commit 232fa7e93cd02d176ba2501d8d0e6614b2563ac0
Author: Jacob Appelbaum <jacob(a)appelbaum.net>
Date: Fri Nov 1 03:11:10 2013 +0100
Add verb_debug and give -vv meaning
---
src/routeup.c | 1 +
src/test-bio.c | 1 +
src/tlsdate-helper.c | 54 ++++++++++++++++++++++++++------------------------
src/tlsdate-helper.h | 1 +
src/tlsdate.c | 8 +++++---
src/tlsdate.h | 1 +
src/util-plan9.h | 1 +
src/util.c | 16 ++++++++++++++-
src/util.h | 2 ++
9 files changed, 55 insertions(+), 30 deletions(-)
diff --git a/src/routeup.c b/src/routeup.c
index 4bc212e..7cf04d7 100644
--- a/src/routeup.c
+++ b/src/routeup.c
@@ -27,6 +27,7 @@
#include "src/routeup.h"
int verbose;
+int verbose_debug;
/*
* Set up the supplied context by creating and binding its netlink socket.
diff --git a/src/test-bio.c b/src/test-bio.c
index bd2a333..ee66765 100644
--- a/src/test-bio.c
+++ b/src/test-bio.c
@@ -19,6 +19,7 @@
#include "src/util.h"
int verbose;
+int verbose_debug;
static const unsigned int kMagic = 0x5f8d3f15;
diff --git a/src/tlsdate-helper.c b/src/tlsdate-helper.c
index cec6fbe..dbce8f8 100644
--- a/src/tlsdate-helper.c
+++ b/src/tlsdate-helper.c
@@ -76,6 +76,7 @@ know:
#include "config.h"
#include "src/tlsdate-helper.h"
+#include "src/util.h"
#ifndef USE_POLARSSL
#include "src/proxy-bio.h"
@@ -326,7 +327,7 @@ read_http_date_from_bio(BIO *bio, uint32_t *result)
return 0;
buf_len += n;
buf[buf_len] = 0;
- verb("V: read %d bytes.\n", n, buf);
+ verb_debug ("V: read %d bytes.\n", n, buf);
dateline = memmem(buf, buf_len, "\r\nDate: ", 8);
if (NULL == dateline)
@@ -485,7 +486,7 @@ dns_label_count(char *label, char *delim)
saveptr_tmp = strtok_r(NULL, delim, &saveptr);
} while (NULL != saveptr_tmp);
}
- verb ("V: label found; total label count: %d\n", label_count);
+ verb_debug ("V: label found; total label count: %d\n", label_count);
free(label_tmp);
return label_count;
}
@@ -519,7 +520,7 @@ check_wildcard_match_rfc2595 (const char *orig_hostname,
delim = strdup(".");
wildchar = strdup("*");
- verb ("V: Inspecting '%s' for possible wildcard match against '%s'\n",
+ verb_debug ("V: Inspecting '%s' for possible wildcard match against '%s'\n",
hostname, cert_wild_card);
// By default we have not processed any labels
@@ -535,7 +536,7 @@ check_wildcard_match_rfc2595 (const char *orig_hostname,
{
if (wildchar[0] == cert_wild_card[0])
{
- verb ("V: Found wildcard in at start of provided certificate name\n");
+ verb_debug ("V: Found wildcard in at start of provided certificate name\n");
do
{
// Skip over the bytes between the first char and until the next label
@@ -548,7 +549,7 @@ check_wildcard_match_rfc2595 (const char *orig_hostname,
{
// Now we only consider this wildcard valid if the rest of the
// hostnames match verbatim
- verb ("V: Attempting match of '%s' against '%s'\n",
+ verb_debug ("V: Attempting match of '%s' against '%s'\n",
expected_label, wildcard_label);
// This is the case where we have a label that begins with wildcard
// Furthermore, we only allow this for the first label
@@ -558,31 +559,31 @@ check_wildcard_match_rfc2595 (const char *orig_hostname,
verb ("V: Forced match of '%s' against '%s'\n", expected_label, wildcard_label);
wildcard_encountered = 1;
} else {
- verb ("V: Attempting match of '%s' against '%s'\n",
+ verb_debug ("V: Attempting match of '%s' against '%s'\n",
hostname, cert_wild_card);
if (0 == strcasecmp (expected_label, wildcard_label) &&
label_count >= ((uint32_t)RFC2595_MIN_LABEL_COUNT))
{
ok = 1;
- verb ("V: remaining labels match!\n");
+ verb_debug ("V: remaining labels match!\n");
break;
} else {
ok = 0;
- verb ("V: remaining labels do not match!\n");
+ verb_debug ("V: remaining labels do not match!\n");
break;
}
}
} else {
// We hit this case when we have a mismatched number of labels
- verb("V: NULL label; no wildcard here\n");
+ verb_debug ("V: NULL label; no wildcard here\n");
break;
}
} while (0 != wildcard_encountered && label_count <= RFC2595_MIN_LABEL_COUNT);
} else {
- verb ("V: Not a RFC 2595 wildcard\n");
+ verb_debug ("V: Not a RFC 2595 wildcard\n");
}
} else {
- verb ("V: Not a valid wildcard certificate\n");
+ verb_debug ("V: Not a valid wildcard certificate\n");
ok = 0;
}
// Free our copies
@@ -592,11 +593,11 @@ check_wildcard_match_rfc2595 (const char *orig_hostname,
free(cert_wild_card_to_free);
if (wildcard_encountered & ok && label_count >= RFC2595_MIN_LABEL_COUNT)
{
- verb ("V: wildcard match of %s against %s\n",
+ verb_debug ("V: wildcard match of %s against %s\n",
orig_hostname, orig_cert_wild_card);
return (wildcard_encountered & ok);
} else {
- verb ("V: wildcard match failure of %s against %s\n",
+ verb_debug ("V: wildcard match failure of %s against %s\n",
orig_hostname, orig_cert_wild_card);
return 0;
}
@@ -732,11 +733,11 @@ check_san (SSL *ssl, const char *hostname)
break;
}
}
- verb ("V: subjectAltName found but not matched: %s, type: %s\n", nval->value, nval->name); // XXX: Clean this string!
