Hash and URL cosmetics
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 18 Apr 2008 21:27:08 +0000 (21:27 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 18 Apr 2008 21:27:08 +0000 (21:27 -0000)
src/charon/credentials/sets/auth_info_wrapper.c
src/charon/encoding/payloads/cert_payload.c
src/charon/plugins/stroke/stroke_ca.c
src/charon/sa/tasks/ike_cert_post.c
src/charon/sa/tasks/ike_cert_pre.c

index cdbe2bc..32783ff 100644 (file)
@@ -57,7 +57,7 @@ typedef struct {
 } wrapper_enumerator_t;
 
 /**
- * Tries to fetch a certificate that was supplied as hash and URL (replaces the
+ * Tries to fetch a certificate that was supplied as "Hash and URL" (replaces the
  * item's type and value in place).
  */
 static bool fetch_cert(wrapper_enumerator_t *enumerator, auth_item_t *type, void **value)
@@ -72,10 +72,10 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator, auth_item_t *type, void
        chunk_t data;
        certificate_t *cert;
        
-       DBG1(DBG_CFG, "fetching certificate from '%s' ...", url);
+       DBG1(DBG_CFG, "  fetching certificate from '%s' ...", url);
        if (lib->fetcher->fetch(lib->fetcher, url, &data) != SUCCESS)
        {
-               DBG1(DBG_CFG, "fetching certificate from '%s' failed", url);
+               DBG1(DBG_CFG, "  fetching certificate failed");
                /* we set the item to NULL, so we can skip it */
                enumerator->auth->replace_item(enumerator->inner, *type, NULL);
                return FALSE;
@@ -86,13 +86,13 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator, auth_item_t *type, void
        
        if (!cert)
        {
-               DBG1(DBG_CFG, "parsing fetched certificate failed");
+               DBG1(DBG_CFG, "  parsing fetched certificate failed");
                /* we set the item to NULL, so we can skip it */
                enumerator->auth->replace_item(enumerator->inner, *type, NULL);
                return FALSE;
        }
        
-       DBG1(DBG_CFG, "fetched certificate \"%D\"", cert->get_subject(cert));
+       DBG1(DBG_CFG, "  fetched certificate \"%D\"", cert->get_subject(cert));
        charon->credentials->cache_cert(charon->credentials, cert);
        
        *type = (*type == AUTHN_IM_HASH_URL) ? AUTHN_IM_CERT : AUTHN_SUBJECT_CERT;
index c482b7a..4534118 100644 (file)
@@ -79,7 +79,7 @@ struct private_cert_payload_t {
        chunk_t data;
        
        /**
-        * TRUE if the hash and URL data is invalid
+        * TRUE if the "Hash and URL" data is invalid
         */
        bool invalid_hash_and_url;
 };
@@ -133,10 +133,10 @@ static status_t verify(private_cert_payload_t *this)
        if (this->encoding == ENC_X509_HASH_AND_URL ||
                this->encoding == ENC_X509_HASH_AND_URL_BUNDLE)
        {
-               /* rough verification of hash and URL encoded certificates */
+               /* coarse verification of "Hash and URL" encoded certificates */
                if (this->data.len <= 20)
                {
-                       DBG1(DBG_ENC, "invalid payload length for hash and URL (%d), ignore",
+                       DBG1(DBG_ENC, "invalid payload length for hash-and-url (%d), ignore",
                                        this->data.len);
                        this->invalid_hash_and_url = TRUE;
                        return SUCCESS;
@@ -152,7 +152,7 @@ static status_t verify(private_cert_payload_t *this)
                        }
                        else if (!isprint(this->data.ptr[i]))
                        {
-                               DBG1(DBG_ENC, "non printable characters in URL of hash and URL"
+                               DBG1(DBG_ENC, "non printable characters in url of hash-and-url"
                                                " encoded certificate payload, ignore");
                                this->invalid_hash_and_url = TRUE;
                                return SUCCESS;
index ba969b9..c61aadb 100644 (file)
@@ -178,7 +178,7 @@ static enumerator_t *create_inner_cdp(ca_section_t *section, cdp_data_t *data)
 }
 
 /**
- * inner enumerator constructor for hash and URL
+ * inner enumerator constructor for "Hash and URL"
  */
 static enumerator_t *create_inner_cdp_hashandurl(ca_section_t *section, cdp_data_t *data)
 {
@@ -219,7 +219,7 @@ static enumerator_t *create_cdp_enumerator(private_stroke_ca_t *this,
        cdp_data_t *data;
 
        switch (type)
-       {       /* we serve CRLs, OCSP responders and URLs for hash and URL */
+       {       /* we serve CRLs, OCSP responders and URLs for "Hash and URL" */
                case CERT_X509:
                case CERT_X509_CRL:
                case CERT_X509_OCSP_RESPONSE:
@@ -349,7 +349,7 @@ static void check_for_hash_and_url(private_stroke_ca_t *this, certificate_t* cer
        hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
        if (hasher == NULL)
        {
-               DBG1(DBG_IKE, "unable to use hash and URL, SHA1 not supported");
+               DBG1(DBG_IKE, "unable to use hash-and-url: sha1 not supported");
                return;
        }
        
