projects
/
privoxy.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Change the suggested default-server-timeout to 5
[privoxy.git]
/
openssl.c
diff --git
a/openssl.c
b/openssl.c
index
8691109
..
0005ed5
100644
(file)
--- a/
openssl.c
+++ b/
openssl.c
@@
-301,7
+301,7
@@
static int ssl_store_cert(struct client_state *csp, X509* crt)
if (len > (sizeof(last->file_buf) - 1))
{
log_error(LOG_LEVEL_ERROR,
if (len > (sizeof(last->file_buf) - 1))
{
log_error(LOG_LEVEL_ERROR,
- "X509 PEM cert len %d is larger th
en buffer len %s
",
+ "X509 PEM cert len %d is larger th
an buffer len %d
",
len, sizeof(last->file_buf) - 1);
len = sizeof(last->file_buf) - 1;
}
len, sizeof(last->file_buf) - 1);
len = sizeof(last->file_buf) - 1;
}
@@
-1405,7
+1405,12
@@
static int generate_key(struct client_state *csp, char **key_buf)
goto exit;
}
goto exit;
}
- BN_set_word(exp, RSA_KEY_PUBLIC_EXPONENT);
+ if (BN_set_word(exp, RSA_KEY_PUBLIC_EXPONENT) != 1)
+ {
+ log_ssl_errors(LOG_LEVEL_ERROR, "Setting RSA key exponent failed");
+ ret = -1;
+ goto exit;
+ }
key_file_path = make_certs_path(csp->config->certificate_directory,
(char *)csp->http->hash_of_host_hex, KEY_FILE_TYPE);
key_file_path = make_certs_path(csp->config->certificate_directory,
(char *)csp->http->hash_of_host_hex, KEY_FILE_TYPE);
@@
-1778,7
+1783,7
@@
static int generate_webpage_certificate(struct client_state *csp)
{
log_ssl_errors(LOG_LEVEL_ERROR,
"X509 subject name (code: %s, val: %s) error",
{
log_ssl_errors(LOG_LEVEL_ERROR,
"X509 subject name (code: %s, val: %s) error",
- CERT_PARAM_
COMMON_NAME
_FCODE, csp->http->host);
+ CERT_PARAM_
ORGANIZATION
_FCODE, csp->http->host);
ret = -1;
goto exit;
}
ret = -1;
goto exit;
}
@@
-1787,7
+1792,7
@@
static int generate_webpage_certificate(struct client_state *csp)
{
log_ssl_errors(LOG_LEVEL_ERROR,
"X509 subject name (code: %s, val: %s) error",
{
log_ssl_errors(LOG_LEVEL_ERROR,
"X509 subject name (code: %s, val: %s) error",
- CERT_PARAM_
COMMON_NAME
_FCODE, csp->http->host);
+ CERT_PARAM_
ORG_UNIT
_FCODE, csp->http->host);
ret = -1;
goto exit;
}
ret = -1;
goto exit;
}
@@
-1796,7
+1801,7
@@
static int generate_webpage_certificate(struct client_state *csp)
{
log_ssl_errors(LOG_LEVEL_ERROR,
"X509 subject name (code: %s, val: %s) error",
{
log_ssl_errors(LOG_LEVEL_ERROR,
"X509 subject name (code: %s, val: %s) error",
- CERT_PARAM_CO
MMON_NAME
_FCODE, csp->http->host);
+ CERT_PARAM_CO
UNTRY
_FCODE, csp->http->host);
ret = -1;
goto exit;
}
ret = -1;
goto exit;
}
@@
-1938,7
+1943,7
@@
static int generate_webpage_certificate(struct client_state *csp)
if (!X509_set_pubkey(cert, loaded_subject_key))
{
log_ssl_errors(LOG_LEVEL_ERROR,
if (!X509_set_pubkey(cert, loaded_subject_key))
{
log_ssl_errors(LOG_LEVEL_ERROR,
- "Setting
issuer name
in signed certificate failed");
+ "Setting
public key
in signed certificate failed");
ret = -1;
goto exit;
}
ret = -1;
goto exit;
}
@@
-1946,7
+1951,7
@@
static int generate_webpage_certificate(struct client_state *csp)
if (!X509_set_subject_name(cert, subject_name))
{
log_ssl_errors(LOG_LEVEL_ERROR,
if (!X509_set_subject_name(cert, subject_name))
{
log_ssl_errors(LOG_LEVEL_ERROR,
- "Setting
issuer
name in signed certificate failed");
+ "Setting
subject
name in signed certificate failed");
ret = -1;
goto exit;
}
ret = -1;
goto exit;
}
@@
-2000,7
+2005,7
@@
static int generate_webpage_certificate(struct client_state *csp)
if (!X509_set1_notBefore(cert, asn_time))
{
log_ssl_errors(LOG_LEVEL_ERROR,
if (!X509_set1_notBefore(cert, asn_time))
{
log_ssl_errors(LOG_LEVEL_ERROR,
- "Setting valid not befre in signed certificate failed");
+ "Setting valid not bef
o
re in signed certificate failed");
ret = -1;
goto exit;
}
ret = -1;
goto exit;
}
@@
-2016,7
+2021,7
@@
static int generate_webpage_certificate(struct client_state *csp)
if (!set_x509_ext(cert, issuer_cert, NID_subject_key_identifier, CERTIFICATE_SUBJECT_KEY))
{
log_ssl_errors(LOG_LEVEL_ERROR,
if (!set_x509_ext(cert, issuer_cert, NID_subject_key_identifier, CERTIFICATE_SUBJECT_KEY))
{
log_ssl_errors(LOG_LEVEL_ERROR,
- "Setting the Subject Key Identifie extension failed");
+ "Setting the Subject Key Identifie
r
extension failed");
ret = -1;
goto exit;
}
ret = -1;
goto exit;
}
@@
-2032,7
+2037,8
@@
static int generate_webpage_certificate(struct client_state *csp)
if (!host_is_ip_address(csp->http->host) &&
!set_subject_alternative_name(cert, issuer_cert, csp->http->host))
{
if (!host_is_ip_address(csp->http->host) &&
!set_subject_alternative_name(cert, issuer_cert, csp->http->host))
{
- log_ssl_errors(LOG_LEVEL_ERROR, "Setting the Subject Alt Nameextension failed");
+ log_ssl_errors(LOG_LEVEL_ERROR,
+ "Setting the Subject Alt Name extension failed");
ret = -1;
goto exit;
}
ret = -1;
goto exit;
}