[asterisk-commits] oej: trunk r413036 - /trunk/main/tcptls.c
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Sun Apr 27 14:29:37 CDT 2014
Author: oej
Date: Sun Apr 27 14:29:27 2014
New Revision: 413036
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=413036
Log:
tcptls.c : Log errors as ERROR, not warning or something else.
Modified:
trunk/main/tcptls.c
Modified: trunk/main/tcptls.c
URL: http://svnview.digium.com/svn/asterisk/trunk/main/tcptls.c?view=diff&rev=413036&r1=413035&r2=413036
==============================================================================
--- trunk/main/tcptls.c (original)
+++ trunk/main/tcptls.c Sun Apr 27 14:29:27 2014
@@ -191,7 +191,7 @@
else if ( (tcptls_session->ssl = SSL_new(tcptls_session->parent->tls_cfg->ssl_ctx)) ) {
SSL_set_fd(tcptls_session->ssl, tcptls_session->fd);
if ((ret = ssl_setup(tcptls_session->ssl)) <= 0) {
- ast_verb(2, "Problem setting up ssl connection: %s\n", ERR_error_string(ERR_get_error(), err));
+ ast_log(LOG_ERROR, "Problem setting up ssl connection: %s\n", ERR_error_string(ERR_get_error(), err));
} else {
#if defined(HAVE_FUNOPEN) /* the BSD interface */
tcptls_session->f = funopen(tcptls_session->ssl, ssl_read, ssl_write, NULL, ssl_close);
@@ -274,7 +274,7 @@
ast_log(LOG_WARNING, "FILE * open failed!\n");
#ifndef DO_SSL
if (tcptls_session->parent->tls_cfg) {
- ast_log(LOG_WARNING, "Attempted a TLS connection without OpenSSL support. This will not work!\n");
+ ast_log(LOG_ERROR, "Attempted a TLS connection without OpenSSL support. This will not work!\n");
}
#endif
ao2_ref(tcptls_session, -1);
@@ -309,7 +309,7 @@
fd = ast_accept(desc->accept_fd, &addr);
if (fd < 0) {
if ((errno != EAGAIN) && (errno != EINTR)) {
- ast_log(LOG_WARNING, "Accept failed: %s\n", strerror(errno));
+ ast_log(LOG_ERROR, "Accept failed: %s\n", strerror(errno));
}
continue;
}
@@ -333,7 +333,7 @@
/* This thread is now the only place that controls the single ref to tcptls_session */
if (ast_pthread_create_detached_background(&launched, NULL, handle_tcptls_connection, tcptls_session)) {
- ast_log(LOG_WARNING, "Unable to launch helper thread: %s\n", strerror(errno));
+ ast_log(LOG_ERROR, "Unable to launch helper thread: %s\n", strerror(errno));
ast_tcptls_close_session_file(tcptls_session);
ao2_ref(tcptls_session, -1);
}
@@ -396,7 +396,7 @@
if (SSL_CTX_use_certificate_chain_file(cfg->ssl_ctx, cfg->certfile) == 0) {
if (!client) {
/* Clients don't need a certificate, but if its setup we can use it */
- ast_verb(0, "SSL error loading cert file. <%s>\n", cfg->certfile);
+ ast_log(LOG_ERROR, "TLS/SSL error loading cert file. <%s>\n", cfg->certfile);
cfg->enabled = 0;
SSL_CTX_free(cfg->ssl_ctx);
cfg->ssl_ctx = NULL;
@@ -406,7 +406,7 @@
if ((SSL_CTX_use_PrivateKey_file(cfg->ssl_ctx, tmpprivate, SSL_FILETYPE_PEM) == 0) || (SSL_CTX_check_private_key(cfg->ssl_ctx) == 0 )) {
if (!client) {
/* Clients don't need a private key, but if its setup we can use it */
- ast_verb(0, "SSL error loading private key file. <%s>\n", tmpprivate);
+ ast_log(LOG_ERROR, "TLS/SSL error loading private key file. <%s>\n", tmpprivate);
cfg->enabled = 0;
SSL_CTX_free(cfg->ssl_ctx);
cfg->ssl_ctx = NULL;
@@ -417,7 +417,7 @@
if (!ast_strlen_zero(cfg->cipher)) {
if (SSL_CTX_set_cipher_list(cfg->ssl_ctx, cfg->cipher) == 0 ) {
if (!client) {
- ast_verb(0, "SSL cipher error <%s>\n", cfg->cipher);
+ ast_log(LOG_ERROR, "TLS/SSL cipher error <%s>\n", cfg->cipher);
cfg->enabled = 0;
SSL_CTX_free(cfg->ssl_ctx);
cfg->ssl_ctx = NULL;
@@ -427,11 +427,11 @@
}
if (!ast_strlen_zero(cfg->cafile) || !ast_strlen_zero(cfg->capath)) {
if (SSL_CTX_load_verify_locations(cfg->ssl_ctx, S_OR(cfg->cafile, NULL), S_OR(cfg->capath,NULL)) == 0) {
- ast_verb(0, "SSL CA file(%s)/path(%s) error\n", cfg->cafile, cfg->capath);
- }
- }
-
- ast_verb(0, "SSL certificate ok\n");
+ ast_log(LOG_ERROR, "TLS/SSL CA file(%s)/path(%s) error\n", cfg->cafile, cfg->capath);
+ }
+ }
+
+ ast_verb(2, "TLS/SSL certificate ok\n"); /* We should log which one that is ok. This message doesn't really make sense in production use */
return 1;
#endif
}
@@ -509,7 +509,7 @@
desc->accept_fd = socket(ast_sockaddr_is_ipv6(&desc->remote_address) ?
AF_INET6 : AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (desc->accept_fd < 0) {
- ast_log(LOG_WARNING, "Unable to allocate socket for %s: %s\n",
+ ast_log(LOG_ERROR, "Unable to allocate socket for %s: %s\n",
desc->name, strerror(errno));
return NULL;
}
@@ -690,7 +690,7 @@
ast_set2_flag(&tls_cfg->flags, ast_true(value), AST_SSL_DONT_VERIFY_SERVER);
} else if (!strcasecmp(varname, "tlsbindaddr") || !strcasecmp(varname, "sslbindaddr")) {
if (ast_parse_arg(value, PARSE_ADDR, &tls_desc->local_address))
- ast_log(LOG_WARNING, "Invalid %s '%s'\n", varname, value);
+ ast_log(LOG_ERROR, "Invalid %s '%s'\n", varname, value);
} else if (!strcasecmp(varname, "tlsclientmethod") || !strcasecmp(varname, "sslclientmethod")) {
if (!strcasecmp(value, "tlsv1")) {
ast_set_flag(&tls_cfg->flags, AST_SSL_TLSV1_CLIENT);
More information about the asterisk-commits
mailing list