commit 232fa7e93cd02d176ba2501d8d0e6614b2563ac0 Author: Jacob Appelbaum jacob@appelbaum.net Date: Fri Nov 1 03:11:10 2013 +0100
Add verb_debug and give -vv meaning --- src/routeup.c | 1 + src/test-bio.c | 1 + src/tlsdate-helper.c | 54 ++++++++++++++++++++++++++------------------------ src/tlsdate-helper.h | 1 + src/tlsdate.c | 8 +++++--- src/tlsdate.h | 1 + src/util-plan9.h | 1 + src/util.c | 16 ++++++++++++++- src/util.h | 2 ++ 9 files changed, 55 insertions(+), 30 deletions(-)
diff --git a/src/routeup.c b/src/routeup.c index 4bc212e..7cf04d7 100644 --- a/src/routeup.c +++ b/src/routeup.c @@ -27,6 +27,7 @@ #include "src/routeup.h"
int verbose; +int verbose_debug;
/* * Set up the supplied context by creating and binding its netlink socket. diff --git a/src/test-bio.c b/src/test-bio.c index bd2a333..ee66765 100644 --- a/src/test-bio.c +++ b/src/test-bio.c @@ -19,6 +19,7 @@ #include "src/util.h"
int verbose; +int verbose_debug;
static const unsigned int kMagic = 0x5f8d3f15;
diff --git a/src/tlsdate-helper.c b/src/tlsdate-helper.c index cec6fbe..dbce8f8 100644 --- a/src/tlsdate-helper.c +++ b/src/tlsdate-helper.c @@ -76,6 +76,7 @@ know:
#include "config.h" #include "src/tlsdate-helper.h" +#include "src/util.h"
#ifndef USE_POLARSSL #include "src/proxy-bio.h" @@ -326,7 +327,7 @@ read_http_date_from_bio(BIO *bio, uint32_t *result) return 0; buf_len += n; buf[buf_len] = 0; - verb("V: read %d bytes.\n", n, buf); + verb_debug ("V: read %d bytes.\n", n, buf);
dateline = memmem(buf, buf_len, "\r\nDate: ", 8); if (NULL == dateline) @@ -485,7 +486,7 @@ dns_label_count(char *label, char *delim) saveptr_tmp = strtok_r(NULL, delim, &saveptr); } while (NULL != saveptr_tmp); } - verb ("V: label found; total label count: %d\n", label_count); + verb_debug ("V: label found; total label count: %d\n", label_count); free(label_tmp); return label_count; } @@ -519,7 +520,7 @@ check_wildcard_match_rfc2595 (const char *orig_hostname, delim = strdup("."); wildchar = strdup("*");
- verb ("V: Inspecting '%s' for possible wildcard match against '%s'\n", + verb_debug ("V: Inspecting '%s' for possible wildcard match against '%s'\n", hostname, cert_wild_card);
// By default we have not processed any labels @@ -535,7 +536,7 @@ check_wildcard_match_rfc2595 (const char *orig_hostname, { if (wildchar[0] == cert_wild_card[0]) { - verb ("V: Found wildcard in at start of provided certificate name\n"); + verb_debug ("V: Found wildcard in at start of provided certificate name\n"); do { // Skip over the bytes between the first char and until the next label @@ -548,7 +549,7 @@ check_wildcard_match_rfc2595 (const char *orig_hostname, { // Now we only consider this wildcard valid if the rest of the // hostnames match verbatim - verb ("V: Attempting match of '%s' against '%s'\n", + verb_debug ("V: Attempting match of '%s' against '%s'\n", expected_label, wildcard_label); // This is the case where we have a label that begins with wildcard // Furthermore, we only allow this for the first label @@ -558,31 +559,31 @@ check_wildcard_match_rfc2595 (const char *orig_hostname, verb ("V: Forced match of '%s' against '%s'\n", expected_label, wildcard_label); wildcard_encountered = 1; } else { - verb ("V: Attempting match of '%s' against '%s'\n", + verb_debug ("V: Attempting match of '%s' against '%s'\n", hostname, cert_wild_card); if (0 == strcasecmp (expected_label, wildcard_label) && label_count >= ((uint32_t)RFC2595_MIN_LABEL_COUNT)) { ok = 1; - verb ("V: remaining labels match!\n"); + verb_debug ("V: remaining labels match!\n"); break; } else { ok = 0; - verb ("V: remaining labels do not match!\n"); + verb_debug ("V: remaining labels do not match!