Log most X.509 related messages in new ASN log group.
authorTobias Brunner <tobias@strongswan.org>
Fri, 16 Dec 2011 15:31:50 +0000 (16:31 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 16 Dec 2011 15:44:38 +0000 (16:44 +0100)
src/libstrongswan/plugins/x509/x509_ac.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/plugins/x509/x509_crl.c
src/libstrongswan/plugins/x509/x509_ocsp_response.c
src/libstrongswan/plugins/x509/x509_pkcs10.c

index 16522bf..d9b0b62 100644 (file)
@@ -192,7 +192,7 @@ static bool parse_directoryName(chunk_t blob, int level, bool implicit, identifi
                        }
                        else
                        {
-                               DBG1(DBG_LIB, "more than one directory name - first selected");
+                               DBG1(DBG_ASN, "more than one directory name - first selected");
                                directoryName->destroy(directoryName);
                        }
                }
@@ -200,7 +200,7 @@ static bool parse_directoryName(chunk_t blob, int level, bool implicit, identifi
        }
        else
        {
-               DBG1(DBG_LIB, "no directoryName found");
+               DBG1(DBG_ASN, "no directoryName found");
        }
 
        list->destroy(list);
@@ -359,10 +359,10 @@ static bool parse_certificate(private_x509_ac_t *this)
                                break;
                        case AC_OBJ_VERSION:
                                this->version = (object.len) ? (1 + (u_int)*object.ptr) : 1;
-                               DBG2(DBG_LIB, "  v%d", this->version);
+                               DBG2(DBG_ASN, "  v%d", this->version);
                                if (this->version != 2)
                                {
-                                       DBG1(DBG_LIB, "v%d attribute certificates are not "
+                                       DBG1(DBG_ASN, "v%d attribute certificates are not "
                                                 "supported", this->version);
                                        goto end;
                                }
@@ -408,20 +408,20 @@ static bool parse_certificate(private_x509_ac_t *this)
                                switch (type)
                                {
                                        case OID_AUTHENTICATION_INFO:
-                                               DBG2(DBG_LIB, "  need to parse authenticationInfo");
+                                               DBG2(DBG_ASN, "  need to parse authenticationInfo");
                                                break;
                                        case OID_ACCESS_IDENTITY:
-                                               DBG2(DBG_LIB, "  need to parse accessIdentity");
+                                               DBG2(DBG_ASN, "  need to parse accessIdentity");
                                                break;
                                        case OID_CHARGING_IDENTITY:
-                                               DBG2(DBG_LIB, "-- > --");
+                                               DBG2(DBG_ASN, "-- > --");
                                                this->charging = ietf_attributes_create_from_encoding(object);
-                                               DBG2(DBG_LIB, "-- < --");
+                                               DBG2(DBG_ASN, "-- < --");
                                                break;
                                        case OID_GROUP:
-                                               DBG2(DBG_LIB, "-- > --");
+                                               DBG2(DBG_ASN, "-- > --");
                                                this->groups = ietf_attributes_create_from_encoding(object);
-                                               DBG2(DBG_LIB, "-- < --");
+                                               DBG2(DBG_ASN, "-- < --");
                                                break;
                                        case OID_ROLE:
                                                parse_roleSyntax(object, level);
@@ -436,21 +436,21 @@ static bool parse_certificate(private_x509_ac_t *this)
                                break;
                        case AC_OBJ_CRITICAL:
                                critical = object.len && *object.ptr;
-                               DBG2(DBG_LIB, "  %s",(critical)?"TRUE":"FALSE");
+                               DBG2(DBG_ASN, "  %s",(critical)?"TRUE":"FALSE");
                                break;
                        case AC_OBJ_EXTN_VALUE:
                        {
                                switch (extn_oid)
                                {
                                        case OID_CRL_DISTRIBUTION_POINTS:
-                                               DBG2(DBG_LIB, "  need to parse crlDistributionPoints");
+                                               DBG2(DBG_ASN, "  need to parse crlDistributionPoints");
                                                break;
                                        case OID_AUTHORITY_KEY_ID:
                                                this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object,
                                                                                                        level, &this->authKeySerialNumber);
                                                break;
