@@ -92,21 +92,21 @@ verify_certificate_callback (gnutls_session_t session)
9292
9393 TLSCallbackData * callback_data = (TLSCallbackData * )gnutls_session_get_ptr (session );
9494 if (!callback_data ) {
95- rfbClientErrEx ( client , "Failed to validate certificate - missing callback data\n" );
95+ rfbClientErr ( "Failed to validate certificate - missing callback data\n" );
9696 return GNUTLS_E_CERTIFICATE_ERROR ;
9797 }
9898
9999 sptr = callback_data -> rfbClient ;
100100 cred = callback_data -> rfbCredential ;
101101
102102 if (!sptr ) {
103- rfbClientLogEx ( client , "Failed to validate certificate - missing client data\n" );
103+ rfbClientLog ( "Failed to validate certificate - missing client data\n" );
104104 return GNUTLS_E_CERTIFICATE_ERROR ;
105105 }
106106
107107 hostname = sptr -> serverHost ;
108108 if (!hostname ) {
109- rfbClientLogEx (client , "No server hostname found for client\n" );
109+ rfbClientLogEx (sptr , "No server hostname found for client\n" );
110110 return GNUTLS_E_CERTIFICATE_ERROR ;
111111 }
112112
@@ -116,49 +116,49 @@ verify_certificate_callback (gnutls_session_t session)
116116 ret = gnutls_certificate_verify_peers2 (session , & status );
117117 if (ret < 0 )
118118 {
119- rfbClientLogEx (client , "Certificate validation call failed\n" );
119+ rfbClientLogEx (sptr , "Certificate validation call failed\n" );
120120 return GNUTLS_E_CERTIFICATE_ERROR ;
121121 }
122122
123123 if (status & GNUTLS_CERT_INVALID )
124- rfbClientLogEx (client , "The certificate is not trusted.\n" );
124+ rfbClientLogEx (sptr , "The certificate is not trusted.\n" );
125125
126126 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND )
127- rfbClientLogEx (client , "The certificate hasn't got a known issuer.\n" );
127+ rfbClientLogEx (sptr , "The certificate hasn't got a known issuer.\n" );
128128
129129 if (status & GNUTLS_CERT_REVOKED )
130- rfbClientLogEx (client , "The certificate has been revoked.\n" );
130+ rfbClientLogEx (sptr , "The certificate has been revoked.\n" );
131131
132132 if (status & GNUTLS_CERT_EXPIRED )
133- rfbClientLogEx (client , "The certificate has expired\n" );
133+ rfbClientLogEx (sptr , "The certificate has expired\n" );
134134
135135 if (status & GNUTLS_CERT_NOT_ACTIVATED )
136- rfbClientLogEx (client , "The certificate is not yet activated\n" );
136+ rfbClientLogEx (sptr , "The certificate is not yet activated\n" );
137137
138138 /* status would be 0 if cert was trusted */
139139 if (status )
140140 {
141141 if (gnutls_certificate_type_get (session ) != GNUTLS_CRT_X509 ) {
142- rfbClientErrEx (client , "The certificate was not X509\n" );
142+ rfbClientErrEx (sptr , "The certificate was not X509\n" );
143143 return GNUTLS_E_CERTIFICATE_ERROR ;
144144 }
145145
146146 if (gnutls_x509_crt_init (& cert ) < 0 )
147147 {
148- rfbClientErrEx (client , "Error initialising certificate structure\n" );
148+ rfbClientErrEx (sptr , "Error initialising certificate structure\n" );
149149 return GNUTLS_E_CERTIFICATE_ERROR ;
150150 }
151151
152152 cert_list = gnutls_certificate_get_peers (session , & cert_list_size );
153153 if (cert_list == NULL )
154154 {
155- rfbClientErrEx (client , "No certificate was found!\n" );