+ verb_debug ("V: subjectAltName found but not matched: %s, type: %s\n", nval->value, nval->name); // XXX: Clean this string!
}
}
} else {
- verb ("V: found non subjectAltName extension\n");
+ verb_debug ("V: found non subjectAltName extension\n");
}
if (ok)
{
@@ -744,7 +745,7 @@ check_san (SSL *ssl, const char *hostname)
}
}
} else {
- verb ("V: no X509_EXTENSION field(s) found\n");
+ verb_debug ("V: no X509_EXTENSION field(s) found\n");
}
X509_free(cert);
return ok;
@@ -846,21 +847,21 @@ check_key_length (ssl_context *ssl)
}
x509parse_dn_gets(buf, 1024, &certificate->subject);
- verb ("V: Certificate for subject '%s'\n", buf);
+ verb_debug ("V: Certificate for subject '%s'\n", buf);
public_key = &certificate->rsa;
if (NULL == public_key)
{
die ("public key extraction failure\n");
} else {
- verb ("V: public key is ready for inspection\n");
+ verb_debug ("V: public key is ready for inspection\n");
}
key_bits = mpi_msb (&public_key->N);
if (MIN_PUB_KEY_LEN >= key_bits)
{
die ("Unsafe public key size: %d bits\n", key_bits);
} else {
- verb ("V: key length appears safe\n");
+ verb_debug ("V: key length appears safe\n");
}
}
#else
@@ -880,7 +881,7 @@ check_key_length (SSL *ssl)
{
die ("public key extraction failure\n");
} else {
- verb ("V: public key is ready for inspection\n");
+ verb_debug ("V: public key is ready for inspection\n");
}
key_bits = get_certificate_keybits (public_key);
@@ -892,11 +893,11 @@ check_key_length (SSL *ssl)
if(key_bits >= MIN_ECC_PUB_KEY_LEN
&& key_bits <= MAX_ECC_PUB_KEY_LEN)
{
- verb ("V: ECC key length appears safe\n");
+ verb_debug ("V: ECC key length appears safe\n");
} else {
die ("Unsafe ECC key size: %d bits\n", key_bits);
} else {
- verb ("V: key length appears safe\n");
+ verb_debug ("V: key length appears safe\n");
}
}
EVP_PKEY_free (public_key);
@@ -1207,18 +1208,18 @@ run_ssl (uint32_t *time_map, int time_is_an_illusion, int http)
if (http) {
char buf[1024];
- verb("V: Starting HTTP\n");
+ verb_debug ("V: Starting HTTP\n");
if (snprintf(buf, sizeof(buf),
HTTP_REQUEST, HTTPS_USER_AGENT, hostname_to_verify) >= 1024)
die("hostname too long");
buf[1023]='\0'; /* Unneeded. */
- verb("V: Writing HTTP request\n");
+ verb_debug ("V: Writing HTTP request\n");
if (1 != write_all_to_bio(s_bio, buf))
die ("write all to bio failed.\n");
- verb("V: Reading HTTP response\n");
+ verb_debug ("V: Reading HTTP response\n");
if (1 != read_http_date_from_bio(s_bio, &result_time))
die ("read all from bio failed.\n");
- verb("V: Got HTTP response. T=%lu\n", (unsigned long)result_time);
+ verb ("V: Received HTTP response. T=%lu\n", (unsigned long)result_time);
result_time = htonl(result_time);
}
@@ -1264,6 +1265,7 @@ main(int argc, char **argv)
ca_cert_container = argv[6];
ca_racket = (0 != strcmp ("unchecked", argv[4]));
verbose = (0 != strcmp ("quiet", argv[5]));
+ verbose_debug = (0 != strcmp ("verbose", argv[5]));
setclock = (0 == strcmp ("setclock", argv[7]));
showtime = (0 == strcmp ("showtime", argv[8]));
showtime_raw = (0 == strcmp ("showtime=raw", argv[8]));
diff --git a/src/tlsdate-helper.h b/src/tlsdate-helper.h
