Sync up documentation and other changes from CUPS 2.x.

michaelrsweet · michaelrsweet · commit 2f33ee75bb50 · 2025-10-21T20:06:48.000-04:00
diff --git a/cups/auth.c b/cups/auth.c
@@ -83,10 +83,7 @@ cupsDoAuthentication(
     }
   }
 
-  //
   // Nope, loop through the authentication schemes to find the first we support.
-  //
-
   www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
 
   for (schemedata = cups_auth_scheme(www_auth, scheme, sizeof(scheme)); schemedata; schemedata = cups_auth_scheme(schemedata + strlen(scheme), scheme, sizeof(scheme)))
@@ -147,8 +144,8 @@ cupsDoAuthentication(
 
       cupsLangFormatString(cg->lang_default, prompt, sizeof(prompt), _("Password for %s on %s? "), cupsGetUser(), http->hostname[0] == '/' ? "localhost" : http->hostname);
 
-      http->digest_tries  = _cups_strncasecmp(scheme, "Digest", 6) != 0;
-      http->userpass[0]   = '\0';
+      http->digest_tries = _cups_strncasecmp(scheme, "Digest", 6) != 0;
+      http->userpass[0]  = '\0';
 
       if ((password = cupsGetPassword(prompt, http, method, resource)) == NULL)
       {
@@ -358,7 +355,8 @@ cups_auth_param(const char *scheme,		// I - Pointer to auth data
       scheme ++;
     }
 
-    // If this wasn't a parameter, we are at the end of this scheme's parameters...
+    // If this wasn't a parameter, we are at the end of this scheme's
+    // parameters...
     if (!param)
       break;
   }
@@ -374,7 +372,7 @@ cups_auth_param(const char *scheme,		// I - Pointer to auth data
 //
 // 'cups_auth_scheme()' - Get the (next) WWW-Authenticate scheme.
 //
-// The "www_authenticate" parameter points to the current position in the header.
+// The "www_authenticate" argument points to the current position in the header.
 //
 // Returns `NULL` if there are no (more) auth schemes present.
 //
@@ -390,7 +388,7 @@ cups_auth_scheme(const char *www_authenticate,	// I - Pointer into WWW-Authentic
   bool		param;				// Is this a parameter?
 
 
-  DEBUG_printf("8cups_auth_scheme(www_authenticate=\"%s\", scheme=%p, schemesize=%d)", www_authenticate, (void *)scheme, (int)schemesize);
+  DEBUG_printf("8cups_auth_scheme(www_authenticate=\"%s\", scheme=%p, schemesize=%u)", www_authenticate, (void *)scheme, (unsigned)schemesize);
 
   while (*www_authenticate)
   {
@@ -439,7 +437,7 @@ cups_auth_scheme(const char *www_authenticate,	// I - Pointer into WWW-Authentic
 
 
 //
-// 'cups_do_local_auth()' - Use local peer credentials if available/applicable.
+// 'cups_do_local_auth()' - Use local credentials if available/applicable.
 //
 
 static bool				// O - `true` if authorized, `false` otherwise
diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c
@@ -1876,7 +1876,12 @@ _httpTLSStart(http_t *http)		// I - Connection to server
     return (false);
   }
 
-  cupsCopyString(priority_string, "NORMAL", sizeof(priority_string));
+  if (tls_options & _HTTP_TLS_NO_SYSTEM)
+    priority_string[0] = '\0';
+  else
+    cupsCopyString(priority_string, "@SYSTEM,", sizeof(priority_string));
+
+  cupsConcatString(priority_string, "NORMAL", sizeof(priority_string));
 
   if (tls_max_version < _HTTP_TLS_MAX)
   {
@@ -1984,7 +1989,7 @@ _httpTLSStop(http_t *http)		// I - Connection to server
   int	error;				// Error code
 
