(struct rgw_client *cli);
int rgw_clients_get_origin(struct rgw_client *cli, char **fqdn, char **realm);
/* Each plugin must provide the following structure. */
extern struct rgw_api {
......
......@@ -135,7 +135,7 @@ BR_PORT [[][0-9]+[]]
return LEX_ERROR; /* trig an error in yacc parser */
}
if (port = strchr(work, '[')) {
if ((port = strchr(work, '[')) != NULL) {
*port = '\0';
port++;
if (sscanf(port, "%hu]", &p) != 1) {
......
......@@ -172,7 +172,6 @@ restart:
int rgw_plg_add( char * plgfile, char * conffile, int type, unsigned char ** codes_array, size_t codes_sz )
{
struct plg_descr * new;
int ret = 0;
TRACE_ENTRY("%p %p %d %p %zi", plgfile, conffile, type, codes_array, codes_sz);
......
......@@ -62,8 +62,6 @@ static void receive_diam_answer(void * paback, struct msg **ans);
/* Worker thread, processing incoming RADIUS messages (after parsing) */
static void * work_th(void * arg)
{
char thname[10];
TRACE_ENTRY("%p", arg);
/* Set the thread name */
......
......@@ -300,9 +300,9 @@ static int acct_rad_req( struct rgwp_config * cs, struct session ** session, str
const char * prefix = "Diameter/";
size_t pref_len;
char * si = NULL;
uint8_t * si = NULL;
size_t si_len = 0;
char * un = NULL;
uint8_t * un = NULL;
size_t un_len = 0;
TRACE_ENTRY("%p %p %p %p %p %p", cs, session, rad_req, rad_ans, diam_fw, cli);
......@@ -356,7 +356,7 @@ static int acct_rad_req( struct rgwp_config * cs, struct session ** session, str
case RADIUS_ATTR_CLASS:
if ((attr_len > pref_len ) && ! strncmp((char *)v, prefix, pref_len)) {
int i;
si = (char *)v + pref_len;
si = v + pref_len;
si_len = attr_len - pref_len;
TRACE_DEBUG(ANNOYING, "Found Class attribute with '%s' prefix (attr #%d), SI:'%.*s'.", prefix, idx, si_len, si);
/* Remove from the message */
......@@ -368,7 +368,7 @@ static int acct_rad_req( struct rgwp_config * cs, struct session ** session, str
case RADIUS_ATTR_USER_NAME:
if (attr_len) {
un = (char *)v;
un = v;
un_len = attr_len;
TRACE_DEBUG(ANNOYING, "Found a User-Name attribute: '%.*s'", un_len, un);
}
......@@ -470,7 +470,7 @@ static int acct_rad_req( struct rgwp_config * cs, struct session ** session, str
}
if (idx == 0) {
/* Not found in the User-Name => we use the local domain of this gateway */
value.os.data = fd_g_config->cnf_diamrlm;
value.os.data = (uint8_t *)fd_g_config->cnf_diamrlm;
value.os.len = fd_g_config->cnf_diamrlm_len;
} else {
value.os.data = un + idx;
......@@ -481,7 +481,7 @@ static int acct_rad_req( struct rgwp_config * cs, struct session ** session, str
/* Create the Session-Id AVP if needed */
if (!*session) {
CHECK_FCT( fd_sess_fromsid ( si, si_len, session, NULL) );
CHECK_FCT( fd_sess_fromsid ( (char *)/* cast should be removed later */si, si_len, session, NULL) );
TRACE_DEBUG(FULL, "[auth.rgwx] Translating new accounting message for session '%.*s'...", si_len, si);
......
