[GNUnet-SVN] [gnunet] 05/05: SSL->TLS / X.509 in log messages and commen

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnunet] 05/05: SSL->TLS / X.509 in log messages and commen

From:	gnunet
Subject:	[GNUnet-SVN] [gnunet] 05/05: SSL->TLS / X.509 in log messages and comments, remove unnecessary check
Date:	Thu, 08 Mar 2018 16:43:12 +0100

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository gnunet.

commit da76b1b40e8a4492dfdffe6cd6201c13db1b5a24
Author: Christian Grothoff <address@hidden>
AuthorDate: Thu Mar 8 16:42:53 2018 +0100

    SSL->TLS / X.509 in log messages and comments, remove unnecessary check
---
 src/gns/gnunet-gns-proxy.c | 46 +++++++++++++++-------------------------------
 1 file changed, 15 insertions(+), 31 deletions(-)

diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c
index ce06ccebe..8b9aa599e 100644
--- a/src/gns/gnunet-gns-proxy.c
+++ b/src/gns/gnunet-gns-proxy.c
@@ -88,7 +88,7 @@
 #define MAX_PEM_SIZE (10 * 1024)
 
 /**
- * After how long do we clean up unused MHD SSL/TLS instances?
+ * After how long do we clean up unused MHD TLS instances?
  */
 #define MHD_CACHE_TIMEOUT GNUNET_TIME_relative_multiply 
(GNUNET_TIME_UNIT_MINUTES, 5)
 
@@ -343,7 +343,7 @@ struct MhdHttpList
   struct MhdHttpList *next;
 
   /**
-   * the domain name to server (only important for SSL)
+   * the domain name to server (only important for TLS)
    */
   char *domain;
 
@@ -528,7 +528,7 @@ struct Socks5Request
   struct MHD_Response *response;
 
   /**
-   * the domain name to server (only important for SSL)
+   * the domain name to server (only important for TLS)
    */
   char *domain;
 
@@ -613,7 +613,7 @@ struct Socks5Request
   struct HttpResponseHeader *header_tail;
 
   /**
-   * SSL Certificate status
+   * X.509 Certificate status
    */
   int ssl_checked;
 
@@ -689,7 +689,7 @@ static struct MhdHttpList *mhd_httpd_head;
 static struct MhdHttpList *mhd_httpd_tail;
 
 /**
- * Daemon for HTTP (we have one per SSL certificate, and then one for
+ * Daemon for HTTP (we have one per X.509 certificate, and then one for
  * all HTTP connections; this is the one for HTTP, not HTTPS).
  */
 static struct MhdHttpList *httpd;
@@ -705,7 +705,7 @@ static struct Socks5Request *s5r_head;
 static struct Socks5Request *s5r_tail;
 
 /**
- * The CA for SSL certificate generation
+ * The CA for X.509 certificate generation
  */
 static struct ProxyCA proxy_ca;
 
@@ -877,7 +877,7 @@ mhd_content_cb (void *cls,
 
 
 /**
- * Check that the website has presented us with a valid SSL certificate.
+ * Check that the website has presented us with a valid X.509 certificate.
  * The certificate must either match the domain name or the LEHO name
  * (or, if available, the TLSA record).
  *
@@ -898,7 +898,7 @@ check_ssl_certificate (struct Socks5Request *s5r)
 
