[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnunet] 05/05: SSL->TLS / X.509 in log messages and commen
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnunet] 05/05: SSL->TLS / X.509 in log messages and comments, remove unnecessary check |
Date: |
Thu, 08 Mar 2018 16:43:12 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository gnunet.
commit da76b1b40e8a4492dfdffe6cd6201c13db1b5a24
Author: Christian Grothoff <address@hidden>
AuthorDate: Thu Mar 8 16:42:53 2018 +0100
SSL->TLS / X.509 in log messages and comments, remove unnecessary check
---
src/gns/gnunet-gns-proxy.c | 46 +++++++++++++++-------------------------------
1 file changed, 15 insertions(+), 31 deletions(-)
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c
index ce06ccebe..8b9aa599e 100644
--- a/src/gns/gnunet-gns-proxy.c
+++ b/src/gns/gnunet-gns-proxy.c
@@ -88,7 +88,7 @@
#define MAX_PEM_SIZE (10 * 1024)
/**
- * After how long do we clean up unused MHD SSL/TLS instances?
+ * After how long do we clean up unused MHD TLS instances?
*/
#define MHD_CACHE_TIMEOUT GNUNET_TIME_relative_multiply
(GNUNET_TIME_UNIT_MINUTES, 5)
@@ -343,7 +343,7 @@ struct MhdHttpList
struct MhdHttpList *next;
/**
- * the domain name to server (only important for SSL)
+ * the domain name to server (only important for TLS)
*/
char *domain;
@@ -528,7 +528,7 @@ struct Socks5Request
struct MHD_Response *response;
/**
- * the domain name to server (only important for SSL)
+ * the domain name to server (only important for TLS)
*/
char *domain;
@@ -613,7 +613,7 @@ struct Socks5Request
struct HttpResponseHeader *header_tail;
/**
- * SSL Certificate status
+ * X.509 Certificate status
*/
int ssl_checked;
@@ -689,7 +689,7 @@ static struct MhdHttpList *mhd_httpd_head;
static struct MhdHttpList *mhd_httpd_tail;
/**
- * Daemon for HTTP (we have one per SSL certificate, and then one for
+ * Daemon for HTTP (we have one per X.509 certificate, and then one for
* all HTTP connections; this is the one for HTTP, not HTTPS).
*/
static struct MhdHttpList *httpd;
@@ -705,7 +705,7 @@ static struct Socks5Request *s5r_head;
static struct Socks5Request *s5r_tail;
/**
- * The CA for SSL certificate generation
+ * The CA for X.509 certificate generation
*/
static struct ProxyCA proxy_ca;
@@ -877,7 +877,7 @@ mhd_content_cb (void *cls,
/**
- * Check that the website has presented us with a valid SSL certificate.
+ * Check that the website has presented us with a valid X.509 certificate.
* The certificate must either match the domain name or the LEHO name
* (or, if available, the TLSA record).
*
@@ -898,7 +898,7 @@ check_ssl_certificate (struct Socks5Request *s5r)
s5r->ssl_checked = GNUNET_YES;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Checking SSL certificate\n");
+ "Checking X.509 certificate\n");
if (CURLE_OK !=
curl_easy_getinfo (s5r->curl,
CURLINFO_TLS_SESSION,
@@ -907,7 +907,7 @@ check_ssl_certificate (struct Socks5Request *s5r)
if (CURLSSLBACKEND_GNUTLS != tlsinfo->backend)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- _("Unsupported CURL SSL backend %d\n"),
+ _("Unsupported CURL TLS backend %d\n"),
tlsinfo->backend);
return GNUNET_SYSERR;
}
@@ -1015,7 +1015,7 @@ check_ssl_certificate (struct Socks5Request *s5r)
name)))
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
- _("SSL certificate subject name (%s) does not match
`%s'\n"),
+ _("TLS certificate subject name (%s) does not match
`%s'\n"),
certdn,
name);
gnutls_x509_crt_deinit (x509_cert);
@@ -1068,7 +1068,7 @@ curl_check_hdr (void *buffer,
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Receiving HTTP response header from CURL\n");
- /* first, check SSL certificate */
+ /* first, check TLS certificate */
if ( (GNUNET_YES != s5r->ssl_checked) &&
(HTTPS_PORT == s5r->port))
{
@@ -2382,7 +2382,7 @@ generate_gns_certificate (const char *name)
struct ProxyGNSCertificate *pgc;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Generating TLS/SSL certificate for `%s'\n",
+ "Generating x.509 certificate for `%s'\n",
name);
GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_init (&request));
GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_set_key (request,
proxy_ca.key));
@@ -2439,9 +2439,9 @@ mhd_error_log_callback (void *cls,
/**
- * Lookup (or create) an SSL MHD instance for a particular domain.
+ * Lookup (or create) an TLS MHD instance for a particular domain.
*
- * @param domain the domain the SSL daemon has to serve
+ * @param domain the domain the TLS daemon has to serve
* @return NULL on error
*/
static struct MhdHttpList *
@@ -2932,14 +2932,6 @@ do_s5r_read (void *cls)
struct sockaddr_in *in;
s5r->port = ntohs (*port);
- if (HTTPS_PORT == s5r->port)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- _("SSL connection to plain IPv4 address
requested\n"));
- signal_socks_failure (s5r,
-
SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE);
- return;
- }
alen = sizeof (struct in_addr);
if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) +
alen + sizeof (uint16_t))
@@ -2961,14 +2953,6 @@ do_s5r_read (void *cls)
struct sockaddr_in6 *in;
s5r->port = ntohs (*port);
- if (HTTPS_PORT == s5r->port)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- _("SSL connection to plain IPv4 address
requested\n"));
- signal_socks_failure (s5r,
-
SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE);
- return;
- }
alen = sizeof (struct in6_addr);
if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) +
alen + sizeof (uint16_t))
@@ -3295,7 +3279,7 @@ run (void *cls,
cafile)) )
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- _("Failed to load SSL/TLS key and certificate from `%s'\n"),
+ _("Failed to load X.509 key and certificate from `%s'\n"),
cafile);
gnutls_x509_crt_deinit (proxy_ca.cert);
gnutls_x509_privkey_deinit (proxy_ca.key);
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnunet] branch master updated (800d91ce4 -> da76b1b40), gnunet, 2018/03/08
- [GNUnet-SVN] [gnunet] 03/05: enable cache use by default, gnunet, 2018/03/08
- [GNUnet-SVN] [gnunet] 02/05: enforce query is primary key, gnunet, 2018/03/08
- [GNUnet-SVN] [gnunet] 01/05: fix off-by-one in BOX type processing, gnunet, 2018/03/08
- [GNUnet-SVN] [gnunet] 04/05: avoid specifying useless DEFAULT values, gnunet, 2018/03/08
- [GNUnet-SVN] [gnunet] 05/05: SSL->TLS / X.509 in log messages and comments, remove unnecessary check,
gnunet <=