index 8b44b47..7d0d25f 100644
--- a/src/tlsdate-helper.h
+++ b/src/tlsdate-helper.h
@@ -41,6 +41,7 @@
#endif
int verbose;
+int verbose_debug;
#include "src/util.h"
diff --git a/src/tlsdate.c b/src/tlsdate.c
index 82dd217..50d6db9 100644
--- a/src/tlsdate.c
+++ b/src/tlsdate.c
@@ -103,6 +103,7 @@ int
main(int argc, char **argv)
{
int verbose;
+ int verbose_debug;
int ca_racket;
int showtime;
int setclock;
@@ -120,6 +121,7 @@ main(int argc, char **argv)
protocol = DEFAULT_PROTOCOL;
ca_cert_container = DEFAULT_CERTFILE;
verbose = 0;
+ verbose_debug = 0;
ca_racket = 1;
showtime = 0;
setclock = 1;
@@ -156,7 +158,7 @@ main(int argc, char **argv)
break;
switch (c) {
- case 'v': verbose = 1; break;
+ case 'v': verbose += 1; break;
case 'V': showtime = (optarg && 0 == strcmp("raw", optarg) ? 2:1); break;
case 's': ca_racket = 0; break;
case 'h': usage(); exit(1); break;
@@ -174,7 +176,7 @@ main(int argc, char **argv)
}
}
- if (verbose) {
+ if (2 == verbose) {
fprintf(stderr,
"V: tlsdate version %s\n"
"V: We were called with the following arguments:\n"
@@ -192,7 +194,7 @@ main(int argc, char **argv)
port,
protocol,
(ca_racket ? "racket" : "unchecked"),
- (verbose ? "verbose" : "quiet"),
+ (verbose ? (verbose >= 2 ? "debug" : "verbose") : "quiet"),
ca_cert_container,
(setclock ? "setclock" : "dont-set-clock"),
(showtime ? (showtime == 2 ? "showtime=raw" : "showtime") : "no-showtime"),
diff --git a/src/tlsdate.h b/src/tlsdate.h
index a4f7137..4e34a66 100644
--- a/src/tlsdate.h
+++ b/src/tlsdate.h
@@ -98,6 +98,7 @@ int tlsdate (struct opts *opts, char *argv[]);
/** This is where we store parsed commandline options. */
typedef struct {
int verbose;
+ int verbose_debug;
int ca_racket;
int help;
int showtime;
diff --git a/src/util-plan9.h b/src/util-plan9.h
index c51df94..7453235 100644
--- a/src/util-plan9.h
+++ b/src/util-plan9.h
@@ -19,6 +19,7 @@
#endif
extern int verbose;
+extern int verbose_debug;
void die (const char *fmt, ...);
void verb (const char *fmt, ...);
extern void logat(int isverbose, const char *fmt, ...);
diff --git a/src/util.c b/src/util.c
index 4f1d0e0..51f2492 100644
--- a/src/util.c
+++ b/src/util.c
@@ -53,11 +53,25 @@ verb (const char *fmt, ...)
{
va_list ap;
- if (! verbose) return;
+ if (! verbose ) return;
va_start(ap, fmt);
vfprintf(stderr, fmt, ap);
va_end(ap);
}
+
+/** helper function for 'verbose' output */
+void
+verb_debug (const char *fmt, ...)
+{
+ va_list ap;
+
+ if (! verbose ) return;
+ if (! verbose_debug ) return;
+ va_start(ap, fmt);
+ vfprintf(stderr, fmt, ap);
+ va_end(ap);
+}
+
void API logat(int isverbose, const char *fmt, ...)
{
if (isverbose && !verbose)
diff --git a/src/util.h b/src/util.h
index 4f63340..4fb9b8d 100644
--- a/src/util.h
+++ b/src/util.h
@@ -21,8 +21,10 @@
extern const char *kTempSuffix;
extern int verbose;
+extern int verbose_debug;
void die (const char *fmt, ...);
void verb (const char *fmt, ...);
+void verb_debug (const char *fmt, ...);
extern void logat(int isverbose, const char *fmt, ...);
#define info(fmt, ...) logat(1, fmt, ## __VA_ARGS__)