tls: provide the CApath verbose log on its own line

... not newline separated from the previous line. This makes it output asterisk prefixed properly like other verbose putput! Reported-by: jmdavitt on github Fixes #5826 Closes #5827
2024-12-23 08:38:49 -05:00 · 2020-08-18 00:22:34 +02:00 · 2020-08-18 00:22:34 +02:00 · 80d73bcca2
commit 80d73bcca2
parent 9d954e49bc
4 changed files with 20 additions and 30 deletions
--- a/lib/vtls/mesalink.c
+++ b/lib/vtls/mesalink.c
@ -158,8 +158,8 @@ mesalink_connect_step1(struct connectdata *conn, int sockindex)
                                                    SSL_CONN_CONFIG(CApath))) {
      if(SSL_CONN_CONFIG(verifypeer)) {
        failf(data,
-              "error setting certificate verify locations:\n"
-              "  CAfile: %s\n  CApath: %s",
+              "error setting certificate verify locations: "
+              " CAfile: %s CApath: %s",
              SSL_CONN_CONFIG(CAfile) ?
              SSL_CONN_CONFIG(CAfile) : "none",
              SSL_CONN_CONFIG(CApath) ?
@ -173,13 +173,10 @@ mesalink_connect_step1(struct connectdata *conn, int sockindex)
    else {
      infof(data, "successfully set certificate verify locations:\n");
    }
-    infof(data,
-          "  CAfile: %s\n"
-          "  CApath: %s\n",
-          SSL_CONN_CONFIG(CAfile)?
-          SSL_CONN_CONFIG(CAfile): "none",
-          SSL_CONN_CONFIG(CApath)?
-          SSL_CONN_CONFIG(CApath): "none");
+    infof(data, " CAfile: %s\n",
+          SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile): "none");
+    infof(data, " CApath: %s\n",
+          SSL_CONN_CONFIG(CApath) ? SSL_CONN_CONFIG(CApath): "none");
  }

  if(SSL_SET_OPTION(cert) && SSL_SET_OPTION(key)) {
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@ -1631,9 +1631,8 @@ static CURLcode nss_load_ca_certificates(struct connectdata *conn,
  if(capath && !capath[0])
    capath = NULL;

-  infof(data, "  CAfile: %s\n  CApath: %s\n",
-      cafile ? cafile : "none",
-      capath ? capath : "none");
+  infof(data, " CAfile: %s\n", cafile ? cafile : "none");
+  infof(data, " CApath: %s\n", capath ? capath : "none");

  /* load libnssckbi.so if no other trust roots were specified */
  use_trust_module = !cafile && !capath;
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@ -2978,7 +2978,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
        /* Continue with a warning if no certificate verif is required. */
        infof(data, "error setting certificate file, continuing anyway\n");
      }
-      infof(data, "  CAfile: %s\n", ssl_cafile);
+      infof(data, " CAfile: %s\n", ssl_cafile);
    }
    if(ssl_capath) {
      if(!SSL_CTX_load_verify_dir(backend->ctx, ssl_capath)) {
@ -2990,7 +2990,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
        /* Continue with a warning if no certificate verif is required. */
        infof(data, "error setting certificate path, continuing anyway\n");
      }
-      infof(data, "  CApath: %s\n", ssl_capath);
+      infof(data, " CApath: %s\n", ssl_capath);
    }
  }
 #else
@ -3000,8 +3000,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
    if(!SSL_CTX_load_verify_locations(backend->ctx, ssl_cafile, ssl_capath)) {
      if(verifypeer && !imported_native_ca) {
        /* Fail if we insist on successfully verifying the server. */
-        failf(data, "error setting certificate verify locations:\n"
-              "  CAfile: %s\n  CApath: %s",
+        failf(data, "error setting certificate verify locations:"
+              "  CAfile: %s CApath: %s",
              ssl_cafile ? ssl_cafile : "none",
              ssl_capath ? ssl_capath : "none");
        return CURLE_SSL_CACERT_BADFILE;
@ -3015,11 +3015,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
      /* Everything is fine. */
      infof(data, "successfully set certificate verify locations:\n");
    }
-    infof(data,
-          "  CAfile: %s\n"
-          "  CApath: %s\n",
-          ssl_cafile ? ssl_cafile : "none",
-          ssl_capath ? ssl_capath : "none");
+    infof(data, " CAfile: %s\n", ssl_cafile ? ssl_cafile : "none");
+    infof(data, " CApath: %s\n", ssl_capath ? ssl_capath : "none");
  }
 #endif

--- a/lib/vtls/wolfssl.c
+++ b/lib/vtls/wolfssl.c
@ -353,8 +353,8 @@ wolfssl_connect_step1(struct connectdata *conn,
                                      SSL_CONN_CONFIG(CApath))) {
      if(SSL_CONN_CONFIG(verifypeer)) {
        /* Fail if we insist on successfully verifying the server. */
-        failf(data, "error setting certificate verify locations:\n"
-              "  CAfile: %s\n  CApath: %s",
+        failf(data, "error setting certificate verify locations:"
+              " CAfile: %s CApath: %s",
              SSL_CONN_CONFIG(CAfile)?
              SSL_CONN_CONFIG(CAfile): "none",
              SSL_CONN_CONFIG(CApath)?
@ -372,13 +372,10 @@ wolfssl_connect_step1(struct connectdata *conn,
      /* Everything is fine. */
      infof(data, "successfully set certificate verify locations:\n");
    }
-    infof(data,
-          "  CAfile: %s\n"
-          "  CApath: %s\n",
-          SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile):
-          "none",
-          SSL_CONN_CONFIG(CApath) ? SSL_CONN_CONFIG(CApath):
-          "none");
+    infof(data, " CAfile: %s\n",
+          SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile) : "none");
+    infof(data, " CApath: %s\n",
+          SSL_CONN_CONFIG(CApath) ? SSL_CONN_CONFIG(CApath) : "none");
  }

  /* Load the client certificate, and private key */