1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 16:48:49 -05:00

tls: provide the CApath verbose log on its own line

... not newline separated from the previous line. This makes it output
asterisk prefixed properly like other verbose putput!

Reported-by: jmdavitt on github
Fixes #5826
Closes #5827
This commit is contained in:
Daniel Stenberg 2020-08-18 00:22:34 +02:00
parent 9d954e49bc
commit 80d73bcca2
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
4 changed files with 20 additions and 30 deletions

View File

@ -158,8 +158,8 @@ mesalink_connect_step1(struct connectdata *conn, int sockindex)
SSL_CONN_CONFIG(CApath))) { SSL_CONN_CONFIG(CApath))) {
if(SSL_CONN_CONFIG(verifypeer)) { if(SSL_CONN_CONFIG(verifypeer)) {
failf(data, failf(data,
"error setting certificate verify locations:\n" "error setting certificate verify locations: "
" CAfile: %s\n CApath: %s", " CAfile: %s CApath: %s",
SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile) ?
SSL_CONN_CONFIG(CAfile) : "none", SSL_CONN_CONFIG(CAfile) : "none",
SSL_CONN_CONFIG(CApath) ? SSL_CONN_CONFIG(CApath) ?
@ -173,13 +173,10 @@ mesalink_connect_step1(struct connectdata *conn, int sockindex)
else { else {
infof(data, "successfully set certificate verify locations:\n"); infof(data, "successfully set certificate verify locations:\n");
} }
infof(data, infof(data, " CAfile: %s\n",
" CAfile: %s\n" SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile): "none");
" CApath: %s\n", infof(data, " CApath: %s\n",
SSL_CONN_CONFIG(CAfile)? SSL_CONN_CONFIG(CApath) ? SSL_CONN_CONFIG(CApath): "none");
SSL_CONN_CONFIG(CAfile): "none",
SSL_CONN_CONFIG(CApath)?
SSL_CONN_CONFIG(CApath): "none");
} }
if(SSL_SET_OPTION(cert) && SSL_SET_OPTION(key)) { if(SSL_SET_OPTION(cert) && SSL_SET_OPTION(key)) {

View File

@ -1631,9 +1631,8 @@ static CURLcode nss_load_ca_certificates(struct connectdata *conn,
if(capath && !capath[0]) if(capath && !capath[0])
capath = NULL; capath = NULL;
infof(data, " CAfile: %s\n CApath: %s\n", infof(data, " CAfile: %s\n", cafile ? cafile : "none");
cafile ? cafile : "none", infof(data, " CApath: %s\n", capath ? capath : "none");
capath ? capath : "none");
/* load libnssckbi.so if no other trust roots were specified */ /* load libnssckbi.so if no other trust roots were specified */
use_trust_module = !cafile && !capath; use_trust_module = !cafile && !capath;

View File

@ -2978,7 +2978,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
/* Continue with a warning if no certificate verif is required. */ /* Continue with a warning if no certificate verif is required. */
infof(data, "error setting certificate file, continuing anyway\n"); infof(data, "error setting certificate file, continuing anyway\n");
} }
infof(data, " CAfile: %s\n", ssl_cafile); infof(data, " CAfile: %s\n", ssl_cafile);
} }
if(ssl_capath) { if(ssl_capath) {
if(!SSL_CTX_load_verify_dir(backend->ctx, ssl_capath)) { if(!SSL_CTX_load_verify_dir(backend->ctx, ssl_capath)) {
@ -2990,7 +2990,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
/* Continue with a warning if no certificate verif is required. */ /* Continue with a warning if no certificate verif is required. */
infof(data, "error setting certificate path, continuing anyway\n"); infof(data, "error setting certificate path, continuing anyway\n");
} }
infof(data, " CApath: %s\n", ssl_capath); infof(data, " CApath: %s\n", ssl_capath);
} }
} }
#else #else
@ -3000,8 +3000,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
if(!SSL_CTX_load_verify_locations(backend->ctx, ssl_cafile, ssl_capath)) { if(!SSL_CTX_load_verify_locations(backend->ctx, ssl_cafile, ssl_capath)) {
if(verifypeer && !imported_native_ca) { if(verifypeer && !imported_native_ca) {
/* Fail if we insist on successfully verifying the server. */ /* Fail if we insist on successfully verifying the server. */
failf(data, "error setting certificate verify locations:\n" failf(data, "error setting certificate verify locations:"
" CAfile: %s\n CApath: %s", " CAfile: %s CApath: %s",
ssl_cafile ? ssl_cafile : "none", ssl_cafile ? ssl_cafile : "none",
ssl_capath ? ssl_capath : "none"); ssl_capath ? ssl_capath : "none");
return CURLE_SSL_CACERT_BADFILE; return CURLE_SSL_CACERT_BADFILE;
@ -3015,11 +3015,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
/* Everything is fine. */ /* Everything is fine. */
infof(data, "successfully set certificate verify locations:\n"); infof(data, "successfully set certificate verify locations:\n");
} }
infof(data, infof(data, " CAfile: %s\n", ssl_cafile ? ssl_cafile : "none");
" CAfile: %s\n" infof(data, " CApath: %s\n", ssl_capath ? ssl_capath : "none");
" CApath: %s\n",
ssl_cafile ? ssl_cafile : "none",
ssl_capath ? ssl_capath : "none");
} }
#endif #endif

View File

@ -353,8 +353,8 @@ wolfssl_connect_step1(struct connectdata *conn,
SSL_CONN_CONFIG(CApath))) { SSL_CONN_CONFIG(CApath))) {
if(SSL_CONN_CONFIG(verifypeer)) { if(SSL_CONN_CONFIG(verifypeer)) {
/* Fail if we insist on successfully verifying the server. */ /* Fail if we insist on successfully verifying the server. */
failf(data, "error setting certificate verify locations:\n" failf(data, "error setting certificate verify locations:"
" CAfile: %s\n CApath: %s", " CAfile: %s CApath: %s",
SSL_CONN_CONFIG(CAfile)? SSL_CONN_CONFIG(CAfile)?
SSL_CONN_CONFIG(CAfile): "none", SSL_CONN_CONFIG(CAfile): "none",
SSL_CONN_CONFIG(CApath)? SSL_CONN_CONFIG(CApath)?
@ -372,13 +372,10 @@ wolfssl_connect_step1(struct connectdata *conn,
/* Everything is fine. */ /* Everything is fine. */
infof(data, "successfully set certificate verify locations:\n"); infof(data, "successfully set certificate verify locations:\n");
} }
infof(data, infof(data, " CAfile: %s\n",
" CAfile: %s\n" SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile) : "none");
" CApath: %s\n", infof(data, " CApath: %s\n",
SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile): SSL_CONN_CONFIG(CApath) ? SSL_CONN_CONFIG(CApath) : "none");
"none",
SSL_CONN_CONFIG(CApath) ? SSL_CONN_CONFIG(CApath):
"none");
} }
/* Load the client certificate, and private key */ /* Load the client certificate, and private key */