 
-  error = gnutls_bye(http->tls, http->mode == _HTTP_MODE_CLIENT ? GNUTLS_SHUT_RDWR : GNUTLS_SHUT_WR);
+  error = gnutls_bye(http->tls, GNUTLS_SHUT_RDWR);
   if (error != GNUTLS_E_SUCCESS)
     _cupsSetError(IPP_STATUS_ERROR_INTERNAL, gnutls_strerror(errno), 0);
 
diff --git a/cups/tls-openssl.c b/cups/tls-openssl.c
@@ -284,7 +284,7 @@ cupsCreateCredentials(
   cups_credusage_t usage_bit;		// Current usage
 
 
-  DEBUG_printf("cupsCreateCredentials(path=\"%s\", ca_cert=%s, purpose=0x%x, type=%d, usage=0x%x, organization=\"%s\", org_unit=\"%s\", locality=\"%s\", state_province=\"%s\", country=\"%s\", common_name=\"%s\", num_alt_names=%u, alt_names=%p, root_name=\"%s\", expiration_date=%ld)", path, ca_cert ? "true" : "false", purpose, type, usage, organization, org_unit, locality, state_province, country, common_name, (unsigned)num_alt_names, alt_names, root_name, (long)expiration_date);
+  DEBUG_printf("cupsCreateCredentials(path=\"%s\", ca_cert=%s, purpose=0x%x, type=%d, usage=0x%x, organization=\"%s\", org_unit=\"%s\", locality=\"%s\", state_province=\"%s\", country=\"%s\", common_name=\"%s\", num_alt_names=%u, alt_names=%p, root_name=\"%s\", expiration_date=%ld)", path, ca_cert ? "true" : "false", purpose, type, usage, organization, org_unit, locality, state_province, country, common_name, (unsigned)num_alt_names, (void *)alt_names, root_name, (long)expiration_date);
 
   // Filenames...
   if (!path)
@@ -600,7 +600,7 @@ cupsCreateCredentialsRequest(
   cups_credusage_t usage_bit;		// Current usage
 
 
-  DEBUG_printf("cupsCreateCredentialsRequest(path=\"%s\", purpose=0x%x, type=%d, usage=0x%x, organization=\"%s\", org_unit=\"%s\", locality=\"%s\", state_province=\"%s\", country=\"%s\", common_name=\"%s\", num_alt_names=%u, alt_names=%p)", path, purpose, type, usage, organization, org_unit, locality, state_province, country, common_name, (unsigned)num_alt_names, alt_names);
+  DEBUG_printf("cupsCreateCredentialsRequest(path=\"%s\", purpose=0x%x, type=%d, usage=0x%x, organization=\"%s\", org_unit=\"%s\", locality=\"%s\", state_province=\"%s\", country=\"%s\", common_name=\"%s\", num_alt_names=%u, alt_names=%p)", path, purpose, type, usage, organization, org_unit, locality, state_province, country, common_name, (unsigned)num_alt_names, (void *)alt_names);
 
   // Filenames...
   if (!path)
@@ -777,7 +777,7 @@ cupsGetCredentialsInfo(
 
 
   // Range check input...
-  DEBUG_printf("cupsGetCredentialsInfo(credentials=%p, buffer=%p, bufsize=" CUPS_LLFMT ")", credentials, buffer, CUPS_LLCAST bufsize);
+  DEBUG_printf("cupsGetCredentialsInfo(credentials=%p, buffer=%p, bufsize=" CUPS_LLFMT ")", credentials, (void *)buffer, CUPS_LLCAST bufsize);
 
   if (buffer)
     *buffer = '\0';
@@ -898,7 +898,7 @@ cupsGetCredentialsTrust(
   _cups_globals_t *cg = _cupsGlobals();	// Per-thread globals
 
 
-  DEBUG_printf("cupsGetCredentialsTrust(path=\"%s\", common_name=\"%s\", credentials=%p, require_ca=%s)", path, common_name, (void *)credentials, require_ca ? "true" : "false");
+  DEBUG_printf("cupsGetCredentialsTrust(path=\"%s\", common_name=\"%s\", credentials=\"%lu bytes\", require_ca=%s)", path, common_name, (unsigned long)(credentials ? strlen(credentials) : 0), require_ca ? "true" : "false");
 
   // Range check input...
   if (!path)
@@ -1135,7 +1135,7 @@ cupsSignCredentialsRequest(
 		saw_san = false;	// Saw NID_subject_alt_name?
 
