diff options
author | Martin Willi <martin@revosec.ch> | 2010-08-20 15:57:47 +0200 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2010-08-23 09:47:03 +0200 |
commit | 3c19b3461f835b901395b3335d6456ca60dbe5ab (patch) | |
tree | 48b72a86bd7fa4ec3f14ff3240cae96d15334eb8 | |
parent | 0bcef5fe7a8f5fdd3b3e782f033b34ddc7e11ed1 (diff) | |
download | strongswan-3c19b3461f835b901395b3335d6456ca60dbe5ab.tar.bz2 strongswan-3c19b3461f835b901395b3335d6456ca60dbe5ab.tar.xz |
Introducing a dedicated debug message group for libtls
-rw-r--r-- | src/libstrongswan/debug.c | 2 | ||||
-rw-r--r-- | src/libstrongswan/debug.h | 2 | ||||
-rw-r--r-- | src/libtls/tls_crypto.c | 22 | ||||
-rw-r--r-- | src/libtls/tls_fragmentation.c | 12 | ||||
-rw-r--r-- | src/libtls/tls_peer.c | 46 | ||||
-rw-r--r-- | src/libtls/tls_protection.c | 12 | ||||
-rw-r--r-- | src/libtls/tls_reader.c | 10 | ||||
-rw-r--r-- | src/libtls/tls_server.c | 46 |
8 files changed, 78 insertions, 74 deletions
diff --git a/src/libstrongswan/debug.c b/src/libstrongswan/debug.c index 21a7e63dd..deb048bc0 100644 --- a/src/libstrongswan/debug.c +++ b/src/libstrongswan/debug.c @@ -27,6 +27,7 @@ ENUM(debug_names, DBG_DMN, DBG_LIB, "KNL", "NET", "ENC", + "TLS", "LIB", ); @@ -40,6 +41,7 @@ ENUM(debug_lower_names, DBG_DMN, DBG_LIB, "knl", "net", "enc", + "tls", "lib", ); diff --git a/src/libstrongswan/debug.h b/src/libstrongswan/debug.h index a21111d93..e23ceed73 100644 --- a/src/libstrongswan/debug.h +++ b/src/libstrongswan/debug.h @@ -50,6 +50,8 @@ enum debug_t { DBG_NET, /** message encoding/decoding */ DBG_ENC, + /** libtls */ + DBG_TLS, /** libstrongswan */ DBG_LIB, /** number of groups */ diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c index f3df4970f..26e4dfa41 100644 --- a/src/libtls/tls_crypto.c +++ b/src/libtls/tls_crypto.c @@ -490,10 +490,10 @@ static void build_cipher_suite_list(private_tls_crypto_t *this, this->suite_count = count; this->suites = malloc(sizeof(tls_cipher_suite_t) * count); - DBG2(DBG_CFG, "%d supported TLS cipher suites:", count); + DBG2(DBG_TLS, "%d supported TLS cipher suites:", count); for (i = 0; i < count; i++) { - DBG2(DBG_CFG, " %N", tls_cipher_suite_names, suites[i].suite); + DBG2(DBG_TLS, " %N", tls_cipher_suite_names, suites[i].suite); this->suites[i] = suites[i].suite; } } @@ -515,7 +515,7 @@ static bool create_ciphers(private_tls_crypto_t *this, tls_cipher_suite_t suite) algs = find_suite(suite); if (!algs) { - DBG1(DBG_IKE, "selected TLS suite not supported"); + DBG1(DBG_TLS, "selected TLS suite not supported"); return FALSE; } @@ -530,7 +530,7 @@ static bool create_ciphers(private_tls_crypto_t *this, tls_cipher_suite_t suite) } if (!this->prf) { - DBG1(DBG_IKE, "selected TLS PRF not supported"); + DBG1(DBG_TLS, "selected TLS PRF not supported"); return FALSE; } @@ -540,7 +540,7 @@ static bool create_ciphers(private_tls_crypto_t *this, tls_cipher_suite_t suite) this->signer_out = lib->crypto->create_signer(lib->crypto, algs->mac); if (!this->signer_in || !this->signer_out) { - DBG1(DBG_IKE, "selected TLS MAC %N not supported", + DBG1(DBG_TLS, "selected TLS MAC %N not supported", integrity_algorithm_names, algs->mac); return FALSE; } @@ -559,7 +559,7 @@ static bool create_ciphers(private_tls_crypto_t *this, tls_cipher_suite_t suite) algs->encr, algs->encr_size); if (!this->crypter_in || !this->crypter_out) { - DBG1(DBG_IKE, "selected