......@@ -235,15 +235,14 @@ static int auth_rad_req( struct rgwp_config * cs, struct session ** session, str
int got_empty_eap = 0;
const char * prefix = "Diameter/";
size_t pref_len;
char * dh = NULL;
uint8_t * dh = NULL;
size_t dh_len = 0;
char * dr = NULL;
uint8_t * dr = NULL;
size_t dr_len = 0;
char * si = NULL;
uint8_t * si = NULL;
size_t si_len = 0;
char * un = NULL;
uint8_t * un = NULL;
size_t un_len = 0;
uint32_t status_type;
size_t nattr_used = 0;
struct avp ** avp_tun = NULL, *avp = NULL;
union avp_value value;
......@@ -315,7 +314,7 @@ static int auth_rad_req( struct rgwp_config * cs, struct session ** session, str
/* Check basic information is there, and also retrieve some attribute information */
for (idx = 0; idx < rad_req->attr_used; idx++) {
struct radius_attr_hdr * attr = (struct radius_attr_hdr *)(rad_req->buf + rad_req->attr_pos[idx]);
char * attr_val = (char *)(attr + 1);
uint8_t * attr_val = (uint8_t *)(attr + 1);
size_t attr_len = attr->length - sizeof(struct radius_attr_hdr);
switch (attr->type) {
......@@ -342,7 +341,7 @@ static int auth_rad_req( struct rgwp_config * cs, struct session ** session, str
/* NOTE: RFC4005 says "Origin-Host" here, but it's not coherent with the rules for answers. Destination-Host makes more sense */
case RADIUS_ATTR_STATE:
if ((attr_len > pref_len + 5 /* for the '/'s and non empty strings */ )
&& ! strncmp(attr_val, prefix, pref_len)) { /* should we make it strncasecmp? */
&& ! memcmp(attr_val, prefix, pref_len)) {
int i, start;
TRACE_DEBUG(ANNOYING, "Found a State attribute with '%s' prefix (attr #%d).", prefix, idx);
......@@ -375,7 +374,7 @@ static int auth_rad_req( struct rgwp_config * cs, struct session ** session, str
break;
case RADIUS_ATTR_USER_NAME:
TRACE_DEBUG(ANNOYING, "Found a User-Name attribute: '%.*s'", attr_len, attr_len ? attr_val : "");
TRACE_DEBUG(ANNOYING, "Found a User-Name attribute: '%.*s'", attr_len, attr_len ? (char *)attr_val : "");
un = attr_val;
un_len = attr_len;
break;
......@@ -429,7 +428,7 @@ static int auth_rad_req( struct rgwp_config * cs, struct session ** session, str
}
if (i <= 0) {
/* Not found in the User-Name => we use the local domain of this gateway */
value.os.data = fd_g_config->cnf_diamrlm;
value.os.data = (uint8_t *)fd_g_config->cnf_diamrlm;
value.os.len = fd_g_config->cnf_diamrlm_len;
} else {
value.os.data = un + i;
......@@ -454,7 +453,7 @@ static int auth_rad_req( struct rgwp_config * cs, struct session ** session, str
if (si_len) {
/* We already have the Session-Id, just use it */
CHECK_FCT( fd_sess_fromsid ( si, si_len, session, NULL) );
CHECK_FCT( fd_sess_fromsid ( (char *) /* this cast will be removed later */ si, si_len, session, NULL) );
} else {
/* Create a new Session-Id string */
......@@ -543,7 +542,7 @@ static int auth_rad_req( struct rgwp_config * cs, struct session ** session, str
EAP-Start, and it is translated to an empty EAP-Payload AVP. */
if (got_empty_eap) {
value.os.len = 0;
value.os.data = "";
value.os.data = (uint8_t *)"";
} else {
CHECK_MALLOC( value.os.data = radius_msg_get_eap(rad_req, &value.os.len) );
}
......@@ -1065,7 +1064,8 @@ static int auth_diam_ans( struct rgwp_config * cs, struct session * session, str
struct msg_hdr * hdr;
struct avp *avp, *next, *avp_x, *avp_y, *asid, *aoh;
struct avp_hdr *ahdr, *sid, *oh;
char buf[254]; /* to store some attributes values (with final '\0') */
uint8_t buf[254]; /* to store some attributes values (with final '\0') */
