aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/charon/credentials/sets/auth_info_wrapper.c10
-rw-r--r--src/charon/encoding/payloads/cert_payload.c8
-rw-r--r--src/charon/plugins/stroke/stroke_ca.c16
-rw-r--r--src/charon/sa/tasks/ike_cert_post.c6
-rw-r--r--src/charon/sa/tasks/ike_cert_pre.c16
5 files changed, 28 insertions, 28 deletions
diff --git a/src/charon/credentials/sets/auth_info_wrapper.c b/src/charon/credentials/sets/auth_info_wrapper.c
index cdbe2bc57..32783ff93 100644
--- a/src/charon/credentials/sets/auth_info_wrapper.c
+++ b/src/charon/credentials/sets/auth_info_wrapper.c
@@ -57,7 +57,7 @@ typedef struct {
} wrapper_enumerator_t;
/**
- * Tries to fetch a certificate that was supplied as hash and URL (replaces the
+ * Tries to fetch a certificate that was supplied as "Hash and URL" (replaces the
* item's type and value in place).
*/
static bool fetch_cert(wrapper_enumerator_t *enumerator, auth_item_t *type, void **value)
@@ -72,10 +72,10 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator, auth_item_t *type, void
chunk_t data;
certificate_t *cert;
- DBG1(DBG_CFG, "fetching certificate from '%s' ...", url);
+ DBG1(DBG_CFG, " fetching certificate from '%s' ...", url);
if (lib->fetcher->fetch(lib->fetcher, url, &data) != SUCCESS)
{
- DBG1(DBG_CFG, "fetching certificate from '%s' failed", url);
+ DBG1(DBG_CFG, " fetching certificate failed");
/* we set the item to NULL, so we can skip it */
enumerator->auth->replace_item(enumerator->inner, *type, NULL);
return FALSE;
@@ -86,13 +86,13 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator, auth_item_t *type, void
if (!cert)
{
- DBG1(DBG_CFG, "parsing fetched certificate failed");
+ DBG1(DBG_CFG, " parsing fetched certificate failed");
/* we set the item to NULL, so we can skip it */
enumerator->auth->replace_item(enumerator->inner, *type, NULL);
return FALSE;
}
- DBG1(DBG_CFG, "fetched certificate \"%D\"", cert->get_subject(cert));
+ DBG1(DBG_CFG, " fetched certificate \"%D\"", cert->get_subject(cert));
charon->credentials->cache_cert(charon->credentials, cert);
*type = (*type == AUTHN_IM_HASH_URL) ? AUTHN_IM_CERT : AUTHN_SUBJECT_CERT;
diff --git a/src/charon/encoding/payloads/cert_payload.c b/src/charon/encoding/payloads/cert_payload.c
index c482b7a40..453411850 100644
--- a/src/charon/encoding/payloads/cert_payload.c
+++ b/src/charon/encoding/payloads/cert_payload.c
@@ -79,7 +79,7 @@ struct private_cert_payload_t {
chunk_t data;
/**
- * TRUE if the hash and URL data is invalid
+ * TRUE if the "Hash and URL" data is invalid
*/
bool invalid_hash_and_url;
};
@@ -133,10 +133,10 @@ static status_t verify(private_cert_payload_t *this)
if (this->encoding == ENC_X509_HASH_AND_URL ||
this->encoding == ENC_X509_HASH_AND_URL_BUNDLE)
{
- /* rough verification of hash and URL encoded certificates */
+ /* coarse verification of "Hash and URL" encoded certificates */
if (this->data.len <= 20)
{
- DBG1(DBG_ENC, "invalid payload length for hash and URL (%d), ignore",
+ DBG1(DBG_ENC, "invalid payload length for hash-and-url (%d), ignore",
this->data.len);
this->invalid_hash_and_url = TRUE;
return SUCCESS;
@@ -152,7 +152,7 @@ static status_t verify(private_cert_payload_t *this)
}
else if (!isprint(this->data.ptr[i]))
{
- DBG1(DBG_ENC, "non printable characters in URL of hash and URL"
+ DBG1(DBG_ENC, "non printable characters in url of hash-and-url"
" encoded certificate payload, ignore");
this->invalid_hash_and_url = TRUE;
return SUCCESS;
diff --git a/src/charon/plugins/stroke/stroke_ca.c b/src/charon/plugins/stroke/stroke_ca.c
index ba969b962..c61aadba1 100644
--- a/src/charon/plugins/stroke/stroke_ca.c
+++ b/src/charon/plugins/stroke/stroke_ca.c
@@ -178,7 +178,7 @@ static enumerator_t *create_inner_cdp(ca_section_t *section, cdp_data_t *data)
}
/**
- * inner enumerator constructor for hash and URL
+ * inner enumerator constructor for "Hash and URL"
*/
static enumerator_t *create_inner_cdp_hashandurl(ca_section_t *section, cdp_data_t *data)
{
@@ -219,7 +219,7 @@ static enumerator_t *create_cdp_enumerator(private_stroke_ca_t *this,
cdp_data_t *data;
switch (type)
- { /* we serve CRLs, OCSP responders and URLs for hash and URL */
+ { /* we serve CRLs, OCSP responders and URLs for "Hash and URL" */
case CERT_X509:
case CERT_X509_CRL:
case CERT_X509_OCSP_RESPONSE:
@@ -349,7 +349,7 @@ static void check_for_hash_and_url(private_stroke_ca_t *this, certificate_t* cer
hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (hasher == NULL)
{
- DBG1(DBG_IKE, "unable to use hash and URL, SHA1 not supported");
+ DBG1(DBG_IKE, "unable to use hash-and-url: sha1 not supported");
return;
}
@@ -397,19 +397,19 @@ static void list(private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out)
first = FALSE;
}
fprintf(out, "\n");
- fprintf(out, " authname: \"%D\"\n", cert->get_subject(cert));
+ fprintf(out, " authname: \"%D\"\n", cert->get_subject(cert));
/* list authkey and keyid */
if (public)
{
- fprintf(out, " authkey: %D\n",
+ fprintf(out, " authkey: %D\n",
public->get_id(public, ID_PUBKEY_SHA1));
- fprintf(out, " keyid: %D\n",
+ fprintf(out, " keyid: %D\n",
public->get_id(public, ID_PUBKEY_INFO_SHA1));
public->destroy(public);
}
- list_uris(section->crl, " crluris: ", out);
- list_uris(section->ocsp, " ocspuris: ", out);
+ list_uris(section->crl, " crluris: ", out);
+ list_uris(section->ocsp, " ocspuris: ", out);
fprintf(out, " certuribase: '%s'\n", section->certuribase);
}
enumerator->destroy(enumerator);
diff --git a/src/charon/sa/tasks/ike_cert_post.c b/src/charon/sa/tasks/ike_cert_post.c
index 2532f2db8..23e19a581 100644
--- a/src/charon/sa/tasks/ike_cert_post.c
+++ b/src/charon/sa/tasks/ike_cert_post.c
@@ -49,7 +49,7 @@ struct private_ike_cert_post_t {
};
/**
- * Generates the cert payload, if possible with hash and url
+ * Generates the cert payload, if possible with "Hash and URL"
*/
static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this, certificate_t *cert)
{
@@ -83,13 +83,13 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this, certifi
}
else
{
- DBG1(DBG_IKE, "unable to use hash and URL, SHA1 not supported");
+ DBG1(DBG_IKE, "unable to use hash-and-url: sha1 not supported");
}
}
if (!payload)
{
- /* our peer does not support hash and URL or we do not have an URL
+ /* our peer does not support "Hash and URL" or we do not have an URL
* to send to our peer, just create a normal cert payload */
payload = cert_payload_create_from_cert(cert);
}
diff --git a/src/charon/sa/tasks/ike_cert_pre.c b/src/charon/sa/tasks/ike_cert_pre.c
index 26ddb6e43..8ce19b8aa 100644
--- a/src/charon/sa/tasks/ike_cert_pre.c
+++ b/src/charon/sa/tasks/ike_cert_pre.c
@@ -134,7 +134,7 @@ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message)
/**
* tries to extract a certificate from the cert payload or the credential
- * manager (based on the hash of a hash and URL encoded cert).
+ * manager (based on the hash of a "Hash and URL" encoded cert).
* Note: the returned certificate (if any) has to be destroyed
*/
static certificate_t *try_get_cert(cert_payload_t *cert_payload)
@@ -153,7 +153,7 @@ static certificate_t *try_get_cert(cert_payload_t *cert_payload)
chunk_t hash = cert_payload->get_hash(cert_payload);
if (!hash.ptr)
{
- /* invalid hash and URL data (logged elsewhere) */
+ /* invalid "Hash and URL" data (logged elsewhere) */
break;
}
id = identification_create_from_encoding(ID_CERT_DER_SHA1, hash);
@@ -197,7 +197,7 @@ static void process_certs(private_ike_cert_pre_t *this, message_t *message)
if (type == ENC_X509_HASH_AND_URL &&
!this->http_cert_lookup_supported_sent)
{
- DBG1(DBG_IKE, "received hash and URL encoded cert, but"
+ DBG1(DBG_IKE, "received hash-and-url encoded cert, but"
" we don't accept them, ignore");
break;
}
@@ -224,27 +224,27 @@ static void process_certs(private_ike_cert_pre_t *this, message_t *message)
}
else if (type == ENC_X509_HASH_AND_URL)
{
- /* we received a hash and URL encoded certificate that
+ /* we received a "Hash and URL" encoded certificate that
* we haven't fetched yet, we store the URL and fetch
* it later */
char *url = cert_payload->get_url(cert_payload);
if (!url)
{
- DBG1(DBG_IKE, "received invalid hash and URL encoded"
+ DBG1(DBG_IKE, "received invalid hash-and-url encoded"
" cert, ignore");
break;
}
if (first)
{ /* the first certificate MUST be an end entity one */
- DBG1(DBG_IKE, "received hash and URL for end"
+ DBG1(DBG_IKE, "received hash-and-url for end"
" entity cert \"%s\"", url);
auth->add_item(auth, AUTHN_SUBJECT_HASH_URL, url);
first = FALSE;
}
else
{
- DBG1(DBG_IKE, "received hash and URL for issuer"
+ DBG1(DBG_IKE, "received hash-and-url for issuer"
" cert \"%s\"", url);
auth->add_item(auth, AUTHN_IM_HASH_URL, url);
}
@@ -359,7 +359,7 @@ static void build_certreqs(private_ike_cert_pre_t *this, message_t *message)
}
/* if we've added at least one certreq, we notify our peer that we support
- * hash and URL for the requested certificates */
+ * "Hash and URL" for the requested certificates */
if (lib->settings->get_bool(lib->settings, "charon.hash_and_url", FALSE) &&
message->get_payload(message, CERTIFICATE_REQUEST))
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-19 23:49:44 +0000