155+ rfbClientErrEx (sptr , "No certificate was found!\n" );
156156 return GNUTLS_E_CERTIFICATE_ERROR ;
157157 }
158158
159159 if (gnutls_x509_crt_import (cert , & cert_list [0 ], GNUTLS_X509_FMT_DER ) < 0 )
160160 {
161- rfbClientErrEx (client , "Error parsing certificate\n" );
161+ rfbClientErrEx (sptr , "Error parsing certificate\n" );
162162 return GNUTLS_E_CERTIFICATE_ERROR ;
163163 }
164164
@@ -169,7 +169,7 @@ verify_certificate_callback (gnutls_session_t session)
169169
170170 if (gnutls_x509_crt_get_fingerprint (cert , GNUTLS_DIG_SHA256 , remote_fingerprint , & fingerprint_size ) == 0 ) {
171171 if (memcmp (remote_fingerprint , cred -> x509Credential .x509ExpectedFingerprint , 32 ) == 0 ) {
172- rfbClientLogEx (client , "The certificate's fingerprint matched the expected one - accepting.\n" );
172+ rfbClientLogEx (sptr , "The certificate's fingerprint matched the expected one - accepting.\n" );
173173 gnutls_x509_crt_deinit (cert );
174174 return 0 ;
175175 }
@@ -178,7 +178,7 @@ verify_certificate_callback (gnutls_session_t session)
178178
179179 /* Fingerprint didn't match or no expected fingerprint - ask user */
180180 if (cert_fingerprint_mismatch_callback (sptr , cert )) {
181- rfbClientLogEx (client , "User decided to trust certificate - accepting.\n" );
181+ rfbClientLogEx (sptr , "User decided to trust certificate - accepting.\n" );
182182 gnutls_x509_crt_deinit (cert );
183183 return 0 ;
184184 }
@@ -189,32 +189,32 @@ verify_certificate_callback (gnutls_session_t session)
189189
190190 /* Certificate is trusted by system CA or via given rfbCredential.x509Credential.x509CACertfile */
191191 if (gnutls_certificate_type_get (session ) != GNUTLS_CRT_X509 ) {
192- rfbClientLogEx (client , "The certificate was not X509\n" );
192+ rfbClientLogEx (sptr , "The certificate was not X509\n" );
193193 return GNUTLS_E_CERTIFICATE_ERROR ;
194194 }
195195
196196 if (gnutls_x509_crt_init (& cert ) < 0 )
197197 {
198- rfbClientLogEx (client , "Error initialising certificate structure\n" );
198+ rfbClientLogEx (sptr , "Error initialising certificate structure\n" );
199199 return GNUTLS_E_CERTIFICATE_ERROR ;
200200 }
201201
202202 cert_list = gnutls_certificate_get_peers (session , & cert_list_size );
203203 if (cert_list == NULL )
204204 {
205- rfbClientLogEx (client , "No certificate was found!\n" );
205+ rfbClientLogEx (sptr , "No certificate was found!\n" );
206206 return GNUTLS_E_CERTIFICATE_ERROR ;
207207 }
208208
209209 if (gnutls_x509_crt_import (cert , & cert_list [0 ], GNUTLS_X509_FMT_DER ) < 0 )
210210 {
211- rfbClientLogEx (client , "Error parsing certificate\n" );
211+ rfbClientLogEx (sptr , "Error parsing certificate\n" );
212212 return GNUTLS_E_CERTIFICATE_ERROR ;
213213 }
214214
215215 if (!gnutls_x509_crt_check_hostname (cert , hostname ))
216216 {
217- rfbClientLogEx (client , "The certificate's owner does not match hostname '%s'\n" ,
217+ rfbClientLogEx (sptr , "The certificate's owner does not match hostname '%s'\n" ,
218218 hostname );
219219 return GNUTLS_E_CERTIFICATE_ERROR ;
220220 }
@@ -235,10 +235,10 @@ InitializeTLS(void)
235235 (ret = gnutls_dh_params_init (& rfbDHParams )) < 0 ||