@@ -397,19 +397,19 @@ static void list(private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out)
                        first = FALSE;
                }
                fprintf(out, "\n");
-               fprintf(out, "  authname:   \"%D\"\n", cert->get_subject(cert));
+               fprintf(out, "  authname:    \"%D\"\n", cert->get_subject(cert));
 
                /* list authkey and keyid */
                if (public)
                {
-                       fprintf(out, "  authkey:     %D\n",
+                       fprintf(out, "  authkey:      %D\n",
                                        public->get_id(public, ID_PUBKEY_SHA1));
-                       fprintf(out, "  keyid:       %D\n",
+                       fprintf(out, "  keyid:        %D\n",
                                        public->get_id(public, ID_PUBKEY_INFO_SHA1));
                        public->destroy(public);
                }
-               list_uris(section->crl, "  crluris:    ", out);
-               list_uris(section->ocsp, "  ocspuris:   ", out);
+               list_uris(section->crl, "  crluris:     ", out);
+               list_uris(section->ocsp, "  ocspuris:    ", out);
                fprintf(out, "  certuribase: '%s'\n", section->certuribase);
        }
        enumerator->destroy(enumerator);
index 2532f2d..23e19a5 100644 (file)
@@ -49,7 +49,7 @@ struct private_ike_cert_post_t {
 };
 
 /**
- * Generates the cert payload, if possible with hash and url
+ * Generates the cert payload, if possible with "Hash and URL"
  */
 static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this, certificate_t *cert)
 {
@@ -83,13 +83,13 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this, certifi
                }
                else
                {
-                       DBG1(DBG_IKE, "unable to use hash and URL, SHA1 not supported");
+                       DBG1(DBG_IKE, "unable to use hash-and-url: sha1 not supported");
                }
        }
        
        if (!payload)
        {
-               /* our peer does not support hash and URL or we do not have an URL
+               /* our peer does not support "Hash and URL" or we do not have an URL
                 * to send to our peer, just create a normal cert payload */
                payload = cert_payload_create_from_cert(cert);
        }
index 26ddb6e..8ce19b8 100644 (file)
@@ -134,7 +134,7 @@ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message)
 
 /**
  * tries to extract a certificate from the cert payload or the credential
- * manager (based on the hash of a hash and URL encoded cert).
+ * manager (based on the hash of a "Hash and URL" encoded cert).
  * Note: the returned certificate (if any) has to be destroyed
  */ 
 static certificate_t *try_get_cert(cert_payload_t *cert_payload)
@@ -153,7 +153,7 @@ static certificate_t *try_get_cert(cert_payload_t *cert_payload)
                        chunk_t hash = cert_payload->get_hash(cert_payload);
                        if (!hash.ptr)
                        {
-                               /* invalid hash and URL data (logged elsewhere) */
+                               /* invalid "Hash and URL" data (logged elsewhere) */
                                break;
                        }
                        id = identification_create_from_encoding(ID_CERT_DER_SHA1, hash);
@@ -197,7 +197,7 @@ static void process_certs(private_ike_cert_pre_t *this, message_t *message)
                                        if (type == ENC_X509_HASH_AND_URL &&
                                                !this->http_cert_lookup_supported_sent)
                                        {
-                                               DBG1(DBG_IKE, "received hash and URL encoded cert, but"
+                                               DBG1(DBG_IKE, "received hash-and-url encoded cert, but"
                                                                " we don't accept them, ignore");
                                                break;
                                        }
@@ -224,27 +224,27 @@ static void process_certs(private_ike_cert_pre_t *this, message_t *message)
                                        }
                                        else if (type == ENC_X509_HASH_AND_URL)
                                        {
-                                               /* we received a hash and URL encoded certificate that
+                                               /* we received a "Hash and URL" encoded certificate that
                                                 * we haven't fetched yet, we store the URL and fetch
                                                 * it later */
                                                char *url = cert_payload->get_url(cert_payload);
                                                if (!url)
                                                {
-                                                       DBG1(DBG_IKE, "received invalid hash and URL encoded"
+                                                       DBG1(DBG_IKE, "received invalid hash-and-url encoded"
                                                                        " cert, ignore");
                                                        break;
                                                }
                                                
                                                if (first)
                                                {       /* the first certificate MUST be an end entity one */
-                                                       DBG1(DBG_IKE, "received hash and URL for end"
+                                                       DBG1(DBG_IKE, "received hash-and-url for end"
                                                                        " entity cert \"%s\"", url);
                                                        auth->add_item(auth, AUTHN_SUBJECT_HASH_URL, url);
                                                        first = FALSE;
                                                }
                                                else
                                                {
-                                                       DBG1(DBG_IKE, "received hash and URL for issuer"
+                                                       DBG1(DBG_IKE, "received hash-and-url for issuer"
                                                                        " cert \"%s\"", url);
                                                        auth->add_item(auth, AUTHN_IM_HASH_URL, url);
                                                }
@@ -359,7 +359,7 @@ static void build_certreqs(private_ike_cert_pre_t *this, message_t *message)
        }
        
        /* if we've added at least one certreq, we notify our peer that we support
-        * hash and URL for the requested certificates */
+        * "Hash and URL" for the requested certificates */
        if (lib->settings->get_bool(lib->settings, "charon.hash_and_url", FALSE) &&
                message->get_payload(message, CERTIFICATE_REQUEST))
        {