Skip to content

Commit 2b11dfb

Browse files
committed
libvncclient: fix GnuTLS client-aware log scope
1 parent 8da0ae8 commit 2b11dfb

1 file changed

Lines changed: 29 additions & 29 deletions

File tree

src/libvncclient/tls_gnutls.c

Lines changed: 29 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -92,21 +92,21 @@ verify_certificate_callback (gnutls_session_t session)
9292

9393
TLSCallbackData *callback_data = (TLSCallbackData *)gnutls_session_get_ptr(session);
9494
if (!callback_data) {
95-
rfbClientErrEx(client, "Failed to validate certificate - missing callback data\n");
95+
rfbClientErr("Failed to validate certificate - missing callback data\n");
9696
return GNUTLS_E_CERTIFICATE_ERROR;
9797
}
9898

9999
sptr = callback_data->rfbClient;
100100
cred = callback_data->rfbCredential;
101101

102102
if (!sptr) {
103-
rfbClientLogEx(client, "Failed to validate certificate - missing client data\n");
103+
rfbClientLog("Failed to validate certificate - missing client data\n");
104104
return GNUTLS_E_CERTIFICATE_ERROR;
105105
}
106106

107107
hostname = sptr->serverHost;
108108
if (!hostname) {
109-
rfbClientLogEx(client, "No server hostname found for client\n");
109+
rfbClientLogEx(sptr, "No server hostname found for client\n");
110110
return GNUTLS_E_CERTIFICATE_ERROR;
111111
}
112112

@@ -116,49 +116,49 @@ verify_certificate_callback (gnutls_session_t session)
116116
ret = gnutls_certificate_verify_peers2 (session, &status);
117117
if (ret < 0)
118118
{
119-
rfbClientLogEx(client, "Certificate validation call failed\n");
119+
rfbClientLogEx(sptr, "Certificate validation call failed\n");
120120
return GNUTLS_E_CERTIFICATE_ERROR;
121121
}
122122

123123
if (status & GNUTLS_CERT_INVALID)
124-
rfbClientLogEx(client, "The certificate is not trusted.\n");
124+
rfbClientLogEx(sptr, "The certificate is not trusted.\n");
125125

126126
if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
127-
rfbClientLogEx(client, "The certificate hasn't got a known issuer.\n");
127+
rfbClientLogEx(sptr, "The certificate hasn't got a known issuer.\n");
128128

129129
if (status & GNUTLS_CERT_REVOKED)
130-
rfbClientLogEx(client, "The certificate has been revoked.\n");
130+
rfbClientLogEx(sptr, "The certificate has been revoked.\n");
131131

132132
if (status & GNUTLS_CERT_EXPIRED)
133-
rfbClientLogEx(client, "The certificate has expired\n");
133+
rfbClientLogEx(sptr, "The certificate has expired\n");
134134

135135
if (status & GNUTLS_CERT_NOT_ACTIVATED)
136-
rfbClientLogEx(client, "The certificate is not yet activated\n");
136+
rfbClientLogEx(sptr, "The certificate is not yet activated\n");
137137

138138
/* status would be 0 if cert was trusted */
139139
if (status)
140140
{
141141
if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509) {
142-
rfbClientErrEx(client, "The certificate was not X509\n");
142+
rfbClientErrEx(sptr, "The certificate was not X509\n");
143143
return GNUTLS_E_CERTIFICATE_ERROR;
144144
}
145145

146146
if (gnutls_x509_crt_init (&cert) < 0)
147147
{
148-
rfbClientErrEx(client, "Error initialising certificate structure\n");
148+
rfbClientErrEx(sptr, "Error initialising certificate structure\n");
149149
return GNUTLS_E_CERTIFICATE_ERROR;
150150
}
151151

152152
cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
153153
if (cert_list == NULL)
154154
{
155-
rfbClientErrEx(client, "No certificate was found!\n");
155+
rfbClientErrEx(sptr, "No certificate was found!\n");
156156
return GNUTLS_E_CERTIFICATE_ERROR;
157157
}
158158

159159
if (gnutls_x509_crt_import (cert, &cert_list[0], GNUTLS_X509_FMT_DER) < 0)
160160
{
161-
rfbClientErrEx(client, "Error parsing certificate\n");
161+
rfbClientErrEx(sptr, "Error parsing certificate\n");
162162
return GNUTLS_E_CERTIFICATE_ERROR;
163163
}
164164

@@ -169,7 +169,7 @@ verify_certificate_callback (gnutls_session_t session)
169169

170170
if (gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_SHA256, remote_fingerprint, &fingerprint_size) == 0) {
171171
if (memcmp(remote_fingerprint, cred->x509Credential.x509ExpectedFingerprint, 32) == 0) {
172-
rfbClientLogEx(client, "The certificate's fingerprint matched the expected one - accepting.\n");
172+
rfbClientLogEx(sptr, "The certificate's fingerprint matched the expected one - accepting.\n");
173173
gnutls_x509_crt_deinit (cert);
174174
return 0;
175175
}
@@ -178,7 +178,7 @@ verify_certificate_callback (gnutls_session_t session)
178178

179179
/* Fingerprint didn't match or no expected fingerprint - ask user */
180180
if (cert_fingerprint_mismatch_callback(sptr, cert)) {
181-
rfbClientLogEx(client, "User decided to trust certificate - accepting.\n");
181+
rfbClientLogEx(sptr, "User decided to trust certificate - accepting.\n");
182182
gnutls_x509_crt_deinit (cert);
183183
return 0;
184184
}
@@ -189,32 +189,32 @@ verify_certificate_callback (gnutls_session_t session)
189189

