diff options
author | Gonzalo Aguilar Delgado <gaguilar@level2crm.com> | 2017-05-25 17:11:38 +0200 |
---|---|---|
committer | James E. King, III <jking@apache.org> | 2017-09-21 08:25:44 -0700 |
commit | acbb616192381674c32b3d4ebb2abf4942e4416a (patch) | |
tree | 810d377e5e7c849991ff765f751cf2b03aa17709 /lib/c_glib | |
parent | cbd975924538ae76dee7aae366fd746bc1e5538e (diff) | |
download | thrift-acbb616192381674c32b3d4ebb2abf4942e4416a.tar.gz |
THRIFT-4211: Fix logging in c_glib
This closes #1278
Diffstat (limited to 'lib/c_glib')
-rw-r--r-- | lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c | 58 | ||||
-rw-r--r-- | lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h | 3 |
2 files changed, 32 insertions, 29 deletions
diff --git a/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c b/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c index be8637df3..bc75e2c21 100644 --- a/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c +++ b/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c @@ -159,7 +159,7 @@ thrift_ssl_socket_peek (ThriftTransport *transport, GError **error) gchar byte; rc = SSL_peek(ssl_socket->ssl, &byte, 1); if (rc < 0) { - g_set_error (error, + g_set_error (error, THRIFT_TRANSPORT_ERROR, THRIFT_SSL_SOCKET_ERROR_SSL, "failed to peek at socket - id?"); @@ -409,44 +409,46 @@ thrift_ssl_socket_authorize(ThriftTransport * transport, GError **error) if(cls!=NULL && ssl_socket->ssl!=NULL){ int rc = SSL_get_verify_result(ssl_socket->ssl); if (rc != X509_V_OK) { /* verify authentication result */ - if (rc == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT && ssl_socket->allow_selfsigned) { - g_debug("The certificate is a self-signed certificate and configuration allows it"); - } else { - g_error("The certificate verification failed: %s (%d)", X509_verify_cert_error_string(rc), rc); - return FALSE; - } + if (rc == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT && ssl_socket->allow_selfsigned) { + g_debug("The certificate is a self-signed certificate and configuration allows it"); + } else { + g_set_error (error, + THRIFT_TRANSPORT_ERROR, + THRIFT_SSL_SOCKET_ERROR_SSL_CERT_VALIDATION_FAILED, + "The certificate verification failed: %s (%d)", X509_verify_cert_error_string(rc), rc); + return FALSE; + } } X509* cert = SSL_get_peer_certificate(ssl_socket->ssl); if (cert == NULL) { - if (SSL_get_verify_mode(ssl_socket->ssl) & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) { - g_error("No certificate present"); - return FALSE; - } - - g_debug("No certificate required"); - return TRUE; + if (SSL_get_verify_mode(ssl_socket->ssl) & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) { + g_set_error (error, + THRIFT_TRANSPORT_ERROR, + THRIFT_SSL_SOCKET_ERROR_SSL_CERT_VALIDATION_FAILED, + "No certificate present. Are you connecting SSL server?"); + return FALSE; + } + g_debug("No certificate required"); + return TRUE; } /* certificate is present, since we don't support access manager we are done */ if (cls->authorize_peer == NULL) { - X509_free(cert); - g_debug("Certificate presented but we're not checking it"); - return TRUE; + X509_free(cert); + g_debug("Certificate presented but we're not checking it"); + return TRUE; } else { - /* both certificate and access manager are present */ - struct sockaddr_storage sa; - socklen_t saLength = sizeof(struct sockaddr_storage); - - if (getpeername(socket->sd, (struct sockaddr*)&sa, &saLength) != 0) { - sa.ss_family = AF_UNSPEC; - } - - authorization_result = cls->authorize_peer(transport, cert, &sa, error); + /* both certificate and access manager are present */ + struct sockaddr_storage sa; + socklen_t saLength = sizeof(struct sockaddr_storage); + if (getpeername(socket->sd, (struct sockaddr*)&sa, &saLength) != 0) { + sa.ss_family = AF_UNSPEC; + } + authorization_result = cls->authorize_peer(transport, cert, &sa, error); } - if(cert != NULL) { - X509_free(cert); + X509_free(cert); } } diff --git a/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h b/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h index 0d415b29a..659c88dd9 100644 --- a/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h +++ b/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h @@ -54,7 +54,8 @@ typedef enum { THRIFT_SSL_SOCKET_ERROR_TRANSPORT=7, THRIFT_SSL_SOCKET_ERROR_CIPHER_NOT_AVAILABLE, - THRIFT_SSL_SOCKET_ERROR_SSL + THRIFT_SSL_SOCKET_ERROR_SSL, + THRIFT_SSL_SOCKET_ERROR_SSL_CERT_VALIDATION_FAILED } ThriftSSLSocketError; |