                                        case OID_TARGET_INFORMATION:
-                                               DBG2(DBG_LIB, "  need to parse targetInformation");
+                                               DBG2(DBG_ASN, "  need to parse targetInformation");
                                                break;
                                        case OID_NO_REV_AVAIL:
                                                this->noRevAvail = TRUE;
@@ -465,7 +465,7 @@ static bool parse_certificate(private_x509_ac_t *this)
                                                                                                                                 NULL);
                                if (this->algorithm != sig_alg)
                                {
-                                       DBG1(DBG_LIB, "  signature algorithms do not agree");
+                                       DBG1(DBG_ASN, "  signature algorithms do not agree");
                                        success = FALSE;
                                        goto end;
                                }
index 8b228a2..f828c92 100644 (file)
@@ -301,7 +301,7 @@ static void parse_basicConstraints(chunk_t blob, int level0,
                {
                        case BASIC_CONSTRAINTS_CA:
                                isCA = object.len && *object.ptr;
-                               DBG2(DBG_LIB, "  %s", isCA ? "TRUE" : "FALSE");
+                               DBG2(DBG_ASN, "  %s", isCA ? "TRUE" : "FALSE");
                                if (isCA)
                                {
                                        this->flags |= X509_CA;
@@ -482,7 +482,7 @@ static identification_t *parse_generalName(chunk_t blob, int level0)
                if (id_type != ID_ANY)
                {
                        gn = identification_create_from_encoding(id_type, object);
-                       DBG2(DBG_LIB, "  '%Y'", gn);
+                       DBG2(DBG_ASN, "  '%Y'", gn);
                        goto end;
                }
        }
@@ -638,7 +638,7 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0,
                                                                /* parsing went wrong - abort */
                                                                goto end;
                                                        }
-                                                       DBG2(DBG_LIB, "  '%Y'", id);
+                                                       DBG2(DBG_ASN, "  '%Y'", id);
                                                        if (accessMethod == OID_OCSP &&
                                                                asprintf(&uri, "%Y", id) > 0)
                                                        {
@@ -1134,36 +1134,36 @@ static bool check_address_object(ts_type_t ts_type, chunk_t object)
                case TS_IPV4_ADDR_RANGE:
                        if (object.len > 5)
                        {
-                               DBG1(DBG_LIB, "IPv4 address object is larger than 5 octets");
+                               DBG1(DBG_ASN, "IPv4 address object is larger than 5 octets");
                                return FALSE;
                        }
                        break;
                case TS_IPV6_ADDR_RANGE:
                        if (object.len > 17)
                        {
-                               DBG1(DBG_LIB, "IPv6 address object is larger than 17 octets");
+                               DBG1(DBG_ASN, "IPv6 address object is larger than 17 octets");
                                return FALSE;
                        }
                        break;
                default:
-                       DBG1(DBG_LIB, "unknown address family");
+                       DBG1(DBG_ASN, "unknown address family");
                        return FALSE;
        }
        if (object.len == 0)
        {
-               DBG1(DBG_LIB, "An ASN.1 bit string must contain at least the "
+               DBG1(DBG_ASN, "An ASN.1 bit string must contain at least the "
                         "initial octet");
                return FALSE;
        }
        if (object.len == 1 && object.ptr[0] != 0)
        {
-               DBG1(DBG_LIB, "An empty ASN.1 bit string must contain a zero "
+               DBG1(DBG_ASN, "An empty ASN.1 bit string must contain a zero "
                         "initial octet");
                return FALSE;
        }
        if (object.ptr[0] > 7)
        {
-               DBG1(DBG_LIB, "number of unused bits is too large");
+               DBG1(DBG_ASN, "number of unused bits is too large");
                return FALSE;
        }
        return TRUE;
@@ -1201,11 +1201,11 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0,
                                        {
                                                break;
                                        }
-                                       DBG2(DBG_LIB, "  %N", ts_type_name, ts_type);
+                                       DBG2(DBG_ASN, "  %N", ts_type_name, ts_type);
                                }
                                break;
                        case IP_ADDR_BLOCKS_INHERIT:
-                               DBG1(DBG_LIB, "inherit choice is not supported");
+                               DBG1(DBG_ASN, "inherit choice is not supported");
                                break;
                        case IP_ADDR_BLOCKS_PREFIX:
                                if (!check_address_object(ts_type, object))
@@ -1214,7 +1214,7 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0,
                                }
                                ts = traffic_selector_create_from_rfc3779_format(ts_type,
                                                                                                        object, object);
-                               DBG2(DBG_LIB, "  %R", ts);
+                               DBG2(DBG_ASN, "  %R", ts);
                                this->ipAddrBlocks->insert_last(this->ipAddrBlocks, ts);
                                break;
                        case IP_ADDR_BLOCKS_MIN:
@@ -1231,7 +1231,7 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0,
                                }
                                ts = traffic_selector_create_from_rfc3779_format(ts_type,
                                                                                                        min_object, object);
-                               DBG2(DBG_LIB, "  %R", ts);
+                               DBG2(DBG_ASN, "  %R", ts);
                                this->ipAddrBlocks->insert_last(this->ipAddrBlocks, ts);
                                break;
                        default:
@@ -1320,12 +1320,12 @@ static bool parse_certificate(private_x509_cert_t *this)
                                this->version = (object.len) ? (1+(u_int)*object.ptr) : 1;
                                if (this->version < 1 || this->version > 3)
                                {
-                                       DBG1(DBG_LIB, "X.509v%d not supported", this->version);
+                                       DBG1(DBG_ASN, "X.509v%d not supported", this->version);
                                        goto end;
                                }
                                else
                                {
-                                       DBG2(DBG_LIB, "  X.509v%d", this->version);
+                                       DBG2(DBG_ASN, "  X.509v%d", this->version);
                                }
                                break;
                        case X509_OBJ_SERIAL_NUMBER:
@@ -1336,7 +1336,7 @@ static bool parse_certificate(private_x509_cert_t *this)
                                break;
                        case X509_OBJ_ISSUER:
                                this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
-                               DBG2(DBG_LIB, "  '%Y'", this->issuer);
+                               DBG2(DBG_ASN, "  '%Y'", this->issuer);
                                break;
                        case X509_OBJ_NOT_BEFORE:
                                this->notBefore = asn1_parse_time(object, level);
@@ -1346,13 +1346,13 @@ static bool parse_certificate(private_x509_cert_t *this)
                                break;
                        case X509_OBJ_SUBJECT:
                                this->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object);
-                               DBG2(DBG_LIB, "  '%Y'", this->subject);
+                               DBG2(DBG_ASN, "  '%Y'", this->subject);
                                break;
                        case X509_OBJ_SUBJECT_PUBLIC_KEY_INFO:
-                               DBG2(DBG_LIB, "-- > --");
+                               DBG2(DBG_ASN, "-- > --");
                                this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY,
                                                KEY_ANY, BUILD_BLOB_ASN1_DER, object, BUILD_END);
-                               DBG2(DBG_LIB, "-- < --");
+                               DBG2(DBG_ASN, "-- < --");
                                if (this->public_key == NULL)
                                {
                                        goto end;
@@ -1361,7 +1361,7 @@ static bool parse_certificate(private_x509_cert_t *this)
                        case X509_OBJ_OPTIONAL_EXTENSIONS:
                                if (this->version != 3)
                                {
-                                       DBG1(DBG_LIB, "Only X.509v3 certificates have extensions");
+                                       DBG1(DBG_ASN, "Only X.509v3 certificates have extensions");
                                        goto end;
                                }
                                break;
@@ -1370,7 +1370,7 @@ static bool parse_certificate(private_x509_cert_t *this)
                                break;
                        case X509_OBJ_CRITICAL:
                                critical = object.len && *object.ptr;
-                               DBG2(DBG_LIB, "  %s", critical ? "TRUE" : "FALSE");
+                               DBG2(DBG_ASN, "  %s", critical ? "TRUE" : "FALSE");
                                break;
                        case X509_OBJ_EXTN_VALUE:
                        {
@@ -1445,7 +1445,7 @@ static bool parse_certificate(private_x509_cert_t *this)
                                                if (critical && lib->settings->get_bool(lib->settings,
                                                        "libstrongswan.x509.enforce_critical", TRUE))
                                                {
-                                                       DBG1(DBG_LIB, "critical '%s' extension not supported",