236236 (ret = gnutls_dh_params_generate2 (rfbDHParams , DH_BITS )) < 0 )
237237 {
238- rfbClientLogEx ( client , "Failed to initialized GnuTLS: %s.\n" , gnutls_strerror (ret ));
238+ rfbClientLog ( "Failed to initialized GnuTLS: %s.\n" , gnutls_strerror (ret ));
239239 return FALSE;
240240 }
241- rfbClientLogEx ( client , "GnuTLS version %s initialized.\n" , gnutls_check_version (NULL ));
241+ rfbClientLog ( "GnuTLS version %s initialized.\n" , gnutls_check_version (NULL ));
242242 rfbTLSInitialized = TRUE;
243243 return TRUE;
244244}
@@ -512,49 +512,49 @@ CreateX509CertCredential(rfbCredential *cred)
512512
513513 if ((ret = gnutls_certificate_allocate_credentials (& x509_cred )) < 0 )
514514 {
515- rfbClientLogEx ( client , "Cannot allocate credentials: %s.\n" , gnutls_strerror (ret ));
515+ rfbClientLog ( "Cannot allocate credentials: %s.\n" , gnutls_strerror (ret ));
516516 return NULL ;
517517 }
518518 if (cred -> x509Credential .x509CACertFile )
519519 {
520520 if ((ret = gnutls_certificate_set_x509_trust_file (x509_cred ,
521521 cred -> x509Credential .x509CACertFile , GNUTLS_X509_FMT_PEM )) < 0 )
522522 {
523- rfbClientLogEx ( client , "Cannot load CA credentials: %s.\n" , gnutls_strerror (ret ));
523+ rfbClientLog ( "Cannot load CA credentials: %s.\n" , gnutls_strerror (ret ));
524524 gnutls_certificate_free_credentials (x509_cred );
525525 return NULL ;
526526 }
527527 } else
528528 {
529529 int certs = gnutls_certificate_set_x509_system_trust (x509_cred );
530- rfbClientLogEx ( client , "Using default paths for certificate verification, %d certs found\n" , certs );
530+ rfbClientLog ( "Using default paths for certificate verification, %d certs found\n" , certs );
531531 }
532532 if (cred -> x509Credential .x509ClientCertFile && cred -> x509Credential .x509ClientKeyFile )
533533 {
534534 if ((ret = gnutls_certificate_set_x509_key_file (x509_cred ,
535535 cred -> x509Credential .x509ClientCertFile , cred -> x509Credential .x509ClientKeyFile ,
536536 GNUTLS_X509_FMT_PEM )) < 0 )
537537 {
538- rfbClientLogEx ( client , "Cannot load client certificate or key: %s.\n" , gnutls_strerror (ret ));
538+ rfbClientLog ( "Cannot load client certificate or key: %s.\n" , gnutls_strerror (ret ));
539539 gnutls_certificate_free_credentials (x509_cred );
540540 return NULL ;
541541 }
542542 } else
543543 {
544- rfbClientLogEx ( client , "No client certificate or key provided.\n" );
544+ rfbClientLog ( "No client certificate or key provided.\n" );
545545 }
546546 if (cred -> x509Credential .x509CACrlFile )
547547 {
548548 if ((ret = gnutls_certificate_set_x509_crl_file (x509_cred ,
549549 cred -> x509Credential .x509CACrlFile , GNUTLS_X509_FMT_PEM )) < 0 )
550550 {
551- rfbClientLogEx ( client , "Cannot load CRL: %s.\n" , gnutls_strerror (ret ));
551+ rfbClientLog ( "Cannot load CRL: %s.\n" , gnutls_strerror (ret ));
552552 gnutls_certificate_free_credentials (x509_cred );
553553 return NULL ;
554554 }
555555 } else
556556 {
557- rfbClientLogEx ( client , "No CRL provided.\n" );
557+ rfbClientLog ( "No CRL provided.\n" );
558558 }
559559 gnutls_certificate_set_dh_params (x509_cred , rfbDHParams );
560560 return x509_cred ;
0 commit comments