\n"); break; } } } else { // We hit this case when we have a mismatched number of labels - verb("V: NULL label; no wildcard here\n"); + verb_debug ("V: NULL label; no wildcard here\n"); break; } } while (0 != wildcard_encountered && label_count <= RFC2595_MIN_LABEL_COUNT); } else { - verb ("V: Not a RFC 2595 wildcard\n"); + verb_debug ("V: Not a RFC 2595 wildcard\n"); } } else { - verb ("V: Not a valid wildcard certificate\n"); + verb_debug ("V: Not a valid wildcard certificate\n"); ok = 0; } // Free our copies @@ -592,11 +593,11 @@ check_wildcard_match_rfc2595 (const char *orig_hostname, free(cert_wild_card_to_free); if (wildcard_encountered & ok && label_count >= RFC2595_MIN_LABEL_COUNT) { - verb ("V: wildcard match of %s against %s\n", + verb_debug ("V: wildcard match of %s against %s\n", orig_hostname, orig_cert_wild_card); return (wildcard_encountered & ok); } else { - verb ("V: wildcard match failure of %s against %s\n", + verb_debug ("V: wildcard match failure of %s against %s\n", orig_hostname, orig_cert_wild_card); return 0; } @@ -732,11 +733,11 @@ check_san (SSL *ssl, const char *hostname) break; } } - verb ("V: subjectAltName found but not matched: %s, type: %s\n", nval->value, nval->name); // XXX: Clean this string! + verb_debug ("V: subjectAltName found but not matched: %s, type: %s\n", nval->value, nval->name); // XXX: Clean this string! } } } else { - verb ("V: found non subjectAltName extension\n"); + verb_debug ("V: found non subjectAltName extension\n"); } if (ok) { @@ -744,7 +745,7 @@ check_san (SSL *ssl, const char *hostname) } } } else { - verb ("V: no X509_EXTENSION field(s) found\n"); + verb_debug ("V: no X509_EXTENSION field(s) found\n"); } X509_free(cert); return ok; @@ -846,21 +847,21 @@ check_key_length (ssl_context *ssl) }
x509parse_dn_gets(buf, 1024, &certificate->subject); - verb ("V: Certificate for subject '%s'\n", buf); + verb_debug ("V: Certificate for subject '%s'\n", buf);
public_key = &certificate->rsa; if (NULL == public_key) { die ("public key extraction failure\n"); } else { - verb ("V: public key is ready for inspection\n"); + verb_debug ("V: public key is ready for inspection\n"); } key_bits = mpi_msb (&public_key->N); if (MIN_PUB_KEY_LEN >= key_bits) { die ("Unsafe public key size: %d bits\n", key_bits); } else { - verb ("V: key length appears safe\n"); + verb_debug ("V: key length appears safe\n"); } } #else @@ -880,7 +881,7 @@ check_key_length (SSL *ssl) { die ("public key extraction failure\n"); } else { - verb ("V: public key is ready for inspection\n"); + verb_debug ("V: public key is ready for inspection\n"); }
key_bits = get_certificate_keybits (public_key); @@ -892,11 +893,11 @@ check_key_length (SSL *ssl) if(key_bits >= MIN_ECC_PUB_KEY_LEN && key_bits <= MAX_ECC_PUB_KEY_LEN) { - verb ("V: ECC key length appears safe\n"); + verb_debug ("V: ECC key length appears safe\n"); } else { die ("Unsafe ECC key size: %d bits\n", key_bits); } else { - verb ("V: key length appears safe\n"); + verb_debug ("V: key length appears safe\n"); } } EVP_PKEY_free (public_key); @@ -1207,18 +1208,18 @@ run_ssl (uint32_t *time_map, int time_is_an_illusion, int http)
if (http) { char buf[1024]; - verb("V: Starting HTTP\n"); + verb_debug ("V: Starting HTTP\n"); if (snprintf(buf, sizeof(buf), HTTP_REQUEST, HTTPS_USER_AGENT, hostname_to_verify) >= 1024) die("hostname too long"); buf[1023]='\0'; /* Unneeded. */ - verb("V: Writing HTTP request\n"); + verb_debug ("V: Writing HTTP request\n"); if (1 != write_all_to_bio(s_bio, buf)) die ("write all to bio failed.\n"); - verb("V: Reading HTTP response\n"); + verb_debug ("V: Reading HTTP response\n"); if (1 != read_http_date_from_bio(s_bio, &result_time)) die ("read all from bio failed.\n"); - verb("V: Got HTTP response. T=%lu\n", (unsigned long)result_time); + verb ("V: Received HTTP response. T=%lu\n", (unsigned long)result_time);