 
-  DEBUG_printf("cupsSignCredentialsRequest(path=\"%s\", common_name=\"%s\", request=\"%s\", root_name=\"%s\", allowed_purpose=0x%x, allowed_usage=0x%x, cb=%p, cb_data=%p, expiration_date=%ld)", path, common_name, request, root_name, allowed_purpose, allowed_usage, cb, cb_data, (long)expiration_date);
+  DEBUG_printf("cupsSignCredentialsRequest(path=\"%s\", common_name=\"%s\", request=\"%s\", root_name=\"%s\", allowed_purpose=0x%x, allowed_usage=0x%x, cb=%p, cb_data=%p, expiration_date=%ld)", path, common_name, request, root_name, allowed_purpose, allowed_usage, (void *)cb, cb_data, (long)expiration_date);
 
   // Filenames...
   if (!path)
@@ -1482,14 +1482,14 @@ httpCopyPeerCredentials(http_t *http)	// I - Connection to server
   STACK_OF(X509) *chain;		// Certificate chain
 
 
-  DEBUG_printf("httpCopyPeerCredentials(http=%p)", http);
+  DEBUG_printf("httpCopyPeerCredentials(http=%p)", (void *)http);
 
   if (http && http->tls)
   {
     // Get the chain of certificates for the remote end...
     chain = SSL_get_peer_cert_chain(http->tls);
 
-    DEBUG_printf("1httpCopyPeerCredentials: chain=%p", chain);
+    DEBUG_printf("1httpCopyPeerCredentials: chain=%p", (void *)chain);
 
     if (chain)
     {
@@ -1504,7 +1504,7 @@ httpCopyPeerCredentials(http_t *http)	// I - Connection to server
 	BIO	*bio = BIO_new(BIO_s_mem());
 					  // Memory buffer for cert
 
-        DEBUG_printf("1httpCopyPeerCredentials: chain[%d/%d]=%p", i + 1, count, cert);
+        DEBUG_printf("1httpCopyPeerCredentials: chain[%d/%d]=%p", i + 1, count, (void *)cert);
 
 #ifdef DEBUG
 	char subjectName[256], issuerName[256];
@@ -1514,7 +1514,7 @@ httpCopyPeerCredentials(http_t *http)	// I - Connection to server
 
 	STACK_OF(GENERAL_NAME) *names;	// subjectAltName values
 	names = X509_get_ext_d2i(cert, NID_subject_alt_name, /*crit*/NULL, /*idx*/NULL);
-	DEBUG_printf("1httpCopyPeerCredentials: subjectAltNames=%p(%d)", names, names ? sk_GENERAL_NAME_num(names) : 0);
+	DEBUG_printf("1httpCopyPeerCredentials: subjectAltNames=%p(%d)", (void *)names, names ? sk_GENERAL_NAME_num(names) : 0);
         if (names)
           GENERAL_NAMES_free(names);
 #endif // DEBUG
@@ -1600,7 +1600,7 @@ _httpCreateCredentials(
     }
   }
 
-  DEBUG_printf("1_httpCreateCredentials: Returning %p.", hcreds);
+  DEBUG_printf("1_httpCreateCredentials: Returning %p.", (void *)hcreds);
 
   return (hcreds);
 }
@@ -1754,7 +1754,7 @@ _httpTLSStart(http_t *http)		// I - Connection to server
   };
 
 
-  DEBUG_printf("3_httpTLSStart(http=%p)", http);
+  DEBUG_printf("3_httpTLSStart(http=%p)", (void *)http);
 
   if (!cg->client_conf_loaded)
   {
@@ -1822,7 +1822,7 @@ _httpTLSStart(http_t *http)		// I - Connection to server
       {
 	// Resolve hostname from connection address...
 	http_addr_t	addr;		// Connection address
-	socklen_t		addrlen;	// Length of address
+	socklen_t	addrlen;	// Length of address
 
 	addrlen = sizeof(addr);
 	if (getsockname(http->fd, (struct sockaddr *)&addr, &addrlen))