TLS crypter %N not supported", + DBG1(DBG_TLS, "selected TLS crypter %N not supported", encryption_algorithm_names, algs->encr); return FALSE; } @@ -624,7 +624,7 @@ static bool hash_handshake(private_tls_crypto_t *this, chunk_t *hash) hasher = lib->crypto->create_hasher(lib->crypto, alg->hash); if (!hasher) { - DBG1(DBG_IKE, "%N not supported", hash_algorithm_names, alg->hash); + DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, alg->hash); return FALSE; } hasher->allocate_hash(hasher, this->handshake, hash); @@ -638,7 +638,7 @@ static bool hash_handshake(private_tls_crypto_t *this, chunk_t *hash) md5 = lib->crypto->create_hasher(lib->crypto, HASH_MD5); if (!md5) { - DBG1(DBG_IKE, "%N not supported", hash_algorithm_names, HASH_MD5); + DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, HASH_MD5); return FALSE; } md5->get_hash(md5, this->handshake, buf); @@ -646,7 +646,7 @@ static bool hash_handshake(private_tls_crypto_t *this, chunk_t *hash) sha1 = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (!sha1) { - DBG1(DBG_IKE, "%N not supported", hash_algorithm_names, HASH_SHA1); + DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, HASH_SHA1); return FALSE; } sha1->get_hash(sha1, this->handshake, buf + HASH_SIZE_MD5); @@ -704,7 +704,7 @@ METHOD(tls_crypto_t, verify_handshake, bool, !reader->read_uint8(reader, &alg) || !reader->read_data16(reader, &sig)) { - DBG1(DBG_IKE, "received invalid Certificate Verify"); + DBG1(DBG_TLS, "received invalid Certificate Verify"); return FALSE; } /* TODO: map received hash/sig alg to signature scheme */ @@ -720,7 +720,7 @@ METHOD(tls_crypto_t, verify_handshake, bool, if (!reader->read_data16(reader, &sig)) { - DBG1(DBG_IKE, "received invalid Certificate Verify"); + DBG1(DBG_TLS, "received invalid Certificate Verify"); return FALSE; } if (!hash_handshake(this, &hash)) diff --git a/src/libtls/tls_fragmentation.c b/src/libtls/tls_fragmentation.c index 474deaefd..06e1bcb53 100644 --- a/src/libtls/tls_fragmentation.c +++ b/src/libtls/tls_fragmentation.c @@ -88,7 +88,7 @@ static status_t process_handshake(private_tls_fragmentation_t *this, if (reader->remaining(reader) > MAX_TLS_FRAGMENT_LEN) { - DBG1(DBG_IKE, "TLS fragment has invalid length"); + DBG1(DBG_TLS, "TLS fragment has invalid length"); return FAILED; } @@ -102,7 +102,7 @@ static status_t process_handshake(private_tls_fragmentation_t *this, this->type = type; if (len > MAX_TLS_HANDSHAKE_LEN) { - DBG1(DBG_IKE, "TLS handshake message exceeds maximum length"); + DBG1(DBG_TLS, "TLS handshake message exceeds maximum length"); return FAILED; } chunk_free(&this->input); @@ -124,7 +124,7 @@ static status_t process_handshake(private_tls_fragmentation_t *this, if (this->input.len == this->inpos) { /* message completely defragmented, process */ msg = tls_reader_create(this->input); - DBG2(DBG_IKE, "received TLS %N message (%u bytes)", + DBG2(DBG_TLS, "received TLS %N message (%u bytes)", tls_handshake_type_names, this->type, 4 + this->input.len); status = this->handshake->process(this->handshake, this->type, msg); msg->destroy(msg); @@ -150,7 +150,7 @@ static status_t process_application(private_tls_fragmentation_t *this, if (reader->remaining(reader) > MAX_TLS_FRAGMENT_LEN) { - DBG1(DBG_IKE, "TLS fragment has invalid length"); + DBG1(DBG_TLS, "TLS fragment has invalid length"); return