   s5r->ssl_checked = GNUNET_YES;
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Checking SSL certificate\n");
+              "Checking X.509 certificate\n");
   if (CURLE_OK !=
       curl_easy_getinfo (s5r->curl,
                         CURLINFO_TLS_SESSION,
@@ -907,7 +907,7 @@ check_ssl_certificate (struct Socks5Request *s5r)
   if (CURLSSLBACKEND_GNUTLS != tlsinfo->backend)
   {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                _("Unsupported CURL SSL backend %d\n"),
+                _("Unsupported CURL TLS backend %d\n"),
                 tlsinfo->backend);
     return GNUNET_SYSERR;
   }
@@ -1015,7 +1015,7 @@ check_ssl_certificate (struct Socks5Request *s5r)
                                                      name)))
       {
         GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
-                    _("SSL certificate subject name (%s) does not match 
`%s'\n"),
+                    _("TLS certificate subject name (%s) does not match 
`%s'\n"),
                     certdn,
                     name);
         gnutls_x509_crt_deinit (x509_cert);
@@ -1068,7 +1068,7 @@ curl_check_hdr (void *buffer,
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Receiving HTTP response header from CURL\n");
-  /* first, check SSL certificate */
+  /* first, check TLS certificate */
   if ( (GNUNET_YES != s5r->ssl_checked) &&
        (HTTPS_PORT == s5r->port))
   {
@@ -2382,7 +2382,7 @@ generate_gns_certificate (const char *name)
   struct ProxyGNSCertificate *pgc;
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Generating TLS/SSL certificate for `%s'\n",
+              "Generating x.509 certificate for `%s'\n",
               name);
   GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_init (&request));
   GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_set_key (request, 
proxy_ca.key));
@@ -2439,9 +2439,9 @@ mhd_error_log_callback (void *cls,
 
 
 /**
- * Lookup (or create) an SSL MHD instance for a particular domain.
+ * Lookup (or create) an TLS MHD instance for a particular domain.
  *
- * @param domain the domain the SSL daemon has to serve
+ * @param domain the domain the TLS daemon has to serve
  * @return NULL on error
  */
 static struct MhdHttpList *
@@ -2932,14 +2932,6 @@ do_s5r_read (void *cls)
             struct sockaddr_in *in;
 
             s5r->port = ntohs (*port);
-            if (HTTPS_PORT == s5r->port)
-            {
-              GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                          _("SSL connection to plain IPv4 address 
requested\n"));
-              signal_socks_failure (s5r,
-                                    
SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE);
-              return;
-            }
             alen = sizeof (struct in_addr);
             if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) +
                 alen + sizeof (uint16_t))
@@ -2961,14 +2953,6 @@ do_s5r_read (void *cls)
             struct sockaddr_in6 *in;
 
             s5r->port = ntohs (*port);
-            if (HTTPS_PORT == s5r->port)
-            {
-              GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                          _("SSL connection to plain IPv4 address 
requested\n"));
-              signal_socks_failure (s5r,
-                                    
SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE);
-              return;
-            }
             alen = sizeof (struct in6_addr);
             if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) +
                 alen + sizeof (uint16_t))
@@ -3295,7 +3279,7 @@ run (void *cls,
                             cafile)) )
   {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                _("Failed to load SSL/TLS key and certificate from `%s'\n"),
+                _("Failed to load X.509 key and certificate from `%s'\n"),
                 cafile);
     gnutls_x509_crt_deinit (proxy_ca.cert);
     gnutls_x509_privkey_deinit (proxy_ca.key);

-- 
To stop receiving notification emails like this one, please contact
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [gnunet] branch master updated (800d91ce4 -> da76b1b40), gnunet, 2018/03/08
- [GNUnet-SVN] [gnunet] 03/05: enable cache use by default, gnunet, 2018/03/08
- [GNUnet-SVN] [gnunet] 02/05: enforce query is primary key, gnunet, 2018/03/08
- [GNUnet-SVN] [gnunet] 01/05: fix off-by-one in BOX type processing, gnunet, 2018/03/08
- [GNUnet-SVN] [gnunet] 04/05: avoid specifying useless DEFAULT values, gnunet, 2018/03/08
- [GNUnet-SVN] [gnunet] 05/05: SSL->TLS / X.509 in log messages and comments, remove unnecessary check, gnunet <=

Prev by Date: [GNUnet-SVN] [gnunet] branch master updated (800d91ce4 -> da76b1b40)
Next by Date: [GNUnet-SVN] [gnunet] branch master updated: rps service: minor changes and logging
Previous by thread: [GNUnet-SVN] [gnunet] 04/05: avoid specifying useless DEFAULT values
Next by thread: [GNUnet-SVN] [gnunet] branch master updated: rps service: minor changes and logging
Index(es):
- Date
- Thread