pxcloud/spice
5
0
Fork 0
mirror of https://gitlab.uni-freiburg.de/opensourcevdi/spice synced 2025-12-26 22:48:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

client: log subject-host mismatch, and raise ssl warnings to errors

Browse Source
This commit is contained in:
Alon Levy 2011-01-17 16:02:39 +02:00
parent e2d6e8ef4f
commit bf6f246b2e
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
client/red_peer.cpp
View File

@ -365,7 +365,7 @@ bool RedPeer::verify_subject(X509* cert, const HostAuthOptions::CertFieldValueLi
}
if ((size_t)X509_NAME_entry_count(cert_subject) != subject.size()) {
DBG(0, "subject mismatch: #entries cert=%d, input=%d",
LOG_ERROR("subject mismatch: #entries cert=%d, input=%d",
X509_NAME_entry_count(cert_subject), subject.size());
return false;
}
@ -396,7 +396,7 @@ bool RedPeer::verify_subject(X509* cert, const HostAuthOptions::CertFieldValueLi
DBG(0, "subjects match");
return true;
} else {
DBG(0, "subjects mismatch");
LOG_ERROR("host-subject mismatch");
return false;
}
}
@ -505,7 +505,7 @@ void RedPeer::connect_secure(const ConnectionOptions& options, const char* host)
auth_data.info.type_flags = RedPeer::HostAuthOptions::HOST_AUTH_OP_PUBKEY;
}
else {
LOG_WARN("SSL_CTX_load_verify_locations failed CA_file=%s", CA_file.c_str());
LOG_ERROR("SSL_CTX_load_verify_locations failed CA_file=%s", CA_file.c_str());
ssl_error();
}
}
@ -517,7 +517,7 @@ void RedPeer::connect_secure(const ConnectionOptions& options, const char* host)
return_code = SSL_CTX_set_cipher_list(_ctx, options.ciphers.c_str());
if (return_code != 1) {
LOG_WARN("SSL_CTX_set_cipher_list failed, ciphers=%s", options.ciphers.c_str());
LOG_ERROR("SSL_CTX_set_cipher_list failed, ciphers=%s", options.ciphers.c_str());
ssl_error();
}
@ -537,7 +537,7 @@ void RedPeer::connect_secure(const ConnectionOptions& options, const char* host)
return_code = SSL_connect(_ssl);
if (return_code <= 0) {
int ssl_error_code = SSL_get_error(_ssl, return_code);
LOG_WARN("failed to connect w/SSL, ssl_error %s",
LOG_ERROR("failed to connect w/SSL, ssl_error %s",
ERR_error_string(ssl_error_code, NULL));
ssl_error();
}