190190
/* Certificate is trusted by system CA or via given rfbCredential.x509Credential.x509CACertfile */
191191
if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509) {
192-
rfbClientLogEx(client, "The certificate was not X509\n");
192+
rfbClientLogEx(sptr, "The certificate was not X509\n");
193193
return GNUTLS_E_CERTIFICATE_ERROR;
194194
}
195195

196196
if (gnutls_x509_crt_init (&cert) < 0)
197197
{
198-
rfbClientLogEx(client, "Error initialising certificate structure\n");
198+
rfbClientLogEx(sptr, "Error initialising certificate structure\n");
199199
return GNUTLS_E_CERTIFICATE_ERROR;
200200
}
201201

202202
cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
203203
if (cert_list == NULL)
204204
{
205-
rfbClientLogEx(client, "No certificate was found!\n");
205+
rfbClientLogEx(sptr, "No certificate was found!\n");
206206
return GNUTLS_E_CERTIFICATE_ERROR;
207207
}
208208

209209
if (gnutls_x509_crt_import (cert, &cert_list[0], GNUTLS_X509_FMT_DER) < 0)
210210
{
211-
rfbClientLogEx(client, "Error parsing certificate\n");
211+
rfbClientLogEx(sptr, "Error parsing certificate\n");
212212
return GNUTLS_E_CERTIFICATE_ERROR;
213213
}
214214

215215
if (!gnutls_x509_crt_check_hostname (cert, hostname))
216216
{
217-
rfbClientLogEx(client, "The certificate's owner does not match hostname '%s'\n",
217+
rfbClientLogEx(sptr, "The certificate's owner does not match hostname '%s'\n",
218218
hostname);
219219
return GNUTLS_E_CERTIFICATE_ERROR;
220220
}
@@ -235,10 +235,10 @@ InitializeTLS(void)
235235
(ret = gnutls_dh_params_init(&rfbDHParams)) < 0 ||
236236
(ret = gnutls_dh_params_generate2(rfbDHParams, DH_BITS)) < 0)
237237
{
238-
rfbClientLogEx(client, "Failed to initialized GnuTLS: %s.\n", gnutls_strerror(ret));
238+
rfbClientLog("Failed to initialized GnuTLS: %s.\n", gnutls_strerror(ret));
239239
return FALSE;
240240
}
241-
rfbClientLogEx(client, "GnuTLS version %s initialized.\n", gnutls_check_version(NULL));
241+
rfbClientLog("GnuTLS version %s initialized.\n", gnutls_check_version(NULL));
242242
rfbTLSInitialized = TRUE;
243243
return TRUE;
244244
}
@@ -512,49 +512,49 @@ CreateX509CertCredential(rfbCredential *cred)
512512

513513
if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0)
514514
{
515-
rfbClientLogEx(client, "Cannot allocate credentials: %s.\n", gnutls_strerror(ret));
515+
rfbClientLog("Cannot allocate credentials: %s.\n", gnutls_strerror(ret));
516516
return NULL;
517517
}
518518
if (cred->x509Credential.x509CACertFile)
519519
{
520520
if ((ret = gnutls_certificate_set_x509_trust_file(x509_cred,
521521
cred->x509Credential.x509CACertFile, GNUTLS_X509_FMT_PEM)) < 0)
522522
{
523-
rfbClientLogEx(client, "Cannot load CA credentials: %s.\n", gnutls_strerror(ret));
523+
rfbClientLog("Cannot load CA credentials: %s.\n", gnutls_strerror(ret));
524524
gnutls_certificate_free_credentials (x509_cred);
525525
return NULL;
526526
}
527527
} else
528528
{
529529
int certs = gnutls_certificate_set_x509_system_trust (x509_cred);
530-
rfbClientLogEx(client, "Using default paths for certificate verification, %d certs found\n", certs);
530+
rfbClientLog("Using default paths for certificate verification, %d certs found\n", certs);
531531
}
532532
if (cred->x509Credential.x509ClientCertFile && cred->x509Credential.x509ClientKeyFile)
533533
{
534534
if ((ret = gnutls_certificate_set_x509_key_file(x509_cred,
535535
cred->x509Credential.x509ClientCertFile, cred->x509Credential.x509ClientKeyFile,
536536
GNUTLS_X509_FMT_PEM)) < 0)
537537
{
538-
rfbClientLogEx(client, "Cannot load client certificate or key: %s.\n", gnutls_strerror(ret));
538+
rfbClientLog("Cannot load client certificate or key: %s.\n", gnutls_strerror(ret));
539539
gnutls_certificate_free_credentials (x509_cred);
540540
return NULL;
541541
}
542542
} else
543543
{
544-
rfbClientLogEx(client, "No client certificate or key provided.\n");
544+
rfbClientLog("No client certificate or key provided.\n");
545545
}
546546
if (cred->x509Credential.x509CACrlFile)
547547
{
548548
if ((ret = gnutls_certificate_set_x509_crl_file(x509_cred,
549549
cred->x509Credential.x509CACrlFile, GNUTLS_X509_FMT_PEM)) < 0)
550550
{
551-
rfbClientLogEx(client, "Cannot load CRL: %s.\n", gnutls_strerror(ret));
551+
rfbClientLog("Cannot load CRL: %s.\n", gnutls_strerror(ret));
552552
gnutls_certificate_free_credentials (x509_cred);
553553
return NULL;
554554
}
555555
} else
556556
{
557-
rfbClientLogEx(client, "No CRL provided.\n");
557+
rfbClientLog("No CRL provided.\n");
558558
}
559559
gnutls_certificate_set_dh_params (x509_cred, rfbDHParams);
560560
return x509_cred;

0 commit comments

Comments
 (0)