FAILED; } status = this->application->process(this->application, reader); @@ -190,7 +190,7 @@ METHOD(tls_fragmentation_t, process, status_t, status = process_application(this, reader); break; default: - DBG1(DBG_IKE, "received unknown TLS content type %d, ignored", type); + DBG1(DBG_TLS, "received unknown TLS content type %d, ignored", type); status = NEED_MORE; break; } @@ -241,7 +241,7 @@ METHOD(tls_fragmentation_t, build, status_t, hs_data = writer->get_buf(writer); msg->write_uint8(msg, hs_type); msg->write_data24(msg, hs_data); - DBG2(DBG_IKE, "sending TLS %N message (%u bytes)", + DBG2(DBG_TLS, "sending TLS %N message (%u bytes)", tls_handshake_type_names, hs_type, 4 + hs_data.len); break; case INVALID_STATE: diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c index 1bba3b288..09364d53b 100644 --- a/src/libtls/tls_peer.c +++ b/src/libtls/tls_peer.c @@ -124,7 +124,7 @@ static status_t process_server_hello(private_tls_peer_t *this, !reader->read_uint8(reader, &compression) || (reader->remaining(reader) && !reader->read_data16(reader, &ext))) { - DBG1(DBG_IKE, "received invalid ServerHello"); + DBG1(DBG_TLS, "received invalid ServerHello"); return FAILED; } @@ -137,11 +137,11 @@ static status_t process_server_hello(private_tls_peer_t *this, suite = cipher; if (!this->crypto->select_cipher_suite(this->crypto, &suite, 1)) { - DBG1(DBG_IKE, "received TLS cipher suite %N inacceptable", + DBG1(DBG_TLS, "received TLS cipher suite %N inacceptable", tls_cipher_suite_names, suite); return FAILED; } - DBG1(DBG_IKE, "negotiated TLS version %N with suite %N", + DBG1(DBG_TLS, "negotiated TLS version %N with suite %N", tls_version_names, version, tls_cipher_suite_names, suite); this->state = STATE_HELLO_RECEIVED; return NEED_MORE; @@ -181,13 +181,13 @@ static status_t process_certificate(private_tls_peer_t *this, { this->server_auth->add(this->server_auth, AUTH_HELPER_SUBJECT_CERT, cert); - DBG1(DBG_IKE, "received TLS server certificate '%Y'", + DBG1(DBG_TLS, "received TLS server certificate '%Y'", cert->get_subject(cert)); first = FALSE; } else { - DBG1(DBG_IKE, "received TLS intermediate certificate '%Y'", + DBG1(DBG_TLS, "received TLS intermediate certificate '%Y'", cert->get_subject(cert)); this->server_auth->add(this->server_auth, AUTH_HELPER_IM_CERT, cert); @@ -195,7 +195,7 @@ static status_t process_certificate(private_tls_peer_t *this, } else { - DBG1(DBG_IKE, "parsing TLS certificate failed, skipped"); + DBG1(DBG_TLS, "parsing TLS certificate failed, skipped"); } } certs->destroy(certs); @@ -245,12 +245,12 @@ static status_t process_certreq(private_tls_peer_t *this, tls_reader_t *reader) CERT_X509, KEY_ANY, id, TRUE); if (cert) { - DBG1(DBG_IKE, "received TLS cert request for '%Y", id); + DBG1(DBG_TLS, "received TLS cert request for '%Y", id); this->peer_auth->add(this->peer_auth, AUTH_RULE_CA_CERT, cert); } else { - DBG1(DBG_IKE, "received TLS cert request for unknown CA '%Y'", id); + DBG1(DBG_TLS, "received TLS cert request for unknown CA '%Y'", id); } id->destroy(id); } @@ -281,17 +281,17 @@ static status_t process_finished(private_tls_peer_t *this, tls_reader_t *reader) if (!reader->read_data(reader, sizeof(buf), &received)) { - DBG1(DBG_IKE, "received server finished too short"); + DBG1(DBG_TLS, "received server finished too short"); return FAILED; } if (!this->crypto->calculate_finished(this->crypto, "server