size_t sz;
int ta_set = 0;
int no_str = 0; /* indicate if an STR is required for this server */
uint8_t tuntag = 0;
......@@ -1188,22 +1188,22 @@ static int auth_diam_ans( struct rgwp_config * cs, struct session * session, str
/* Now, save the session-id and eventually server info in a STATE or CLASS attribute */
if ((*rad_fw)->hdr->code == RADIUS_CODE_ACCESS_CHALLENGE) {
if (sizeof(buf) < snprintf(buf, sizeof(buf), "Diameter/%.*s/%.*s/%.*s",
oh->avp_value->os.len, oh->avp_value->os.data,
ahdr->avp_value->os.len, ahdr->avp_value->os.data,
sid->avp_value->os.len, sid->avp_value->os.data)) {
if (sizeof(buf) < (sz = snprintf((char *)buf, sizeof(buf), "Diameter/%.*s/%.*s/%.*s",
oh->avp_value->os.len, (char *)oh->avp_value->os.data,
ahdr->avp_value->os.len, (char *)ahdr->avp_value->os.data,
sid->avp_value->os.len, (char *)sid->avp_value->os.data))) {
TRACE_DEBUG(INFO, "Data truncated in State attribute: %s", buf);
}
CONV2RAD_STR(RADIUS_ATTR_STATE, buf, strlen(buf), 0);
CONV2RAD_STR(RADIUS_ATTR_STATE, buf, sz, 0);
}
if ((*rad_fw)->hdr->code == RADIUS_CODE_ACCESS_ACCEPT) {
/* Add the Session-Id */
if (sizeof(buf) < snprintf(buf, sizeof(buf), "Diameter/%.*s",
sid->avp_value->os.len, sid->avp_value->os.data)) {
if (sizeof(buf) < (sz = snprintf((char *)buf, sizeof(buf), "Diameter/%.*s",
sid->avp_value->os.len, sid->avp_value->os.data))) {
TRACE_DEBUG(INFO, "Data truncated in Class attribute: %s", buf);
}
CONV2RAD_STR(RADIUS_ATTR_CLASS, buf, strlen(buf), 0);
CONV2RAD_STR(RADIUS_ATTR_CLASS, buf, sz, 0);
}
/* Unlink the Origin-Realm now; the others are unlinked at the end of this function */
......@@ -1586,7 +1586,7 @@ static int auth_diam_ans( struct rgwp_config * cs, struct session * session, str
CHECK_FCT( fd_msg_browse(inavp, MSG_BRW_NEXT, &innext, NULL) );
CHECK_FCT( fd_msg_avp_hdr ( inavp, &ahdr ) );
if (ahdr->avp_flags & AVP_FLAG_VENDOR == 0) {
if ( ! (ahdr->avp_flags & AVP_FLAG_VENDOR)) {
switch (ahdr->avp_code) {
case DIAM_ATTR_TUNNEL_TYPE:
CONV2RAD_TUN_32B( RADIUS_ATTR_TUNNEL_TYPE, ahdr->avp_value->u32);
......@@ -1633,7 +1633,6 @@ static int auth_diam_ans( struct rgwp_config * cs, struct session * session, str
*/
size_t pos;
int i;
size_t buflen;
uint8_t * secret; /* S */
size_t secret_len;
uint8_t hash[16]; /* b(i) */
......@@ -1652,7 +1651,7 @@ static int auth_diam_ans( struct rgwp_config * cs, struct session * session, str
buf[2] = (uint8_t)(lrand48()); /* A (low bits) */
/* The plain text string P */
CHECK_PARAM(ahdr->avp_value->os.len < 240);
CHECK_PARAMS(ahdr->avp_value->os.len < 240);
buf[3] = ahdr->avp_value->os.len;
memcpy(&buf[4], ahdr->avp_value->os.data, ahdr->avp_value->os.len);
memset(&buf[4 + ahdr->avp_value->os.len], 0, sizeof(buf) - 4 - ahdr->avp_value->os.len);
......@@ -1816,11 +1815,11 @@ static int auth_diam_ans( struct rgwp_config * cs, struct session * session, str
if ((*rad_fw)->hdr->code == RADIUS_CODE_ACCESS_ACCEPT) {
/* Add the auth-application-id required for STR, or 0 if no STR is required */
CHECK_FCT( fd_msg_hdr( *diam_ans, &hdr ) );
if (sizeof(buf) < snprintf(buf, sizeof(buf), CLASS_AAI_PREFIX "%u",
no_str ? 0 : hdr->msg_appl)) {
if (sizeof(buf) < (sz = snprintf((char *)buf, sizeof(buf), CLASS_AAI_PREFIX "%u",
no_str ? 0 : hdr->msg_appl))) {
TRACE_DEBUG(INFO, "Data truncated in Class attribute: %s", buf);
}
CONV2RAD_STR(RADIUS_ATTR_CLASS, buf, strlen(buf), 0);
CONV2RAD_STR(RADIUS_ATTR_CLASS, buf, sz, 0);
}
return 0;
......
