From 80d73bcca22f098812db06c08bbf2807f19782c0 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 18 Aug 2020 00:22:34 +0200 Subject: [PATCH] tls: provide the CApath verbose log on its own line ... not newline separated from the previous line. This makes it output asterisk prefixed properly like other verbose putput! Reported-by: jmdavitt on github Fixes #5826 Closes #5827 --- lib/vtls/mesalink.c | 15 ++++++--------- lib/vtls/nss.c | 5 ++--- lib/vtls/openssl.c | 15 ++++++--------- lib/vtls/wolfssl.c | 15 ++++++--------- 4 files changed, 20 insertions(+), 30 deletions(-) diff --git a/lib/vtls/mesalink.c b/lib/vtls/mesalink.c index 7132bdfd2..17c64735e 100644 --- a/lib/vtls/mesalink.c +++ b/lib/vtls/mesalink.c @@ -158,8 +158,8 @@ mesalink_connect_step1(struct connectdata *conn, int sockindex) SSL_CONN_CONFIG(CApath))) { if(SSL_CONN_CONFIG(verifypeer)) { failf(data, - "error setting certificate verify locations:\n" - " CAfile: %s\n CApath: %s", + "error setting certificate verify locations: " + " CAfile: %s CApath: %s", SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile) : "none", SSL_CONN_CONFIG(CApath) ? @@ -173,13 +173,10 @@ mesalink_connect_step1(struct connectdata *conn, int sockindex) else { infof(data, "successfully set certificate verify locations:\n"); } - infof(data, - " CAfile: %s\n" - " CApath: %s\n", - SSL_CONN_CONFIG(CAfile)? - SSL_CONN_CONFIG(CAfile): "none", - SSL_CONN_CONFIG(CApath)? - SSL_CONN_CONFIG(CApath): "none"); + infof(data, " CAfile: %s\n", + SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile): "none"); + infof(data, " CApath: %s\n", + SSL_CONN_CONFIG(CApath) ? SSL_CONN_CONFIG(CApath): "none"); } if(SSL_SET_OPTION(cert) && SSL_SET_OPTION(key)) { diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index 0f0d1ee6c..f1ae98f98 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -1631,9 +1631,8 @@ static CURLcode nss_load_ca_certificates(struct connectdata *conn, if(capath && !capath[0]) capath = NULL; - infof(data, " CAfile: %s\n CApath: %s\n", - cafile ? cafile : "none", - capath ? capath : "none"); + infof(data, " CAfile: %s\n", cafile ? cafile : "none"); + infof(data, " CApath: %s\n", capath ? capath : "none"); /* load libnssckbi.so if no other trust roots were specified */ use_trust_module = !cafile && !capath; diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 1685a4aa4..4bfd040d3 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -2978,7 +2978,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) /* Continue with a warning if no certificate verif is required. */ infof(data, "error setting certificate file, continuing anyway\n"); } - infof(data, " CAfile: %s\n", ssl_cafile); + infof(data, " CAfile: %s\n", ssl_cafile); } if(ssl_capath) { if(!SSL_CTX_load_verify_dir(backend->ctx, ssl_capath)) { @@ -2990,7 +2990,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) /* Continue with a warning if no certificate verif is required. */ infof(data, "error setting certificate path, continuing anyway\n"); } - infof(data, " CApath: %s\n", ssl_capath); + infof(data, " CApath: %s\n", ssl_capath); } } #else @@ -3000,8 +3000,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) if(!SSL_CTX_load_verify_locations(backend->ctx, ssl_cafile, ssl_capath)) { if(verifypeer && !imported_native_ca) { /* Fail if we insist on successfully verifying the server. */ - failf(data, "error setting certificate verify locations:\n" - " CAfile: %s\n CApath: %s", + failf(data, "error setting certificate verify locations:" + " CAfile: %s CApath: %s", ssl_cafile ? ssl_cafile : "none", ssl_capath ? ssl_capath : "none"); return CURLE_SSL_CACERT_BADFILE; @@ -3015,11 +3015,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) /* Everything is fine. */ infof(data, "successfully set certificate verify locations:\n"); } - infof(data, - " CAfile: %s\n" - " CApath: %s\n", - ssl_cafile ? ssl_cafile : "none", - ssl_capath ? ssl_capath : "none"); + infof(data, " CAfile: %s\n", ssl_cafile ? ssl_cafile : "none"); + infof(data, " CApath: %s\n", ssl_capath ? ssl_capath : "none"); } #endif diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c index 7b2a124e4..1428032b6 100644 --- a/lib/vtls/wolfssl.c +++ b/lib/vtls/wolfssl.c @@ -353,8 +353,8 @@ wolfssl_connect_step1(struct connectdata *conn, SSL_CONN_CONFIG(CApath))) { if(SSL_CONN_CONFIG(verifypeer)) { /* Fail if we insist on successfully verifying the server. */ - failf(data, "error setting certificate verify locations:\n" - " CAfile: %s\n CApath: %s", + failf(data, "error setting certificate verify locations:" + " CAfile: %s CApath: %s", SSL_CONN_CONFIG(CAfile)? SSL_CONN_CONFIG(CAfile): "none", SSL_CONN_CONFIG(CApath)? @@ -372,13 +372,10 @@ wolfssl_connect_step1(struct connectdata *conn, /* Everything is fine. */ infof(data, "successfully set certificate verify locations:\n"); } - infof(data, - " CAfile: %s\n" - " CApath: %s\n", - SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile): - "none", - SSL_CONN_CONFIG(CApath) ? SSL_CONN_CONFIG(CApath): - "none"); + infof(data, " CAfile: %s\n", + SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile) : "none"); + infof(data, " CApath: %s\n", + SSL_CONN_CONFIG(CApath) ? SSL_CONN_CONFIG(CApath) : "none"); } /* Load the client certificate, and private key */