result_time = htonl(result_time); } @@ -1264,6 +1265,7 @@ main(int argc, char **argv) ca_cert_container = argv[6]; ca_racket = (0 != strcmp ("unchecked", argv[4])); verbose = (0 != strcmp ("quiet", argv[5])); + verbose_debug = (0 != strcmp ("verbose", argv[5])); setclock = (0 == strcmp ("setclock", argv[7])); showtime = (0 == strcmp ("showtime", argv[8])); showtime_raw = (0 == strcmp ("showtime=raw", argv[8])); diff --git a/src/tlsdate-helper.h b/src/tlsdate-helper.h index 8b44b47..7d0d25f 100644 --- a/src/tlsdate-helper.h +++ b/src/tlsdate-helper.h @@ -41,6 +41,7 @@ #endif
int verbose; +int verbose_debug;
#include "src/util.h"
diff --git a/src/tlsdate.c b/src/tlsdate.c index 82dd217..50d6db9 100644 --- a/src/tlsdate.c +++ b/src/tlsdate.c @@ -103,6 +103,7 @@ int main(int argc, char **argv) { int verbose; + int verbose_debug; int ca_racket; int showtime; int setclock; @@ -120,6 +121,7 @@ main(int argc, char **argv) protocol = DEFAULT_PROTOCOL; ca_cert_container = DEFAULT_CERTFILE; verbose = 0; + verbose_debug = 0; ca_racket = 1; showtime = 0; setclock = 1; @@ -156,7 +158,7 @@ main(int argc, char **argv) break;
switch (c) { - case 'v': verbose = 1; break; + case 'v': verbose += 1; break; case 'V': showtime = (optarg && 0 == strcmp("raw", optarg) ? 2:1); break; case 's': ca_racket = 0; break; case 'h': usage(); exit(1); break; @@ -174,7 +176,7 @@ main(int argc, char **argv) } }
- if (verbose) { + if (2 == verbose) { fprintf(stderr, "V: tlsdate version %s\n" "V: We were called with the following arguments:\n" @@ -192,7 +194,7 @@ main(int argc, char **argv) port, protocol, (ca_racket ? "racket" : "unchecked"), - (verbose ? "verbose" : "quiet"), + (verbose ? (verbose >= 2 ? "debug" : "verbose") : "quiet"), ca_cert_container, (setclock ? "setclock" : "dont-set-clock"), (showtime ? (showtime == 2 ? "showtime=raw" : "showtime") : "no-showtime"), diff --git a/src/tlsdate.h b/src/tlsdate.h index a4f7137..4e34a66 100644 --- a/src/tlsdate.h +++ b/src/tlsdate.h @@ -98,6 +98,7 @@ int tlsdate (struct opts *opts, char *argv[]); /** This is where we store parsed commandline options. */ typedef struct { int verbose; + int verbose_debug; int ca_racket; int help; int showtime; diff --git a/src/util-plan9.h b/src/util-plan9.h index c51df94..7453235 100644 --- a/src/util-plan9.h +++ b/src/util-plan9.h @@ -19,6 +19,7 @@ #endif
extern int verbose; +extern int verbose_debug; void die (const char *fmt, ...); void verb (const char *fmt, ...); extern void logat(int isverbose, const char *fmt, ...); diff --git a/src/util.c b/src/util.c index 4f1d0e0..51f2492 100644 --- a/src/util.c +++ b/src/util.c @@ -53,11 +53,25 @@ verb (const char *fmt, ...) { va_list ap;
- if (! verbose) return; + if (! verbose ) return; va_start(ap, fmt); vfprintf(stderr, fmt, ap); va_end(ap); } + +/** helper function for 'verbose' output */ +void +verb_debug (const char *fmt, ...) +{ + va_list ap; + + if (! verbose ) return; + if (! verbose_debug ) return; + va_start(ap, fmt); + vfprintf(stderr, fmt, ap); + va_end(ap); +} + void API logat(int isverbose, const char *fmt, ...) { if (isverbose && !verbose) diff --git a/src/util.h b/src/util.h index 4f63340..4fb9b8d 100644 --- a/src/util.h +++ b/src/util.h @@ -21,8 +21,10 @@ extern const char *kTempSuffix;
extern int verbose; +extern int verbose_debug; void die (const char *fmt, ...); void verb (const char *fmt, ...); +void verb_debug (const char *fmt, ...); extern void logat(int isverbose, const char *fmt, ...);
#define info(fmt, ...) logat(1, fmt, ## __VA_ARGS__)