......@@ -239,7 +239,6 @@ static int ed_rad_req( struct rgwp_config * cs, struct session ** session, struc
/* Process an answer: add the ECHO attributes back, if any */
static int ed_diam_ans( struct rgwp_config * cs, struct session * session, struct msg ** diam_ans, struct radius_msg ** rad_fw, struct rgw_client * cli, int * stateful )
{
int ret;
struct fd_list * list = NULL;
TRACE_ENTRY("%p %p %p %p %p %p", cs, session, diam_ans, rad_fw, cli, stateful);
......@@ -264,7 +263,6 @@ static int ed_diam_ans( struct rgwp_config * cs, struct session * session, struc
while (! FD_IS_LIST_EMPTY(list) ) {
struct ed_saved_attribute * esa = (struct ed_saved_attribute *)(list->next);
struct radius_attr_hdr * rc;
fd_list_unlink(&esa->chain);
......
......@@ -53,6 +53,14 @@ See doc/echodrop.rgwx.conf.sample for description of the parsed format. */
#include "rgwx_echodrop.h"
#include "rgwx_echodrop.tab.h" /* bison is not smart enough to define the YYLTYPE before including this code, so... */
/* Forward declaration */
int yyparse(char * conffile, struct rgwp_config *cs);
/* The Lex parser prototype */
int rgwx_echodroplex(YYSTYPE *lvalp, YYLTYPE *llocp);
/* Parse the configuration file */
int ed_conffile_parse(char * conffile, struct rgwp_config *cs)
{
......
......@@ -306,7 +306,7 @@ static int compare_match(char * str, size_t len, struct match_data * md, int * r
return (err == REG_ESPACE) ? ENOMEM : EINVAL;
}
/* Search in list (targets or rules) the next matching item for string str(len). Returned in next_match, or *next_match == NULL if no more match. Re-enter with same next_match for the next one. */
/* Search in list (targets or rules) the next matching item for octet string str(len). Returned in next_match, or *next_match == NULL if no more match. Re-enter with same next_match for the next one. */
static int get_next_match(struct fd_list * list, char * str, size_t len, struct fd_list ** next_match)
{
struct fd_list * li;
......@@ -576,7 +576,7 @@ int rtd_process( struct msg * msg, struct fd_list * candidates )
/* OK, we can now check if one of our rule's criteria match the message content */
r = NULL;
do {
CHECK_FCT ( get_next_match( &target->rules[j], parsed_msg_avp[j].avp->os.data, parsed_msg_avp[j].avp->os.len, (void *)&r) );
CHECK_FCT ( get_next_match( &target->rules[j], (char *) /* is this cast safe? */ parsed_msg_avp[j].avp->os.data, parsed_msg_avp[j].avp->os.len, (void *)&r) );
if (!r)
break;
......
......@@ -167,7 +167,7 @@ static void ta_cli_test_message(int sig)
char * sid;
CHECK_FCT_DO( fd_sess_getsid ( sess, &sid ), goto out );
CHECK_FCT_DO( fd_msg_avp_new ( ta_sess_id, 0, &avp ), goto out );
val.os.data = sid;
val.os.data = (uint8_t *)sid;
val.os.len = strlen(sid);
CHECK_FCT_DO( fd_msg_avp_setvalue( avp, &val ), goto out );
CHECK_FCT_DO( fd_msg_avp_add( req, MSG_BRW_FIRST_CHILD, avp ), goto out );
......
......@@ -56,7 +56,6 @@ static int ta_tr_cb( struct msg ** msg, struct avp * avp, struct session * sess,
{
struct msg *ans, *qry;
struct avp * a;
union avp_value val;
TRACE_ENTRY("%p %p %p %p", msg, avp, sess, act);
......@@ -65,10 +64,10 @@ static int ta_tr_cb( struct msg ** msg, struct avp * avp, struct session * sess,
/* Value of Origin-Host */
fprintf(stderr, "ECHO Test-Request received from ");
CHECK_FCT_DO( fd_msg_search_avp ( *msg, ta_origin_host, &a), return );
CHECK_FCT( fd_msg_search_avp ( *msg, ta_origin_host, &a) );
if (a) {
struct avp_hdr * hdr;
CHECK_FCT_DO( fd_msg_avp_hdr( a, &hdr ), return );
CHECK_FCT( fd_msg_avp_hdr( a, &hdr ) );
fprintf(stderr, "'%.*s'", hdr->avp_value->os.len, hdr->avp_value->os.data);
} else {
fprintf(stderr, "no_Origin-Host");
......