finished", buf)) { - DBG1(DBG_IKE, "calculating server finished failed"); + DBG1(DBG_TLS, "calculating server finished failed"); return FAILED; } if (!chunk_equals(received, chunk_from_thing(buf))) { - DBG1(DBG_IKE, "received server finished invalid"); + DBG1(DBG_TLS, "received server finished invalid"); return FAILED; } this->state = STATE_COMPLETE; @@ -344,11 +344,11 @@ METHOD(tls_handshake_t, process, status_t, expected = TLS_FINISHED; break; default: - DBG1(DBG_IKE, "TLS %N not expected in current state", + DBG1(DBG_TLS, "TLS %N not expected in current state", tls_handshake_type_names, type); return FAILED; } - DBG1(DBG_IKE, "TLS %N expected, but received %N", + DBG1(DBG_TLS, "TLS %N expected, but received %N", tls_handshake_type_names, expected, tls_handshake_type_names, type); return FAILED; } @@ -383,11 +383,11 @@ static status_t send_client_hello(private_tls_peer_t *this, /* add TLS cipher suites */ count = this->crypto->get_cipher_suites(this->crypto, &suites); - DBG2(DBG_IKE, "sending %d TLS cipher suites:", count); + DBG2(DBG_TLS, "sending %d TLS cipher suites:", count); writer->write_uint16(writer, count * 2); for (i = 0; i < count; i++) { - DBG2(DBG_IKE, " %N", tls_cipher_suite_names, suites[i]); + DBG2(DBG_TLS, " %N", tls_cipher_suite_names, suites[i]); writer->write_uint16(writer, suites[i]); } @@ -417,7 +417,7 @@ static status_t send_certificate(private_tls_peer_t *this, KEY_ANY, this->peer, this->peer_auth); if (!this->private) { - DBG1(DBG_IKE, "no TLS peer certificate found for '%Y'", this->peer); + DBG1(DBG_TLS, "no TLS peer certificate found for '%Y'", this->peer); return FAILED; } @@ -428,7 +428,7 @@ static status_t send_certificate(private_tls_peer_t *this, { if (cert->get_encoding(cert, CERT_ASN1_DER, &data)) { - DBG1(DBG_IKE, "sending TLS peer certificate '%Y'", + DBG1(DBG_TLS, "sending TLS peer certificate '%Y'", cert->get_subject(cert)); certs->write_data24(certs, data); free(data.ptr); @@ -441,7 +441,7 @@ static status_t send_certificate(private_tls_peer_t *this, { if (cert->get_encoding(cert, CERT_ASN1_DER, &data)) { - DBG1(DBG_IKE, "sending TLS intermediate certificate '%Y'", + DBG1(DBG_TLS, "sending TLS intermediate certificate '%Y'", cert->get_subject(cert)); certs->write_data24(certs, data); free(data.ptr); @@ -476,7 +476,7 @@ static status_t send_key_exchange(private_tls_peer_t *this, rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); if (!rng) { - DBG1(DBG_IKE, "no suitable RNG found for TLS premaster secret"); + DBG1(DBG_TLS, "no suitable RNG found for TLS premaster secret"); return FAILED; } rng->get_bytes(rng, sizeof(premaster) - 2, premaster + 2); @@ -501,14 +501,14 @@ static status_t send_key_exchange(private_tls_peer_t *this, } if (!public) { - DBG1(DBG_IKE, "no TLS public key found for server '%Y'", this->server); + DBG1(DBG_TLS, "no TLS public key found for server '%Y'", this->server); return FAILED; } if (!public->encrypt(public, ENCRYPT_RSA_PKCS1, chunk_from_thing(premaster), &encrypted)) { public->destroy(public); - DBG1(DBG_IKE, "encrypting TLS premaster secret failed"); + DBG1(DBG_TLS, "encrypting TLS premaster secret failed"); return FAILED; } @@ -532,7 +532,7 @@ static status_t send_certificate_verify(private_tls_peer_t *this, if (!this->private || !this->crypto->sign_handshake(this->crypto, this->private, writer)) { - DBG1(DBG_IKE, "creating