+                                                       DBG1(DBG_ASN, "critical '%s' extension not supported",
                                                                 (extn_oid == OID_UNKNOWN) ? "unknown" :
                                                                 (char*)oid_names[extn_oid].name);
                                                        goto end;
@@ -1458,7 +1458,7 @@ static bool parse_certificate(private_x509_cert_t *this)
                                this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL);
                                if (this->algorithm != sig_alg)
                                {
-                                       DBG1(DBG_LIB, "  signature algorithms do not agree");
+                                       DBG1(DBG_ASN, "  signature algorithms do not agree");
                                        goto end;
                                }
                                break;
@@ -1488,7 +1488,7 @@ end:
                hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
                if (hasher == NULL)
                {
-                       DBG1(DBG_LIB, "  unable to create hash of certificate, SHA1 not supported");
+                       DBG1(DBG_ASN, "  unable to create hash of certificate, SHA1 not supported");
                        return NULL;
                }
                hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash);
@@ -1901,7 +1901,7 @@ chunk_t build_generalName(identification_t *id)
                        context = ASN1_CONTEXT_S_7;
                        break;
                default:
-                       DBG1(DBG_LIB, "encoding %N as generalName not supported",
+                       DBG1(DBG_ASN, "encoding %N as generalName not supported",
                                 id_type_names, id->get_type(id));
                        return chunk_empty;
        }
index 758505a..7bcca16 100644 (file)
@@ -242,14 +242,14 @@ static bool parse(private_x509_crl_t *this)
                                break;
                        case CRL_OBJ_VERSION:
                                this->version = (object.len) ? (1+(u_int)*object.ptr) : 1;
-                               DBG2(DBG_LIB, "  v%d", this->version);
+                               DBG2(DBG_ASN, "  v%d", this->version);
                                break;
                        case CRL_OBJ_SIG_ALG:
                                sig_alg = asn1_parse_algorithmIdentifier(object, level, NULL);
                                break;
                        case CRL_OBJ_ISSUER:
                                this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
-                               DBG2(DBG_LIB, "  '%Y'", this->issuer);
+                               DBG2(DBG_ASN, "  '%Y'", this->issuer);
                                break;
                        case CRL_OBJ_THIS_UPDATE:
                                this->thisUpdate = asn1_parse_time(object, level);
@@ -274,7 +274,7 @@ static bool parse(private_x509_crl_t *this)
                        case CRL_OBJ_CRL_ENTRY_CRITICAL:
                        case CRL_OBJ_CRITICAL:
                                critical = object.len && *object.ptr;
-                               DBG2(DBG_LIB, "  %s", critical ? "TRUE" : "FALSE");
+                               DBG2(DBG_ASN, "  %s", critical ? "TRUE" : "FALSE");
                                break;
                        case CRL_OBJ_CRL_ENTRY_EXTN_VALUE:
                        case CRL_OBJ_EXTN_VALUE:
@@ -291,7 +291,7 @@ static bool parse(private_x509_crl_t *this)
                                                        {
                                                                revoked->reason = *object.ptr;
                                                        }
-                                                       DBG2(DBG_LIB, "  '%N'", crl_reason_names,
+                                                       DBG2(DBG_ASN, "  '%N'", crl_reason_names,
                                                                 revoked->reason);
                                                }
                                                break;
@@ -324,7 +324,7 @@ static bool parse(private_x509_crl_t *this)
                                                if (critical && lib->settings->get_bool(lib->settings,
                                                        "libstrongswan.x509.enforce_critical", TRUE))
                                                {
-                                                       DBG1(DBG_LIB, "critical '%s' extension not supported",
+                                                       DBG1(DBG_ASN, "critical '%s' extension not supported",
                                                                 (extn_oid == OID_UNKNOWN) ? "unknown" :
                                                                 (char*)oid_names[extn_oid].name);
                                                        goto end;
@@ -338,7 +338,7 @@ static bool parse(private_x509_crl_t *this)
                                this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL);
                                if (this->algorithm != sig_alg)
                                {
-                                       DBG1(DBG_LIB, "  signature algorithms do not agree");
+                                       DBG1(DBG_ASN, "  signature algorithms do not agree");
