THRIFT-4211: Fix logging in c_glib

This closes #1278
author: Gonzalo Aguilar Delgado <gaguilar@level2crm.com> 2017-05-25 17:11:38 +0200
committer: James E. King, III <jking@apache.org> 2017-09-21 08:25:44 -0700
commit: acbb616192381674c32b3d4ebb2abf4942e4416a (patch)
tree: 810d377e5e7c849991ff765f751cf2b03aa17709 /lib/c_glib
parent: cbd975924538ae76dee7aae366fd746bc1e5538e (diff)
download: thrift-acbb616192381674c32b3d4ebb2abf4942e4416a.tar.gz
2 files changed, 32 insertions, 29 deletions
diff --git a/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c b/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c
index be8637df3..bc75e2c21 100644
--- a/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c
+++ b/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c
@@ -159,7 +159,7 @@ thrift_ssl_socket_peek (ThriftTransport *transport, GError **error)
       gchar byte;
       rc = SSL_peek(ssl_socket->ssl, &byte, 1);
       if (rc < 0) {
-	  g_set_error (error,
+	        g_set_error (error,
 		       THRIFT_TRANSPORT_ERROR,
 		       THRIFT_SSL_SOCKET_ERROR_SSL,
 		       "failed to peek at socket - id?");
@@ -409,44 +409,46 @@ thrift_ssl_socket_authorize(ThriftTransport * transport, GError **error)
   if(cls!=NULL && ssl_socket->ssl!=NULL){
       int rc = SSL_get_verify_result(ssl_socket->ssl);
       if (rc != X509_V_OK) { /* verify authentication result */
-	  if (rc == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT && ssl_socket->allow_selfsigned) {
-	      g_debug("The certificate is a self-signed certificate and configuration allows it");
-	  } else {
-	      g_error("The certificate verification failed: %s (%d)", X509_verify_cert_error_string(rc), rc);
-	      return FALSE;
-	  }
+	      if (rc == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT && ssl_socket->allow_selfsigned) {
+	          g_debug("The certificate is a self-signed certificate and configuration allows it");
+	      } else {
+          	g_set_error (error,
+              THRIFT_TRANSPORT_ERROR,
+		          THRIFT_SSL_SOCKET_ERROR_SSL_CERT_VALIDATION_FAILED,
+		          "The certificate verification failed: %s (%d)", X509_verify_cert_error_string(rc), rc);
+	          return FALSE;
+	      }
       }
 
       X509* cert = SSL_get_peer_certificate(ssl_socket->ssl);
       if (cert == NULL) {
-	  if (SSL_get_verify_mode(ssl_socket->ssl) & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
-	      g_error("No certificate present");
-	      return FALSE;
-	  }
-
-	  g_debug("No certificate required");
-	  return TRUE;
+	      if (SSL_get_verify_mode(ssl_socket->ssl) & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
+          	g_set_error (error,
+              THRIFT_TRANSPORT_ERROR,
+		          THRIFT_SSL_SOCKET_ERROR_SSL_CERT_VALIDATION_FAILED,
+		          "No certificate present. Are you connecting SSL server?");
+	          return FALSE;
+	      }
+	      g_debug("No certificate required");
+	      return TRUE;
       }
 
       /* certificate is present, since we don't support access manager we are done */
       if (cls->authorize_peer == NULL) {
-	  X509_free(cert);
-	  g_debug("Certificate presented but we're not checking it");
-	  return TRUE;
+	      X509_free(cert);
+	      g_debug("Certificate presented but we're not checking it");
+	      return TRUE;
       } else {
-	  /* both certificate and access manager are present */
-	  struct sockaddr_storage sa;
-	  socklen_t saLength = sizeof(struct sockaddr_storage);
-
-	  if (getpeername(socket->sd, (struct sockaddr*)&sa, &saLength) != 0) {
-	      sa.ss_family = AF_UNSPEC;
-	  }
-
-	  authorization_result = cls->authorize_peer(transport, cert, &sa, error);
+	      /* both certificate and access manager are present */
+	      struct sockaddr_storage sa;
+	      socklen_t saLength = sizeof(struct sockaddr_storage);
+        if (getpeername(socket->sd, (struct sockaddr*)&sa, &saLength) != 0) {
+            sa.ss_family = AF_UNSPEC;
+        }
+	      authorization_result = cls->authorize_peer(transport, cert, &sa, error);
       }
-
       if(cert != NULL) {
-	  X509_free(cert);
+        X509_free(cert);
       }
   }
 
diff --git a/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h b/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h
index 0d415b29a..659c88dd9 100644
--- a/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h
+++ b/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h
@@ -54,7 +54,8 @@ typedef enum
 {
   THRIFT_SSL_SOCKET_ERROR_TRANSPORT=7,
   THRIFT_SSL_SOCKET_ERROR_CIPHER_NOT_AVAILABLE,
-  THRIFT_SSL_SOCKET_ERROR_SSL
+  THRIFT_SSL_SOCKET_ERROR_SSL,
+  THRIFT_SSL_SOCKET_ERROR_SSL_CERT_VALIDATION_FAILED
 } ThriftSSLSocketError;
author	Gonzalo Aguilar Delgado <gaguilar@level2crm.com>	2017-05-25 17:11:38 +0200
committer	James E. King, III <jking@apache.org>	2017-09-21 08:25:44 -0700
commit	acbb616192381674c32b3d4ebb2abf4942e4416a (patch)
tree	810d377e5e7c849991ff765f751cf2b03aa17709 /lib/c_glib
parent	cbd975924538ae76dee7aae366fd746bc1e5538e (diff)
download	thrift-acbb616192381674c32b3d4ebb2abf4942e4416a.tar.gz