diff options
| -rw-r--r-- | src/pluto/ac.c | 24 | ||||
| -rw-r--r-- | src/pluto/ac.h | 3 | ||||
| -rw-r--r-- | src/pluto/builder.c | 5 | ||||
| -rw-r--r-- | src/pluto/ca.c | 27 | ||||
| -rw-r--r-- | src/pluto/ca.h | 1 | ||||
| -rw-r--r-- | src/pluto/crl.c | 37 | ||||
| -rw-r--r-- | src/pluto/crl.h | 5 | ||||
| -rw-r--r-- | src/pluto/fetch.c | 15 | ||||
| -rw-r--r-- | src/pluto/fetch.h | 1 | ||||
| -rw-r--r-- | src/pluto/ipsec_doi.c | 1 | ||||
| -rw-r--r-- | src/pluto/keys.c | 12 | ||||
| -rw-r--r-- | src/pluto/ocsp.c | 45 | ||||
| -rw-r--r-- | src/pluto/pgpcert.c | 15 | ||||
| -rw-r--r-- | src/pluto/pgpcert.h | 1 | ||||
| -rw-r--r-- | src/pluto/pkcs7.c | 1 | ||||
| -rw-r--r-- | src/pluto/x509.c | 26 | ||||
| -rw-r--r-- | src/pluto/x509.h | 1 |
17 files changed, 89 insertions, 131 deletions
diff --git a/src/pluto/ac.c b/src/pluto/ac.c index 14806c3cc..270efa85f 100644 --- a/src/pluto/ac.c +++ b/src/pluto/ac.c @@ -20,6 +20,7 @@ #include <unistd.h> #include <dirent.h> #include <sys/types.h> +#include <time.h> #include <freeswan.h> @@ -282,7 +283,6 @@ void list_acerts(bool utc) { whack_log(RC_COMMENT, " "); whack_log(RC_COMMENT, "List of X.509 Attribute Certificates:"); - whack_log(RC_COMMENT, " "); } while (x509ac) @@ -294,53 +294,51 @@ void list_acerts(bool utc) time_t notBefore, notAfter; ietf_attributes_t *groups; - - whack_log(RC_COMMENT, "%T", &x509ac->installed, utc); + whack_log(RC_COMMENT, " "); entityName = cert_ac->get_subject(cert_ac); if (entityName) { - whack_log(RC_COMMENT, " holder: '%Y'", entityName); + whack_log(RC_COMMENT, " holder: \"%Y\"", entityName); } holderIssuer = ac->get_holderIssuer(ac); if (holderIssuer) { - whack_log(RC_COMMENT, " hissuer: '%Y'", holderIssuer); + whack_log(RC_COMMENT, " hissuer: \"%Y\"", holderIssuer); } holderSerial = ac->get_holderSerial(ac); if (holderSerial.ptr) { - whack_log(RC_COMMENT, " hserial: %#B", &holderSerial); + whack_log(RC_COMMENT, " hserial: %#B", &holderSerial); } groups = ac->get_groups(ac); if (groups) { - whack_log(RC_COMMENT, " groups: %s", + whack_log(RC_COMMENT, " groups: %s", groups->get_string(groups)); groups->destroy(groups); } issuer = cert_ac->get_issuer(cert_ac); - whack_log(RC_COMMENT, " issuer: '%Y'", issuer); + whack_log(RC_COMMENT, " issuer: \"%Y\"", issuer); serial = ac->get_serial(ac); - whack_log(RC_COMMENT, " serial: %#B", &serial); + whack_log(RC_COMMENT, " serial: %#B", &serial); cert_ac->get_validity(cert_ac, &now, ¬Before, ¬After); - whack_log(RC_COMMENT, " validity: not before %T %s", + whack_log(RC_COMMENT, " validity: not before %T %s", ¬Before, utc, (notBefore < now)?"ok":"fatal (not valid yet)"); - whack_log(RC_COMMENT, " not after %T %s", - ¬After, utc, + whack_log(RC_COMMENT, " not after %T %s", ¬After, utc, check_expiry(notAfter, ACERT_WARNING_INTERVAL, TRUE)); authKeyID = ac->get_authKeyIdentifier(ac); if (authKeyID.ptr) { - whack_log(RC_COMMENT, " authkey: %#B", &authKeyID); + whack_log(RC_COMMENT, " authkey: %#B", &authKeyID); } x509ac = x509ac->next; diff --git a/src/pluto/ac.h b/src/pluto/ac.h index d1feb5570..b7c02469d 100644 --- a/src/pluto/ac.h +++ b/src/pluto/ac.h @@ -18,8 +18,6 @@ #ifndef _AC_H #define _AC_H -#include <time.h> - #include <credentials/certificates/certificate.h> #include <credentials/ietf_attributes/ietf_attributes.h> @@ -30,7 +28,6 @@ typedef struct x509acert x509acert_t; struct x509acert { certificate_t *ac; x509acert_t *next; - time_t installed; }; extern bool verify_x509acert(x509acert_t *ac, bool strict); diff --git a/src/pluto/builder.c b/src/pluto/builder.c index b8b9aac35..004145103 100644 --- a/src/pluto/builder.c +++ b/src/pluto/builder.c @@ -98,7 +98,6 @@ static cert_t *builder_load_cert(certificate_type_t type, va_list args) *cert = cert_empty; cert->type = CERT_X509_SIGNATURE; cert->u.x509 = x509cert; - time(&x509cert->installed); return cert; } plog(" error in X.509 certificate"); @@ -134,7 +133,6 @@ static x509acert_t *builder_load_ac(certificate_type_t type, va_list args) { ac = malloc_thing(x509acert_t); ac->next = NULL; - ac->installed = UNDEFINED_TIME; ac->ac = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, BUILD_BLOB_ASN1_DER, blob, BUILD_END); @@ -173,9 +171,8 @@ static x509crl_t *builder_load_crl(certificate_type_t type, va_list args) if (blob.ptr) { crl = malloc_thing(x509crl_t); - *crl = empty_x509crl; + crl->next = NULL; crl->distributionPoints = linked_list_create(); - crl->crl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, BUILD_BLOB_ASN1_DER, blob, diff --git a/src/pluto/ca.c b/src/pluto/ca.c index 816e71087..5bee66443 100644 --- a/src/pluto/ca.c +++ b/src/pluto/ca.c @@ -661,7 +661,6 @@ void add_ca_info(const whack_message_t *msg) ca->next = ca_infos; ca_infos = ca; - ca->installed = time(NULL); unlock_ca_info_list("add_ca_info"); @@ -690,7 +689,6 @@ void list_ca_infos(bool utc) { whack_log(RC_COMMENT, " "); whack_log(RC_COMMENT, "List of X.509 CA Information Records:"); - whack_log(RC_COMMENT, " "); } while (ca != NULL) @@ -703,15 +701,21 @@ void list_ca_infos(bool utc) , &ca->installed, utc, ca->name , ca->strictcrlpolicy? "yes":"no"); */ - whack_log(RC_COMMENT, "%T, \"%s\"", &ca->installed, utc, ca->name); + whack_log(RC_COMMENT, " "); dntoa(buf, BUF_LEN, ca->authName); - whack_log(RC_COMMENT, " authname: '%s'", buf); - if (ca->ldaphost != NULL) - whack_log(RC_COMMENT, " ldaphost: '%s'", ca->ldaphost); - if (ca->ldapbase != NULL) - whack_log(RC_COMMENT, " ldapbase: '%s'", ca->ldapbase); - if (ca->ocspuri != NULL) - whack_log(RC_COMMENT, " ocspuri: '%s'", ca->ocspuri); + whack_log(RC_COMMENT, " authname: \"%s\"", buf); + if (ca->ldaphost) + { + whack_log(RC_COMMENT, " ldaphost: '%s'", ca->ldaphost); + } + if (ca->ldapbase) + { + whack_log(RC_COMMENT, " ldapbase: '%s'", ca->ldapbase); + } + if (ca->ocspuri) + { + whack_log(RC_COMMENT, " ocspuri: '%s'", ca->ocspuri); + } list_distribution_points(ca->crluris); @@ -719,10 +723,9 @@ void list_ca_infos(bool utc) { datatot(ca->authKeyID.ptr, ca->authKeyID.len, ':' , buf, BUF_LEN); - whack_log(RC_COMMENT, " authkey: %s", buf); + whack_log(RC_COMMENT, " authkey: %s", buf); } ca = ca->next; } } - diff --git a/src/pluto/ca.h b/src/pluto/ca.h index 8c7627d2b..9e2efb148 100644 --- a/src/pluto/ca.h +++ b/src/pluto/ca.h @@ -29,7 +29,6 @@ typedef struct ca_info ca_info_t; struct ca_info { ca_info_t *next; char *name; - time_t installed; chunk_t authName; chunk_t authKeyID; char *ldaphost; diff --git a/src/pluto/crl.c b/src/pluto/crl.c index 54f08f9d6..7f71c0f94 100644 --- a/src/pluto/crl.c +++ b/src/pluto/crl.c @@ -39,14 +39,7 @@ /* chained lists of X.509 crls */ -static x509crl_t *x509crls = NULL; - -const x509crl_t empty_x509crl = { - NULL , /* crl */ - NULL , /* *next */ - UNDEFINED_TIME, /* installed */ - NULL , /* distributionPoints */ -}; +static x509crl_t *x509crls = NULL; /** * Get the X.509 CRL with a given issuer @@ -502,7 +495,6 @@ void list_crls(bool utc, bool strict) { whack_log(RC_COMMENT, " "); whack_log(RC_COMMENT, "List of X.509 CRLs:"); - whack_log(RC_COMMENT, " "); } while (x509crl) @@ -514,6 +506,15 @@ void list_crls(bool utc, bool strict) u_int revoked = 0; enumerator_t *enumerator; + whack_log(RC_COMMENT, " "); + whack_log(RC_COMMENT, " issuer: \"%Y\"", + cert_crl->get_issuer(cert_crl)); + serial = crl->get_serial(crl); + if (serial.ptr) + { + whack_log(RC_COMMENT, " serial: %#B", &serial); + } + /* count number of revoked certificates in CRL */ enumerator = crl->create_enumerator(crl); while (enumerator->enumerate(enumerator, NULL, NULL, NULL)) @@ -521,28 +522,18 @@ void list_crls(bool utc, bool strict) revoked++; } enumerator->destroy(enumerator); + whack_log(RC_COMMENT, " revoked: %d certificates", revoked); - whack_log(RC_COMMENT, "%T, revoked certs: %d", - &x509crl->installed, utc, revoked); - whack_log(RC_COMMENT, " issuer: '%Y'", - cert_crl->get_issuer(cert_crl)); - serial = crl->get_serial(crl); - if (serial.ptr) - { - whack_log(RC_COMMENT, " crlnumber: %#B", &serial); - } list_distribution_points(x509crl->distributionPoints); cert_crl->get_validity(cert_crl, NULL, &thisUpdate, &nextUpdate); - whack_log(RC_COMMENT, " updates: this %T", - &thisUpdate, utc); - whack_log(RC_COMMENT, " next %T %s", - &nextUpdate, utc, + whack_log(RC_COMMENT, " updates: this %T", &thisUpdate, utc); + whack_log(RC_COMMENT, " next %T %s", &nextUpdate, utc, check_expiry(nextUpdate, CRL_WARNING_INTERVAL, strict)); authKeyID = crl->get_authKeyIdentifier(crl); if (authKeyID.ptr) { - whack_log(RC_COMMENT, " authkey: %#B", &authKeyID); + whack_log(RC_COMMENT, " authkey: %#B", &authKeyID); } x509crl = x509crl->next; diff --git a/src/pluto/crl.h b/src/pluto/crl.h index 1684767c5..cf8aa54b7 100644 --- a/src/pluto/crl.h +++ b/src/pluto/crl.h @@ -25,7 +25,6 @@ typedef struct x509crl x509crl_t; struct x509crl { certificate_t *crl; x509crl_t *next; - time_t installed; linked_list_t *distributionPoints; chunk_t signature; }; @@ -44,10 +43,6 @@ extern bool cache_crls; * check periodically for expired crls */ extern long crl_check_interval; - -/* used for initialization */ -extern const x509crl_t empty_x509crl; - extern void load_crls(void); extern void check_crls(void); extern bool insert_crl(x509crl_t *crl, char *crl_uri, bool cache_crl); diff --git a/src/pluto/fetch.c b/src/pluto/fetch.c index 4217cd1d2..59c27d979 100644 --- a/src/pluto/fetch.c +++ b/src/pluto/fetch.c @@ -44,7 +44,6 @@ fetch_req_t empty_fetch_req = { NULL , /* next */ - 0 , /* installed */ 0 , /* trials */ { NULL, 0}, /* issuer */ { NULL, 0}, /* authKeyID */ @@ -609,9 +608,6 @@ fetch_req_t* build_crl_fetch_request(chunk_t issuer, chunk_t authKeyID, memset(req, 0, sizeof(fetch_req_t)); req->distributionPoints = linked_list_create(); - /* note current time */ - req->installed = time(NULL); - /* clone fields */ req->issuer = chunk_clone(issuer); req->authKeyID = chunk_clone(authKeyID); @@ -695,7 +691,7 @@ void list_distribution_points(linked_list_t *distributionPoints) enumerator = distributionPoints->create_enumerator(distributionPoints); while (enumerator->enumerate(enumerator, &point)) { - whack_log(RC_COMMENT, " %s '%s'", + whack_log(RC_COMMENT, " %s '%s'", (first_point)? "distPts: " : " ", point); first_point = FALSE; } @@ -715,7 +711,7 @@ void list_crl_fetch_requests(bool utc) if (req != NULL) { whack_log(RC_COMMENT, " "); - whack_log(RC_COMMENT, "List of CRL fetch requests:"); + whack_log(RC_COMMENT, "List of CRL Fetch Requests:"); whack_log(RC_COMMENT, " "); } @@ -723,15 +719,14 @@ void list_crl_fetch_requests(bool utc) { u_char buf[BUF_LEN]; - whack_log(RC_COMMENT, "%T, trials: %d" - , &req->installed, utc, req->trials); + whack_log(RC_COMMENT, " trials: %d", req->trials); dntoa(buf, BUF_LEN, req->issuer); - whack_log(RC_COMMENT, " issuer: '%s'", buf); + whack_log(RC_COMMENT, " issuer: '%s'", buf); if (req->authKeyID.ptr != NULL) { datatot(req->authKeyID.ptr, req->authKeyID.len, ':' , buf, BUF_LEN); - whack_log(RC_COMMENT, " authkey: %s", buf); + whack_log(RC_COMMENT, " authkey: %s", buf); } list_distribution_points(req->distributionPoints); req = req->next; diff --git a/src/pluto/fetch.h b/src/pluto/fetch.h index a12e86a0b..bb504665c 100644 --- a/src/pluto/fetch.h +++ b/src/pluto/fetch.h @@ -30,7 +30,6 @@ typedef struct fetch_req fetch_req_t; struct fetch_req { fetch_req_t *next; - time_t installed; int trials; chunk_t issuer; chunk_t authKeyID; diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c index eaa4a7a8c..e4560bc90 100644 --- a/src/pluto/ipsec_doi.c +++ b/src/pluto/ipsec_doi.c @@ -2173,7 +2173,6 @@ static void decode_cert(struct msg_digest *md) BUILD_END); if (cert.cert) { - time(&cert.installed); if (verify_x509cert(&cert, strict_crl_policy, &valid_until)) { DBG(DBG_PARSING, diff --git a/src/pluto/keys.c b/src/pluto/keys.c index af494c6c1..e102364b3 100644 --- a/src/pluto/keys.c +++ b/src/pluto/keys.c @@ -1430,7 +1430,6 @@ void list_public_keys(bool utc) { whack_log(RC_COMMENT, " "); whack_log(RC_COMMENT, "List of Public Keys:"); - whack_log(RC_COMMENT, " "); } while (p != NULL) @@ -1440,27 +1439,28 @@ void list_public_keys(bool utc) chunk_t keyid; char buf[BUF_LEN]; + whack_log(RC_COMMENT, " "); idtoa(&key->id, buf, BUF_LEN); - whack_log(RC_COMMENT,"%T, '%s'", &key->installed_time, utc, buf); - whack_log(RC_COMMENT, " pubkey: %N %4d bits, until %T %s", + whack_log(RC_COMMENT, " owner: '%s'", buf); + whack_log(RC_COMMENT, " pubkey: %N %4d bits, until %T %s", key_type_names, public->get_type(public), public->get_keysize(public) * BITS_PER_BYTE, &key->until_time, utc, check_expiry(key->until_time, PUBKEY_WARNING_INTERVAL, TRUE)); if (public->get_fingerprint(public, KEY_ID_PUBKEY_INFO_SHA1, &keyid)) { - whack_log(RC_COMMENT," keyid: %#B", &keyid); + whack_log(RC_COMMENT," keyid: %#B", &keyid); } if (key->issuer.len > 0) { dntoa(buf, BUF_LEN, key->issuer); - whack_log(RC_COMMENT," issuer: '%s'", buf); + whack_log(RC_COMMENT," issuer: \"%s\"", buf); } if (key->serial.len > 0) { datatot(key->serial.ptr, key->serial.len, ':' , buf, BUF_LEN); - whack_log(RC_COMMENT," serial: %s", buf); + whack_log(RC_COMMENT," serial: %s", buf); } p = p->next; } diff --git a/src/pluto/ocsp.c b/src/pluto/ocsp.c index 041df2452..dd26fca3d 100644 --- a/src/pluto/ocsp.c +++ b/src/pluto/ocsp.c @@ -424,7 +424,7 @@ cert_status_t verify_by_ocsp(const x509cert_t *cert, time_t *until, chunk_t serialNumber = x509->get_serial(x509); cert_status_t status; ocsp_location_t location; - time_t nextUpdate; + time_t nextUpdate = UNDEFINED_TIME; *revocationDate = UNDEFINED_TIME; *revocationReason = CRL_REASON_UNSPECIFIED; @@ -595,50 +595,46 @@ void list_ocsp_locations(ocsp_location_t *location, bool requests, first = FALSE; } whack_log(RC_COMMENT, " "); - if (location->issuer.ptr != NULL) + if (location->issuer.ptr) { dntoa(buf, BUF_LEN, location->issuer); - whack_log(RC_COMMENT, " issuer: '%s'", buf); + whack_log(RC_COMMENT, " issuer: \"%s\"", buf); } - whack_log(RC_COMMENT, " uri: '%s'", location->uri); - if (location->authNameID.ptr != NULL) + whack_log(RC_COMMENT, " uri: '%s'", location->uri); + if (location->authNameID.ptr) { datatot(location->authNameID.ptr, location->authNameID.len, ':' , buf, BUF_LEN); - whack_log(RC_COMMENT, " authname: %s", buf); + whack_log(RC_COMMENT, " authname: %s", buf); } - if (location->authKeyID.ptr != NULL) + if (location->authKeyID.ptr) { datatot(location->authKeyID.ptr, location->authKeyID.len, ':' , buf, BUF_LEN); - whack_log(RC_COMMENT, " authkey: %s", buf); + whack_log(RC_COMMENT, " authkey: %s", buf); } - while (certinfo != NULL) + while (certinfo) { - char thisUpdate[BUF_LEN]; - - snprintf(thisUpdate, BUF_LEN, "%T", &certinfo->thisUpdate, utc); - if (requests) { - whack_log(RC_COMMENT, "%s, trials: %d", thisUpdate - , certinfo->trials); + whack_log(RC_COMMENT, " serial: %#B, %d trials", + &certinfo->serialNumber, certinfo->trials); } else if (certinfo->once) { - whack_log(RC_COMMENT, "%s, onetime use%s", thisUpdate - , (certinfo->nextUpdate < time(NULL))? " (expired)": ""); + whack_log(RC_COMMENT, " serial: %#B, %s, once%s", + &certinfo->serialNumber, + cert_status_names[certinfo->status], + (certinfo->nextUpdate < time(NULL))? " (expired)": ""); } else { - whack_log(RC_COMMENT, "%s, until %T %s", thisUpdate - , &certinfo->nextUpdate, utc - , check_expiry(certinfo->nextUpdate, OCSP_WARNING_INTERVAL, strict)); + whack_log(RC_COMMENT, " serial: %#B, %s, until %T %s", + &certinfo->serialNumber, + cert_status_names[certinfo->status], + &certinfo->nextUpdate, utc, + check_expiry(certinfo->nextUpdate, OCSP_WARNING_INTERVAL, strict)); } - datatot(certinfo->serialNumber.ptr, certinfo->serialNumber.len, ':' - , buf, BUF_LEN); - whack_log(RC_COMMENT, " serial: %s, %s", buf - , cert_status_names[certinfo->status]); certinfo = certinfo->next; } } @@ -1155,7 +1151,6 @@ static bool parse_basic_ocsp_response(chunk_t blob, int level0, response_t *res) free_x509cert(cert); break; } - time(&cert->installed); x509 = (x509_t*)cert->cert; if ((x509->get_flags(x509) & X509_OCSP_SIGNER) && diff --git a/src/pluto/pgpcert.c b/src/pluto/pgpcert.c index 2b1f5cbb8..4faa7c6f1 100644 --- a/src/pluto/pgpcert.c +++ b/src/pluto/pgpcert.c @@ -97,7 +97,6 @@ static pgpcert_t *pgpcerts = NULL; const pgpcert_t pgpcert_empty = { NULL , /* next */ 0 , /* version */ - 0 , /* installed */ 0 , /* count */ { NULL, 0 }, /* certificate */ 0 , /* created */ @@ -309,7 +308,6 @@ bool parse_pgp(chunk_t blob, pgpcert_t *cert) /* parse a PGP certificate file */ cert->certificate = blob; - time(&cert->installed); while (blob.len > 0) { @@ -479,8 +477,7 @@ void list_pgp_end_certs(bool utc) if (cert != NULL) { whack_log(RC_COMMENT, " "); - whack_log(RC_COMMENT, "List of PGP End certificates:"); - whack_log(RC_COMMENT, " "); + whack_log(RC_COMMENT, "List of PGP End Entity Certificates:"); } while (cert != NULL) @@ -492,10 +489,10 @@ void list_pgp_end_certs(bool utc) c.type = CERT_PGP; c.u.pgp = cert; - whack_log(RC_COMMENT, "%T, count: %d", &cert->installed, utc, cert->count); - whack_log(RC_COMMENT, " digest: %Y", cert->fingerprint); - whack_log(RC_COMMENT, " created: %T", &cert->created, utc); - whack_log(RC_COMMENT, " until: %T %s", &cert->until, utc, + whack_log(RC_COMMENT, " "); + whack_log(RC_COMMENT, " digest: %Y", cert->fingerprint); + whack_log(RC_COMMENT, " created: %T", &cert->created, utc); + whack_log(RC_COMMENT, " until: %T %s", &cert->until, utc, check_expiry(cert->until, CA_CERT_WARNING_INTERVAL, TRUE)); whack_log(RC_COMMENT, " pubkey: %N %4d bits%s", key_type_names, key->get_type(key), @@ -503,7 +500,7 @@ void list_pgp_end_certs(bool utc) has_private_key(c)? ", has private key" : ""); if (key->get_fingerprint(key, KEY_ID_PUBKEY_INFO_SHA1, &keyid)) { - whack_log(RC_COMMENT, " keyid: %#B", &keyid); + whack_log(RC_COMMENT, " keyid: %#B", &keyid); } cert = cert->next; } diff --git a/src/pluto/pgpcert.h b/src/pluto/pgpcert.h index 6611bd987..16169f289 100644 --- a/src/pluto/pgpcert.h +++ b/src/pluto/pgpcert.h @@ -35,7 +35,6 @@ typedef struct pgpcert pgpcert_t; struct pgpcert { pgpcert_t *next; int version; - time_t installed; int count; chunk_t certificate; time_t created; diff --git a/src/pluto/pkcs7.c b/src/pluto/pkcs7.c index dcfc9e88c..7ff51a5a4 100644 --- a/src/pluto/pkcs7.c +++ b/src/pluto/pkcs7.c @@ -263,7 +263,6 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert BUILD_END); if (newcert->cert) { - time(&newcert->installed); newcert->next = *cert; *cert = newcert; } diff --git a/src/pluto/x509.c b/src/pluto/x509.c index 77c5156bf..e6ea1d6c8 100644 --- a/src/pluto/x509.c +++ b/src/pluto/x509.c @@ -124,7 +124,6 @@ static const asn1Object_t otherNameObjects[] = { const x509cert_t empty_x509cert = { NULL , /* cert */ NULL , /* *next */ - UNDEFINED_TIME, /* installed */ 0 , /* count */ FALSE /* smartcard */ }; @@ -1491,32 +1490,29 @@ void list_x509cert_chain(const char *caption, x509cert_t* cert, { whack_log(RC_COMMENT, " "); whack_log(RC_COMMENT, "List of X.509 %s Certificates:", caption); - whack_log(RC_COMMENT, " "); first = FALSE; } - - whack_log(RC_COMMENT, "%T, count: %d", &cert->installed, utc, - cert->count); - whack_log(RC_COMMENT, " subject: '%Y'", + whack_log(RC_COMMENT, " "); + whack_log(RC_COMMENT, " subject: \"%Y\"", certificate->get_subject(certificate)); - whack_log(RC_COMMENT, " issuer: '%Y'", + whack_log(RC_COMMENT, " issuer: \"%Y\"", certificate->get_issuer(certificate)); serial = x509->get_serial(x509); - whack_log(RC_COMMENT, " serial: %#B", &serial); + whack_log(RC_COMMENT, " serial: %#B", &serial); /* list validity */ certificate->get_validity(certificate, &now, ¬Before, ¬After); - whack_log(RC_COMMENT, " validity: not before %T %s", + whack_log(RC_COMMENT, " validity: not before %T %s", ¬Before, utc, (notBefore < now)?"ok":"fatal (not valid yet)"); - whack_log(RC_COMMENT, " not after %T %s", + whack_log(RC_COMMENT, " not after %T %s", ¬After, utc, check_expiry(notAfter, CA_CERT_WARNING_INTERVAL, TRUE)); key = certificate->get_public_key(certificate); if (key); { - whack_log(RC_COMMENT, " pubkey: %N %4d bits%s", + whack_log(RC_COMMENT, " pubkey: %N %4d bits%s", key_type_names, key->get_type(key), key->get_keysize(key) * BITS_PER_BYTE, cert->smartcard ? ", on smartcard" : @@ -1524,11 +1520,11 @@ void list_x509cert_chain(const char *caption, x509cert_t* cert, if (key->get_fingerprint(key, KEY_ID_PUBKEY_INFO_SHA1, &keyid)) { - whack_log(RC_COMMENT, " keyid: %#B", &keyid); + whack_log(RC_COMMENT, " keyid: %#B", &keyid); } if (key->get_fingerprint(key, KEY_ID_PUBKEY_SHA1, &subjkey)) { - whack_log(RC_COMMENT, " subjkey: %#B", &subjkey); + whack_log(RC_COMMENT, " subjkey: %#B", &subjkey); } key->destroy(key); } @@ -1537,7 +1533,7 @@ void list_x509cert_chain(const char *caption, x509cert_t* cert, authkey = x509->get_authKeyIdentifier(x509); if (authkey.ptr) { - whack_log(RC_COMMENT, " authkey: %#B", &authkey); + whack_log(RC_COMMENT, " authkey: %#B", &authkey); } } cert = cert->next; @@ -1549,5 +1545,5 @@ void list_x509cert_chain(const char *caption, x509cert_t* cert, */ void list_x509_end_certs(bool utc) { - list_x509cert_chain("End", x509certs, X509_NONE, utc); + list_x509cert_chain("End Entity", x509certs, X509_NONE, utc); } diff --git a/src/pluto/x509.h b/src/pluto/x509.h index e9b61a492..4b9abf3e6 100644 --- a/src/pluto/x509.h +++ b/src/pluto/x509.h @@ -55,7 +55,6 @@ typedef struct x509cert x509cert_t; struct x509cert { certificate_t *cert; x509cert_t *next; - time_t installed; int count; bool smartcard; }; |