......@@ -161,8 +161,6 @@ struct cnxctx * fd_cnx_serv_sctp(uint16_t port, struct fd_list * ep_list)
CHECK_FCT_DO( ENOTSUP, return NULL);
#else /* DISABLE_SCTP */
struct cnxctx * cnx = NULL;
sSS dummy;
sSA * sa = (sSA *) &dummy;
TRACE_ENTRY("%hu %p", port, ep_list);
......@@ -223,7 +221,6 @@ struct cnxctx * fd_cnx_serv_accept(struct cnxctx * serv)
sSS ss;
socklen_t ss_len = sizeof(ss);
int cli_sock = 0;
struct fd_endpoint * ep;
TRACE_ENTRY("%p", serv);
CHECK_PARAMS_DO(serv, return NULL);
......@@ -987,7 +984,8 @@ int fd_tls_prepare(gnutls_session_t * session, int mode, char * priority, void *
/* Verify remote credentials after successful handshake (return 0 if OK, EINVAL otherwise) */
int fd_tls_verify_credentials(gnutls_session_t session, struct cnxctx * conn, int verbose)
{
int ret, i;
int i;
unsigned int gtret;
const gnutls_datum_t *cert_list;
unsigned int cert_list_size;
gnutls_x509_crt_t cert;
......@@ -1018,14 +1016,6 @@ int fd_tls_verify_credentials(gnutls_session_t session, struct cnxctx * conn, in
fd_log_debug("\t - TLS/IA session\n");
break;
#ifdef ENABLE_SRP
case GNUTLS_CRD_SRP:
fd_log_debug("\t - SRP session with username %s\n",
gnutls_srp_server_get_username (session));
break;
#endif
case GNUTLS_CRD_PSK:
/* This returns NULL in server side. */
if (gnutls_psk_client_get_hint (session) != NULL)
......@@ -1048,6 +1038,17 @@ int fd_tls_verify_credentials(gnutls_session_t session, struct cnxctx * conn, in
fd_log_debug("\t - Ephemeral DH using prime of %d bits\n",
gnutls_dh_get_prime_bits (session));
}
break;
case GNUTLS_CRD_SRP:
fd_log_debug("\t - SRP session with username %s\n",
gnutls_srp_server_get_username (session));
break;
default:
fd_log_debug("\t - Different type of credentials for the session (%d).\n", cred);
break;
}
/* print the protocol's name (ie TLS 1.0) */
......@@ -1072,19 +1073,19 @@ int fd_tls_verify_credentials(gnutls_session_t session, struct cnxctx * conn, in
}
/* First, use built-in verification */
CHECK_GNUTLS_DO( gnutls_certificate_verify_peers2 (session, &ret), return EINVAL );
if (ret) {
CHECK_GNUTLS_DO( gnutls_certificate_verify_peers2 (session, &gtret), return EINVAL );
if (gtret) {
if (TRACE_BOOL(INFO)) {
fd_log_debug("TLS: Remote certificate invalid on socket %d (Remote: '%s')(Connection: '%s') :\n", conn->cc_socket, conn->cc_remid, conn->cc_id);
if (ret & GNUTLS_CERT_INVALID)
if (gtret & GNUTLS_CERT_INVALID)
fd_log_debug(" - The certificate is not trusted (unknown CA? expired?)\n");
if (ret & GNUTLS_CERT_REVOKED)
if (gtret & GNUTLS_CERT_REVOKED)
fd_log_debug(" - The certificate has been revoked.\n");
if (ret & GNUTLS_CERT_SIGNER_NOT_FOUND)
if (gtret & GNUTLS_CERT_SIGNER_NOT_FOUND)
fd_log_debug(" - The certificate hasn't got a known issuer.\n");
if (ret & GNUTLS_CERT_SIGNER_NOT_CA)
if (gtret & GNUTLS_CERT_SIGNER_NOT_CA)
fd_log_debug(" - The certificate signer is not a CA, or uses version 1, or 3 without basic constraints.\n");
if (ret & GNUTLS_CERT_INSECURE_ALGORITHM)
if (gtret & GNUTLS_CERT_INSECURE_ALGORITHM)
fd_log_debug(" - The certificate signature uses a weak algorithm.\n");
}
return EINVAL;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment