Log most X.509 related messages in new ASN log group.
[strongswan.git] / src / libstrongswan / plugins / x509 / x509_cert.c
index 8b228a2..f828c92 100644 (file)
@@ -301,7 +301,7 @@ static void parse_basicConstraints(chunk_t blob, int level0,
                {
                        case BASIC_CONSTRAINTS_CA:
                                isCA = object.len && *object.ptr;
-                               DBG2(DBG_LIB, "  %s", isCA ? "TRUE" : "FALSE");
+                               DBG2(DBG_ASN, "  %s", isCA ? "TRUE" : "FALSE");
                                if (isCA)
                                {
                                        this->flags |= X509_CA;
@@ -482,7 +482,7 @@ static identification_t *parse_generalName(chunk_t blob, int level0)
                if (id_type != ID_ANY)
                {
                        gn = identification_create_from_encoding(id_type, object);
-                       DBG2(DBG_LIB, "  '%Y'", gn);
+                       DBG2(DBG_ASN, "  '%Y'", gn);
                        goto end;
                }
        }
@@ -638,7 +638,7 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0,
                                                                /* parsing went wrong - abort */
                                                                goto end;
                                                        }
-                                                       DBG2(DBG_LIB, "  '%Y'", id);
+                                                       DBG2(DBG_ASN, "  '%Y'", id);
                                                        if (accessMethod == OID_OCSP &&
                                                                asprintf(&uri, "%Y", id) > 0)
                                                        {
@@ -1134,36 +1134,36 @@ static bool check_address_object(ts_type_t ts_type, chunk_t object)
                case TS_IPV4_ADDR_RANGE:
                        if (object.len > 5)
                        {
-                               DBG1(DBG_LIB, "IPv4 address object is larger than 5 octets");
+                               DBG1(DBG_ASN, "IPv4 address object is larger than 5 octets");
                                return FALSE;
                        }
                        break;
                case TS_IPV6_ADDR_RANGE:
                        if (object.len > 17)
                        {
-                               DBG1(DBG_LIB, "IPv6 address object is larger than 17 octets");
+                               DBG1(DBG_ASN, "IPv6 address object is larger than 17 octets");
                                return FALSE;
                        }
                        break;
                default:
-                       DBG1(DBG_LIB, "unknown address family");
+                       DBG1(DBG_ASN, "unknown address family");
                        return FALSE;
        }
        if (object.len == 0)
        {
-               DBG1(DBG_LIB, "An ASN.1 bit string must contain at least the "
+               DBG1(DBG_ASN, "An ASN.1 bit string must contain at least the "
                         "initial octet");
                return FALSE;
        }
        if (object.len == 1 && object.ptr[0] != 0)
        {
-               DBG1(DBG_LIB, "An empty ASN.1 bit string must contain a zero "
+               DBG1(DBG_ASN, "An empty ASN.1 bit string must contain a zero "
                         "initial octet");
                return FALSE;
        }
        if (object.ptr[0] > 7)
        {
-               DBG1(DBG_LIB, "number of unused bits is too large");
+               DBG1(DBG_ASN, "number of unused bits is too large");
                return FALSE;
        }
        return TRUE;
@@ -1201,11 +1201,11 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0,
                                        {
                                                break;
                                        }
-                                       DBG2(DBG_LIB, "  %N", ts_type_name, ts_type);
+                                       DBG2(DBG_ASN, "  %N", ts_type_name, ts_type);
                                }
                                break;
                        case IP_ADDR_BLOCKS_INHERIT:
-                               DBG1(DBG_LIB, "inherit choice is not supported");
+                               DBG1(DBG_ASN, "inherit choice is not supported");
                                break;
                        case IP_ADDR_BLOCKS_PREFIX:
                                if (!check_address_object(ts_type, object))
@@ -1214,7 +1214,7 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0,
                                }
                                ts = traffic_selector_create_from_rfc3779_format(ts_type,
                                                                                                        object, object);
-                               DBG2(DBG_LIB, "  %R", ts);
+                               DBG2(DBG_ASN, "  %R", ts);
                                this->ipAddrBlocks->insert_last(this->ipAddrBlocks, ts);
                                break;
                        case IP_ADDR_BLOCKS_MIN:
@@ -1231,7 +1231,7 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0,
                                }
                                ts = traffic_selector_create_from_rfc3779_format(ts_type,
                                                                                                        min_object, object);
-                               DBG2(DBG_LIB, "  %R", ts);
+                               DBG2(DBG_ASN, "  %R", ts);
                                this->ipAddrBlocks->insert_last(this->ipAddrBlocks, ts);
                                break;
                        default:
@@ -1320,12 +1320,12 @@ static bool parse_certificate(private_x509_cert_t *this)
                                this->version = (object.len) ? (1+(u_int)*object.ptr) : 1;
                                if (this->version < 1 || this->version > 3)
                                {
-                                       DBG1(DBG_LIB, "X.509v%d not supported", this->version);
+                                       DBG1(DBG_ASN, "X.509v%d not supported", this->version);
                                        goto end;
                                }
                                else
                                {
-                                       DBG2(DBG_LIB, "  X.509v%d", this->version);
+                                       DBG2(DBG_ASN, "  X.509v%d", this->version);
                                }
                                break;
                        case X509_OBJ_SERIAL_NUMBER:
@@ -1336,7 +1336,7 @@ static bool parse_certificate(private_x509_cert_t *this)
                                break;
                        case X509_OBJ_ISSUER:
                                this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
-                               DBG2(DBG_LIB, "  '%Y'", this->issuer);
+                               DBG2(DBG_ASN, "  '%Y'", this->issuer);
                                break;
                        case X509_OBJ_NOT_BEFORE:
                                this->notBefore = asn1_parse_time(object, level);
@@ -1346,13 +1346,13 @@ static bool parse_certificate(private_x509_cert_t *this)
                                break;
                        case X509_OBJ_SUBJECT:
                                this->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object);
-                               DBG2(DBG_LIB, "  '%Y'", this->subject);
+                               DBG2(DBG_ASN, "  '%Y'", this->subject);
                                break;
                        case X509_OBJ_SUBJECT_PUBLIC_KEY_INFO:
-                               DBG2(DBG_LIB, "-- > --");
+                               DBG2(DBG_ASN, "-- > --");
                                this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY,
                                                KEY_ANY, BUILD_BLOB_ASN1_DER, object, BUILD_END);
-                               DBG2(DBG_LIB, "-- < --");
+                               DBG2(DBG_ASN, "-- < --");
                                if (this->public_key == NULL)
                                {
                                        goto end;
@@ -1361,7 +1361,7 @@ static bool parse_certificate(private_x509_cert_t *this)
                        case X509_OBJ_OPTIONAL_EXTENSIONS:
                                if (this->version != 3)
                                {
-                                       DBG1(DBG_LIB, "Only X.509v3 certificates have extensions");
+                                       DBG1(DBG_ASN, "Only X.509v3 certificates have extensions");
                                        goto end;
                                }
                                break;
@@ -1370,7 +1370,7 @@ static bool parse_certificate(private_x509_cert_t *this)
                                break;
                        case X509_OBJ_CRITICAL:
                                critical = object.len && *object.ptr;
-                               DBG2(DBG_LIB, "  %s", critical ? "TRUE" : "FALSE");
+                               DBG2(DBG_ASN, "  %s", critical ? "TRUE" : "FALSE");
                                break;
                        case X509_OBJ_EXTN_VALUE:
                        {
@@ -1445,7 +1445,7 @@ static bool parse_certificate(private_x509_cert_t *this)
                                                if (critical && lib->settings->get_bool(lib->settings,
                                                        "libstrongswan.x509.enforce_critical", TRUE))
                                                {
-                                                       DBG1(DBG_LIB, "critical '%s' extension not supported",
+                                                       DBG1(DBG_ASN, "critical '%s' extension not supported",
                                                                 (extn_oid == OID_UNKNOWN) ? "unknown" :
                                                                 (char*)oid_names[extn_oid].name);
                                                        goto end;
@@ -1458,7 +1458,7 @@ static bool parse_certificate(private_x509_cert_t *this)
                                this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL);
                                if (this->algorithm != sig_alg)
                                {
-                                       DBG1(DBG_LIB, "  signature algorithms do not agree");
+                                       DBG1(DBG_ASN, "  signature algorithms do not agree");
                                        goto end;
                                }
                                break;
@@ -1488,7 +1488,7 @@ end:
                hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
                if (hasher == NULL)
                {
-                       DBG1(DBG_LIB, "  unable to create hash of certificate, SHA1 not supported");
+                       DBG1(DBG_ASN, "  unable to create hash of certificate, SHA1 not supported");
                        return NULL;
                }
                hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash);
@@ -1901,7 +1901,7 @@ chunk_t build_generalName(identification_t *id)
                        context = ASN1_CONTEXT_S_7;
                        break;
                default:
-                       DBG1(DBG_LIB, "encoding %N as generalName not supported",
+                       DBG1(DBG_ASN, "encoding %N as generalName not supported",
                                 id_type_names, id->get_type(id));
                        return chunk_empty;
        }