                                        goto end;
                                }
                                break;
index 23b206f..7dfef39 100644 (file)
@@ -507,7 +507,7 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this,
 
                                if (version != OCSP_BASIC_RESPONSE_VERSION)
                                {
-                                       DBG1(DBG_LIB, "  ocsp ResponseData version %d not "
+                                       DBG1(DBG_ASN, "  ocsp ResponseData version %d not "
                                                 "supported", version);
                                        goto end;
                                }
@@ -516,12 +516,12 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this,
                        case BASIC_RESPONSE_ID_BY_NAME:
                                this->responderId = identification_create_from_encoding(
                                                                                                        ID_DER_ASN1_DN, object);
-                               DBG2(DBG_LIB, "  '%Y'", this->responderId);
+                               DBG2(DBG_ASN, "  '%Y'", this->responderId);
                                break;
                        case BASIC_RESPONSE_ID_BY_KEY:
                                this->responderId = identification_create_from_encoding(
                                                                                                        ID_KEY_ID, object);
-                               DBG2(DBG_LIB, "  '%Y'", this->responderId);
+                               DBG2(DBG_ASN, "  '%Y'", this->responderId);
                                break;
                        case BASIC_RESPONSE_PRODUCED_AT:
                                this->producedAt = asn1_to_time(&object, ASN1_GENERALIZEDTIME);
@@ -535,7 +535,7 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this,
                                break;
                        case BASIC_RESPONSE_CRITICAL:
                                critical = object.len && *object.ptr;
-                               DBG2(DBG_LIB, "  %s", critical ? "TRUE" : "FALSE");
+                               DBG2(DBG_ASN, "  %s", critical ? "TRUE" : "FALSE");
                                break;
                        case BASIC_RESPONSE_EXT_VALUE:
                                if (extn_oid == OID_NONCE)
index a19a399..ca08db2 100644 (file)
@@ -276,7 +276,7 @@ static bool parse_extension_request(private_x509_pkcs10_t *this, chunk_t blob, i
                                break;
                        case PKCS10_EXTN_CRITICAL:
                                critical = object.len && *object.ptr;
-                               DBG2(DBG_LIB, "  %s", critical ? "TRUE" : "FALSE");
+                               DBG2(DBG_ASN, "  %s", critical ? "TRUE" : "FALSE");
                                break;
                        case PKCS10_EXTN_VALUE:
                        {
@@ -309,25 +309,25 @@ static bool parse_challengePassword(private_x509_pkcs10_t *this, chunk_t blob, i
 
        if (blob.len < 2)
        {
-               DBG1(DBG_LIB, "L%d - challengePassword:  ASN.1 object smaller "
+               DBG1(DBG_ASN, "L%d - challengePassword:  ASN.1 object smaller "
                         "than 2 octets", level);
                return FALSE;
        }
        tag = *blob.ptr;
        if (tag < ASN1_UTF8STRING || tag > ASN1_IA5STRING)
        {
-               DBG1(DBG_LIB, "L%d - challengePassword:  ASN.1 object is not "
+               DBG1(DBG_ASN, "L%d - challengePassword:  ASN.1 object is not "
                         "a character string", level);
                return FALSE;
        }
        if (asn1_length(&blob) == ASN1_INVALID_LENGTH)
        {
-               DBG1(DBG_LIB, "L%d - challengePassword:  ASN.1 object has an "
+               DBG1(DBG_ASN, "L%d - challengePassword:  ASN.1 object has an "
                         "invalid length", level);
                return FALSE;
        }
-       DBG2(DBG_LIB, "L%d - challengePassword:", level);
-       DBG4(DBG_LIB, "  '%.*s'", blob.len, blob.ptr);
+       DBG2(DBG_ASN, "L%d - challengePassword:", level);
+       DBG4(DBG_ASN, "  '%.*s'", blob.len, blob.ptr);
        return TRUE;
 }
 
@@ -385,14 +385,14 @@ static bool parse_certificate_request(private_x509_pkcs10_t *this)
                        case PKCS10_VERSION:
                                if (object.len > 0 && *object.ptr != 0)
                                {
-                                       DBG1(DBG_LIB, "PKCS#10 certificate request format is "
+                                       DBG1(DBG_ASN, "PKCS#10 certificate request format is "
                                                 "not version 1");
                                        goto end;
                                }
                                break;
                        case PKCS10_SUBJECT:
                                this->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object);
-                               DBG2(DBG_LIB, "  '%Y'", this->subject);
+                               DBG2(DBG_ASN, "  '%Y'", this->subject);
                                break;
                        case PKCS10_SUBJECT_PUBLIC_KEY_INFO:
                                this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY,