[pan2] added debug flag for ssl
- From: Heinrich MÃller <henmull src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [pan2] added debug flag for ssl
- Date: Thu, 12 Apr 2012 16:05:12 +0000 (UTC)
commit 1ef02a9fd62d612d2848480c7042081ab53d6982
Author: Heinrich MÃller <henmull src gnome org>
Date: Thu Apr 12 18:04:52 2012 +0200
added debug flag for ssl
README | 3 +++
pan/data/cert-store.cc | 10 ++++++----
pan/general/debug.cc | 5 ++++-
pan/general/debug.h | 15 ++++++++++++++-
pan/gui/gui.cc | 5 ++++-
pan/gui/pan.cc | 10 ++++++++++
pan/tasks/nntp-pool.cc | 2 +-
pan/tasks/socket-impl-openssl.cc | 1 +
8 files changed, 43 insertions(+), 8 deletions(-)
---
diff --git a/README b/README
index 5a08463..432ba6f 100644
--- a/README
+++ b/README
@@ -143,6 +143,9 @@ RELEASE NOTES
* For SSL support, remember to do a
'./configure --with-gnutls', or a respective 'sh autogen.sh --with-gnutls'
+* Directories to search for SSL certificates can be defined with the environment variable
+ SSL_CERT_DIR or SSL_DIR
+
=================================================================================================
diff --git a/pan/data/cert-store.cc b/pan/data/cert-store.cc
index 70d070c..1a9c4f4 100644
--- a/pan/data/cert-store.cc
+++ b/pan/data/cert-store.cc
@@ -228,8 +228,8 @@ namespace pan
// get certs from ssl certs directory
char * ssldir(0);
- ssldir = getenv("SSL_CERT_DIR");
- if (!ssldir) ssldir = getenv("SSL_DIR");
+// ssldir = getenv("SSL_CERT_DIR");
+// if (!ssldir) ssldir = getenv("SSL_DIR");
if (!ssldir) return cnt;
GDir * dir = g_dir_open (ssldir, 0, &err);
@@ -341,10 +341,12 @@ namespace pan
fputs ((const char*)out, fp);
- fclose(fp);
+ debug_SSL_verbatim("\n===========================================");
+ debug_SSL_verbatim(out);
+ debug_SSL_verbatim("\n===========================================");
+ fclose(fp);
delete out;
-
chmod (buf, 0600);
gnutls_certificate_set_x509_trust(_creds, &cert, 1); // for now, only 1 is saved
diff --git a/pan/general/debug.cc b/pan/general/debug.cc
index aae282f..9a8161c 100644
--- a/pan/general/debug.cc
+++ b/pan/general/debug.cc
@@ -6,5 +6,8 @@ namespace pan
bool _debug_flag = false;
bool _debug_verbose_flag = false;
bool _verbose_flag = false;
- std::ofstream dbg_file;
+ std::ofstream _dbg_file;
+
+ bool _dbg_ssl = false;
+
}
diff --git a/pan/general/debug.h b/pan/general/debug.h
index de69f72..23fada3 100644
--- a/pan/general/debug.h
+++ b/pan/general/debug.h
@@ -28,7 +28,8 @@ namespace pan
extern bool _debug_flag;
extern bool _debug_verbose_flag;
extern bool _verbose_flag;
- extern std::ofstream dbg_file;
+ extern bool _dbg_ssl;
+ extern std::ofstream _dbg_file;
}
@@ -52,6 +53,18 @@ namespace pan
std::cout << A << '\n'; \
} while (0)
+#define debug_SSL(A) \
+ do { \
+ if (_dbg_ssl) \
+ _dbg_file<< LINE_ID << ' ' << A << '\n'; \
+ } while (0)
+
+#define debug_SSL_verbatim(A) \
+ do { \
+ if (_dbg_ssl) \
+ _dbg_file<< A ; \
+ } while (0)
+
#ifndef UNUSED
#ifdef __GNUC__
#define UNUSED __attribute__((unused))
diff --git a/pan/gui/gui.cc b/pan/gui/gui.cc
index 74fc4ac..0110048 100644
--- a/pan/gui/gui.cc
+++ b/pan/gui/gui.cc
@@ -1422,8 +1422,10 @@ bool GUI :: confirm_accept_new_cert_dialog(GtkWindow * parent, gnutls_x509_crt_t
gint ret_code = gtk_dialog_run (GTK_DIALOG(d));
+ // magic number, sorry. can be externalized later....
if (ret_code == -66)
{
+ debug_SSL("set server trust to enabled");
_data.set_server_trust (server, 1);
_data.save_server_info(server);
}
@@ -2259,7 +2261,7 @@ GUI :: on_prefs_string_changed (const StringView& key, const StringView& value)
{
_prefs.save();
StringView tmp(value);
- // default to "eml" if value is empty to conform with article-cache
+ // default to "eml" if value is empty to conform to article-cache
if (tmp.empty()) tmp ="eml";
_data.get_cache().set_msg_extension(tmp);
}
@@ -2308,6 +2310,7 @@ GUI :: on_valid_cert_added (gnutls_x509_crt_t cert, std::string server)
{
/* whitelist to make avaible for nntp-pool */
_certstore.whitelist(server);
+ debug_SSL("whitelist ("<<server<<") ("<<cert<<")");
}
diff --git a/pan/gui/pan.cc b/pan/gui/pan.cc
index 6acaa78..72ab44d 100644
--- a/pan/gui/pan.cc
+++ b/pan/gui/pan.cc
@@ -119,6 +119,9 @@ namespace
{
std::cerr << "Shutting down Pan." << std::endl;
signal (signum, SIG_DFL);
+
+ _dbg_file.close();
+
mainloop_quit ();
}
#endif // G_OS_WIN32
@@ -843,6 +846,13 @@ main (int argc, char *argv[])
else _debug_flag = true;
} else if (!strcmp (tok, "--nzb"))
nzb = true;
+
+ // undocumented, internal(!) debug flag for ssl problems (after 0.136)
+ else if (!strcmp (tok, "--debug-ssl")) {
+ _dbg_ssl = true;
+ _dbg_file.open("ssl.debug");
+ }
+
else if (!strcmp (tok, "--version") || !strcmp (tok, "-v"))
{ std::cerr << "Pan " << VERSION << '\n'; return EXIT_SUCCESS; }
else if (!strcmp (tok, "-o") && i<argc-1)
diff --git a/pan/tasks/nntp-pool.cc b/pan/tasks/nntp-pool.cc
index 9b20cc7..1475e6c 100644
--- a/pan/tasks/nntp-pool.cc
+++ b/pan/tasks/nntp-pool.cc
@@ -172,7 +172,7 @@ NNTP_Pool :: on_socket_created (const StringView & host,
{
std::string user, pass;
ok = ok && _server_info.get_server_auth (_server, user, pass);
- debug("on socket created "<<host<<" "<<ok<<" "<<socket<<" "<<pass);
+ debug("on socket created "<<host<<" "<<ok<<" "<<socket);
if (!ok)
{
delete socket;
diff --git a/pan/tasks/socket-impl-openssl.cc b/pan/tasks/socket-impl-openssl.cc
index 8e5e2a1..01d8220 100644
--- a/pan/tasks/socket-impl-openssl.cc
+++ b/pan/tasks/socket-impl-openssl.cc
@@ -836,6 +836,7 @@ GIOChannelSocketGnuTLS :: gnutls_get_iochannel(GIOChannel* channel, const char*
void
GIOChannelSocketGnuTLS :: on_verify_cert_failed (gnutls_x509_crt_t cert, std::string server, int nr)
{
+ debug_SSL("on_verify_cert_failed "<<server<<" "<<nr);
_certstore.blacklist(server);
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