TLS Certificate Verify signature failed"); + DBG1(DBG_TLS, "creating TLS Certificate Verify signature failed"); return FAILED; } @@ -552,7 +552,7 @@ static status_t send_finished(private_tls_peer_t *this, if (!this->crypto->calculate_finished(this->crypto, "client finished", buf)) { - DBG1(DBG_IKE, "calculating client finished data failed"); + DBG1(DBG_TLS, "calculating client finished data failed"); return FAILED; } diff --git a/src/libtls/tls_protection.c b/src/libtls/tls_protection.c index 107751e92..90b30f99b 100644 --- a/src/libtls/tls_protection.c +++ b/src/libtls/tls_protection.c @@ -116,7 +116,7 @@ METHOD(tls_protection_t, process, status_t, { /* < TLSv1.1 uses IV from key derivation/last block */ if (data.len < bs || data.len % bs) { - DBG1(DBG_IKE, "encrypted TLS record length invalid"); + DBG1(DBG_TLS, "encrypted TLS record length invalid"); return FAILED; } iv = this->iv_in; @@ -129,7 +129,7 @@ METHOD(tls_protection_t, process, status_t, data = chunk_skip(data, iv.len); if (data.len < bs || data.len % bs) { - DBG1(DBG_IKE, "encrypted TLS record length invalid"); + DBG1(DBG_TLS, "encrypted TLS record length invalid"); return FAILED; } } @@ -144,7 +144,7 @@ METHOD(tls_protection_t, process, status_t, padding_length = data.ptr[data.len - 1]; if (padding_length >= data.len) { - DBG1(DBG_IKE, "invalid TLS record padding"); + DBG1(DBG_TLS, "invalid TLS record padding"); return FAILED; } data.len -= padding_length + 1; @@ -157,7 +157,7 @@ METHOD(tls_protection_t, process, status_t, bs = this->signer_in->get_block_size(this->signer_in); if (data.len <= bs) { - DBG1(DBG_IKE, "TLS record too short to verify MAC"); + DBG1(DBG_TLS, "TLS record too short to verify MAC"); return FAILED; } mac = chunk_skip(data, data.len - bs); @@ -168,7 +168,7 @@ METHOD(tls_protection_t, process, status_t, macdata = chunk_cat("mc", header, data); if (!this->signer_in->verify_signature(this->signer_in, macdata, mac)) { - DBG1(DBG_IKE, "TLS record MAC verification failed"); + DBG1(DBG_TLS, "TLS record MAC verification failed"); free(macdata.ptr); return FAILED; } @@ -228,7 +228,7 @@ METHOD(tls_protection_t, build, status_t, { /* TLSv1.1 uses random IVs, prepended to record */ if (!this->rng) { - DBG1(DBG_IKE, "no RNG supported to generate TLS IV"); + DBG1(DBG_TLS, "no RNG supported to generate TLS IV"); free(data->ptr); return FAILED; } diff --git a/src/libtls/tls_reader.c b/src/libtls/tls_reader.c index ee537be71..17ec68fd5 100644 --- a/src/libtls/tls_reader.c +++ b/src/libtls/tls_reader.c @@ -52,7 +52,7 @@ METHOD(tls_reader_t, read_uint8, bool, { if (this->buf.len < 1) { - DBG1(DBG_IKE, "%d bytes insufficient to parse uint%d TLS data", + DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data", this->buf.len, 8); return FALSE; } @@ -66,7 +66,7 @@ METHOD(tls_reader_t, read_uint16, bool, { if (this->buf.len < 2) { - DBG1(DBG_IKE, "%d bytes insufficient to parse uint%d TLS data", + DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data", this->buf.len, 16); return FALSE; } @@ -80,7 +80,7 @@ METHOD(tls_reader_t, read_uint24, bool, { if (this->buf.len < 3) { - DBG1(DBG_IKE, "%d bytes insufficient to parse uint%d TLS data", + DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data", this->buf.len, 24); return FALSE; } @@ -94,7 +94,7 @@ METHOD(tls_reader_t, read_uint32, bool, { if (this->buf.len < 4) { - DBG1(DBG_IKE, "%d bytes insufficient to parse uint%d TLS data", + DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data", this->buf.len, 32); return FALSE; } @@ -108,7 +108,7 @@ METHOD(tls_reader_t, read_data, bool, { if (this->buf.len < len) { - DBG1(DBG_IKE, "%d bytes insufficient to parse %d bytes TLS data", + DBG1(DBG_TLS, "%d bytes insufficient to parse %d bytes TLS data", this->buf.len, len); return FALSE; } diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c index 763afc99d..18aa09df2 100644 --- a/src/libtls/tls_server.c +++ b/src/libtls/tls_server.c @@ -131,7 +131,7 @@ static status_t process_client_hello(private_tls_server_t *this, !reader->read_data8(reader, &compression) || (reader->remaining(reader) && !reader->read_data16(reader, &ext))) { - DBG1(DBG_IKE, "received invalid ClientHello"); + DBG1(DBG_TLS, "received invalid ClientHello"); return FAILED; } @@ -144,19 +144,19 @@ static status_t process_client_hello(private_tls_server_t *this, count = ciphers.len / sizeof(u_int16_t); suites = alloca(count * sizeof(tls_cipher_suite_t)); - DBG2(DBG_IKE, "received %d TLS cipher suites:", count); + DBG2(DBG_TLS, "received %d TLS cipher suites:", count); for (i = 0; i < count; i++) { suites[i] = untoh16(&ciphers.ptr[i * sizeof(u_int16_t)]); - DBG2(DBG_IKE, " %N", tls_cipher_suite_names, suites[i]); + DBG2(DBG_TLS, " %N", tls_cipher_suite_names, suites[i]); } this->suite = this->crypto->select_cipher_suite(this->crypto, suites, count); if (!this->suite) { - DBG1(DBG_IKE, "received cipher suites inacceptable"); + DBG1(DBG_TLS, "received cipher suites inacceptable"); return FAILED; } - DBG1(DBG_IKE, "negotiated TLS version %N with suite %N", + DBG1(DBG_TLS, "negotiated TLS version %N with suite %N", tls_version_names, version, tls_cipher_suite_names, this->suite); this->state = STATE_HELLO_RECEIVED; return NEED_MORE; @@ -196,20 +196,20 @@ static status_t process_certificate(private_tls_server_t *this, { this->peer_auth->add(this->peer_auth, AUTH_HELPER_SUBJECT_CERT, cert); - DBG1(DBG_IKE, "received TLS peer certificate '%Y'", + DBG1(DBG_TLS, "received TLS peer certificate '%Y'", cert->get_subject(cert)); first = FALSE; } else { - DBG1(DBG_IKE, "received TLS intermediate certificate '%Y'", + DBG1(DBG_TLS, "received TLS intermediate certificate '%Y'", cert->get_subject(cert)); this->peer_auth->add(this->peer_auth, AUTH_HELPER_IM_CERT, cert); } } else { - DBG1(DBG_IKE, "parsing TLS certificate failed, skipped"); + DBG1(DBG_TLS, "parsing TLS certificate failed, skipped"); } } certs->destroy(certs); @@ -230,7 +230,7 @@ static status_t process_key_exchange(private_tls_server_t *this, if (!reader->read_data16(reader, &encrypted)) { - DBG1(DBG_IKE, "received invalid Client Key Exchange"); + DBG1(DBG_TLS, "received invalid Client Key Exchange"); return FAILED; } @@ -238,7 +238,7 @@ static status_t process_key_exchange(private_tls_server_t *this, !this->private->decrypt(this->private, ENCRYPT_RSA_PKCS1, encrypted, &premaster)) { - DBG1(DBG_IKE, "decrypting Client Key Exchange data failed"); + DBG1(DBG_TLS, "decrypting Client Key Exchange data failed"); return FAILED; } this->crypto->derive_secrets(this->crypto, premaster, @@ -273,13 +273,13 @@ static status_t process_cert_verify(private_tls_server_t *this, { break; } - DBG1(DBG_IKE, "signature verification failed, trying another key"); + DBG1(DBG_TLS, "signature verification failed, trying another key"); } enumerator->destroy(enumerator); if (!verified) { - DBG1(DBG_IKE, "no trusted certificate found for '%Y' to verify TLS peer", + DBG1(DBG_TLS, "no trusted certificate found for '%Y' to verify TLS peer", this->peer); return FAILED; } @@ -301,17 +301,17 @@ static status_t process_finished(private_tls_server_t *this, if (!reader->read_data(reader, sizeof(buf), &received)) { - DBG1(DBG_IKE, "received client finished too short"); + DBG1(DBG_TLS, "received client finished too short"); return FAILED; } if (!this->crypto->calculate_finished(this->crypto, "client finished", buf)) { - DBG1(DBG_IKE, "calculating client finished failed"); + DBG1(DBG_TLS, "calculating client finished failed"); return FAILED; } if (!chunk_equals(received, chunk_from_thing(buf))) { - DBG1(DBG_IKE, "received client finished invalid"); + DBG1(DBG_TLS, "received client finished invalid"); return FAILED; } @@ -374,11 +374,11 @@ METHOD(tls_handshake_t, process, status_t, expected = TLS_FINISHED; break; default: - DBG1(DBG_IKE, "TLS %N not expected in current state", + DBG1(DBG_TLS, "TLS %N not expected in current state", tls_handshake_type_names, type); return FAILED; } - DBG1(DBG_IKE, "TLS %N expected, but received %N", + DBG1(DBG_TLS, "TLS %N expected, but received %N", tls_handshake_type_names, expected, tls_handshake_type_names, type); return FAILED; } @@ -410,7 +410,7 @@ static status_t send_server_hello(private_tls_server_t *this, writer->write_data8(writer, chunk_empty); /* add selected TLS cipher suite */ - DBG2(DBG_IKE, "sending TLS cipher suite: %N", + DBG2(DBG_TLS, "sending TLS cipher suite: %N", tls_cipher_suite_names, this->suite); writer->write_uint16(writer, this->suite); @@ -439,7 +439,7 @@ static status_t send_certificate(private_tls_server_t *this, KEY_ANY, this->server, this->server_auth); if (!this->private) { - DBG1(DBG_IKE, "no TLS server certificate found for '%Y'", this->server); + DBG1(DBG_TLS, "no TLS server certificate found for '%Y'", this->server); return FAILED; } @@ -450,7 +450,7 @@ static status_t send_certificate(private_tls_server_t *this, { if (cert->get_encoding(cert, CERT_ASN1_DER, &data)) { - DBG1(DBG_IKE, "sending TLS server certificate '%Y'", + DBG1(DBG_TLS, "sending TLS server certificate '%Y'", cert->get_subject(cert)); certs->write_data24(certs, data); free(data.ptr); @@ -463,7 +463,7 @@ static status_t send_certificate(private_tls_server_t *this, { if (cert->get_encoding(cert, CERT_ASN1_DER, &data)) { - DBG1(DBG_IKE, "sending TLS intermediate certificate '%Y'", + DBG1(DBG_TLS, "sending TLS intermediate certificate '%Y'", cert->get_subject(cert)); certs->write_data24(certs, data); free(data.ptr); @@ -510,7 +510,7 @@ static status_t send_certificate_request(private_tls_server_t *this, if (x509->get_flags(x509) & X509_CA) { id = cert->get_subject(cert); - DBG1(DBG_IKE, "sending TLS cert request for '%Y'", id); + DBG1(DBG_TLS, "sending TLS cert request for '%Y'", id); authorities->write_data16(authorities, id->get_encoding(id)); } } @@ -546,7 +546,7 @@ static status_t send_finished(private_tls_server_t *this, if (!this->crypto->calculate_finished(this->crypto, "server finished", buf)) { - DBG1(DBG_IKE, "calculating server finished data failed"); + DBG1(DBG_TLS, "calculating server finished data failed"); return FAILED; } |