X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=openssl.c;h=0005ed5fcb744872bab42db8c413d4a81f485dc2;hp=8691109514d5823b9ddfc27186c1632b617dff0a;hb=86de4d22ca6f1798818a5626bf65a31bbb75341a;hpb=17dfded2923ce65f9409ecdac355fac217aaa3e5 diff --git a/openssl.c b/openssl.c index 86911095..0005ed5f 100644 --- a/openssl.c +++ b/openssl.c @@ -301,7 +301,7 @@ static int ssl_store_cert(struct client_state *csp, X509* crt) if (len > (sizeof(last->file_buf) - 1)) { log_error(LOG_LEVEL_ERROR, - "X509 PEM cert len %d is larger then buffer len %s", + "X509 PEM cert len %d is larger than buffer len %d", len, sizeof(last->file_buf) - 1); len = sizeof(last->file_buf) - 1; } @@ -1405,7 +1405,12 @@ static int generate_key(struct client_state *csp, char **key_buf) goto exit; } - BN_set_word(exp, RSA_KEY_PUBLIC_EXPONENT); + if (BN_set_word(exp, RSA_KEY_PUBLIC_EXPONENT) != 1) + { + log_ssl_errors(LOG_LEVEL_ERROR, "Setting RSA key exponent failed"); + ret = -1; + goto exit; + } key_file_path = make_certs_path(csp->config->certificate_directory, (char *)csp->http->hash_of_host_hex, KEY_FILE_TYPE); @@ -1778,7 +1783,7 @@ static int generate_webpage_certificate(struct client_state *csp) { log_ssl_errors(LOG_LEVEL_ERROR, "X509 subject name (code: %s, val: %s) error", - CERT_PARAM_COMMON_NAME_FCODE, csp->http->host); + CERT_PARAM_ORGANIZATION_FCODE, csp->http->host); ret = -1; goto exit; } @@ -1787,7 +1792,7 @@ static int generate_webpage_certificate(struct client_state *csp) { log_ssl_errors(LOG_LEVEL_ERROR, "X509 subject name (code: %s, val: %s) error", - CERT_PARAM_COMMON_NAME_FCODE, csp->http->host); + CERT_PARAM_ORG_UNIT_FCODE, csp->http->host); ret = -1; goto exit; } @@ -1796,7 +1801,7 @@ static int generate_webpage_certificate(struct client_state *csp) { log_ssl_errors(LOG_LEVEL_ERROR, "X509 subject name (code: %s, val: %s) error", - CERT_PARAM_COMMON_NAME_FCODE, csp->http->host); + CERT_PARAM_COUNTRY_FCODE, csp->http->host); ret = -1; goto exit; } @@ -1938,7 +1943,7 @@ static int generate_webpage_certificate(struct client_state *csp) if (!X509_set_pubkey(cert, loaded_subject_key)) { log_ssl_errors(LOG_LEVEL_ERROR, - "Setting issuer name in signed certificate failed"); + "Setting public key in signed certificate failed"); ret = -1; goto exit; } @@ -1946,7 +1951,7 @@ static int generate_webpage_certificate(struct client_state *csp) if (!X509_set_subject_name(cert, subject_name)) { log_ssl_errors(LOG_LEVEL_ERROR, - "Setting issuer name in signed certificate failed"); + "Setting subject name in signed certificate failed"); ret = -1; goto exit; } @@ -2000,7 +2005,7 @@ static int generate_webpage_certificate(struct client_state *csp) if (!X509_set1_notBefore(cert, asn_time)) { log_ssl_errors(LOG_LEVEL_ERROR, - "Setting valid not befre in signed certificate failed"); + "Setting valid not before in signed certificate failed"); ret = -1; goto exit; } @@ -2016,7 +2021,7 @@ static int generate_webpage_certificate(struct client_state *csp) if (!set_x509_ext(cert, issuer_cert, NID_subject_key_identifier, CERTIFICATE_SUBJECT_KEY)) { log_ssl_errors(LOG_LEVEL_ERROR, - "Setting the Subject Key Identifie extension failed"); + "Setting the Subject Key Identifier extension failed"); ret = -1; goto exit; } @@ -2032,7 +2037,8 @@ static int generate_webpage_certificate(struct client_state *csp) if (!host_is_ip_address(csp->http->host) && !set_subject_alternative_name(cert, issuer_cert, csp->http->host)) { - log_ssl_errors(LOG_LEVEL_ERROR, "Setting the Subject Alt Nameextension failed"); + log_ssl_errors(LOG_LEVEL_ERROR, + "Setting the Subject Alt Name extension failed"); ret = -1; goto exit; }