25 RCSID(
"$Id: 80451e14a99890819a08e8afc4bd6aad74435aff $")
29 #define LOG_PREFIX "tls"
31 #include <freeradius-devel/util/debug.h>
32 #include <freeradius-devel/util/strerror.h>
38 #if OPENSSL_VERSION_NUMBER < 0x30000000L
39 static inline unsigned long ERR_get_error_all(
const char **
file,
int *
line,
41 const char **
data,
int *flags)
43 if (func != NULL) *func =
"";
51 static void _tls_cert_line_push(
char const *
file,
int line,
int idx, X509 *cert)
55 X509_NAME_oneline(X509_get_subject_name(cert), subject,
sizeof(subject));
56 subject[
sizeof(subject) - 1] =
'\0';
61 static void _tls_cert_line_marker_push(
char const *
file,
int line,
62 int idx, X509 *cert,
bool marker)
66 X509_NAME_oneline(X509_get_subject_name(cert), subject,
sizeof(subject));
67 subject[
sizeof(subject) - 1] =
'\0';
73 static void _tls_cert_line_marker_no_idx_push(
char const *
file,
int line, X509 *cert)
77 X509_NAME_oneline(X509_get_subject_name(cert), subject,
sizeof(subject));
78 subject[
sizeof(subject) - 1] =
'\0';
90 void _fr_tls_strerror_push_chain(
char const *
file,
int line, STACK_OF(X509) *chain, X509 *cert)
94 for (i = sk_X509_num(chain); i > 0 ; i--) {
95 _tls_cert_line_push(
file,
line, i, sk_X509_value(chain, i - 1));
97 if (cert) _tls_cert_line_push(
file,
line, i, cert);
108 void _fr_tls_strerror_push_chain_marker(
char const *
file,
int line,
109 STACK_OF(X509) *chain, X509 *cert, X509 *marker)
113 for (i = sk_X509_num(chain); i > 0 ; i--) {
114 X509 *selected = sk_X509_value(chain, i - 1);
115 _tls_cert_line_marker_push(
file,
line, i, selected, (selected == marker));
117 if (cert) _tls_cert_line_marker_push(
file,
line, i, cert, (cert == marker));
126 void _fr_tls_strerror_push_x509_objects(
char const *
file,
int line, STACK_OF(X509_OBJECT) *objects)
130 for (i = sk_X509_OBJECT_num(objects); i > 0 ; i--) {
131 X509_OBJECT *obj = sk_X509_OBJECT_value(objects, i - 1);
133 switch (X509_OBJECT_get_type(obj)) {
138 _tls_cert_line_marker_no_idx_push(
file,
line, X509_OBJECT_get0_X509(obj));
160 int _fr_tls_strerror_vprintf(
char const *
file,
int line,
char const *
msg, va_list ap)
168 char const *openssl_file;
178 error = ERR_get_error_all(&openssl_file, &openssl_line, &func, &
data, &flags);
179 if (!(flags & ERR_TXT_STRING))
data = NULL;
187 p = talloc_vasprintf(NULL,
msg, ap);
212 while ((error = ERR_get_error_all(&openssl_file, &openssl_line, &func, &
data, &flags))) {
213 if (!(flags & ERR_TXT_STRING))
data = NULL;
static int const char char buffer[256]
#define USES_APPLE_DEPRECATED_API
#define DIAG_UNKNOWN_PRAGMAS
void _fr_strerror_vprintf(char const *file, int line, char const *fmt, va_list ap)
Log to thread local error buffer.
static void _fr_strerror_printf(char const *file, int line, char const *fmt,...)
static void _fr_strerror_printf_push(char const *file, int line, char const *fmt,...)
char const * fr_tls_utils_x509_pkey_type(X509 *cert)
Returns a friendly identifier for the public key type of a certificate.
int format(printf, 5, 0))