mutt: More openssl1.1 fixes: remove uses of X509->name in debugg...

Sat, 19 Nov 2016 19:40:10 -0800 

changeset: 6869:695243ba6374
user:      Kevin McCarthy <ke...@8t8.us>
date:      Sat Nov 19 19:35:07 2016 -0800
link:      http://dev.mutt.org/hg/mutt/rev/695243ba6374

More openssl1.1 fixes: remove uses of X509->name in debugging. (closes #3870)

X509->name was a shortcut for the longer
  name = X509_NAME_oneline (X509_get_subject_name (cert),
                            buf, sizeof (buf));
invocation.  Change the debugging to print the cert name and chain
names in the ssl_check_certificate() loop instead.

diffs (62 lines):

diff -r d14ffd58d976 -r 695243ba6374 mutt_ssl.c
--- a/mutt_ssl.c        Sun Nov 20 01:41:49 2016 +0100
+++ b/mutt_ssl.c        Sat Nov 19 19:35:07 2016 -0800
@@ -666,7 +666,6 @@
     snprintf (buf, sizeof (buf), "%s (%d)",
        X509_verify_cert_error_string(err), err);
     dprint (2, (debugfile, "X509_verify_cert: %s\n", buf));
-    dprint (2, (debugfile, " [%s]\n", peercert->name));
   }
 #endif
   X509_STORE_CTX_free (xsc);
@@ -914,7 +913,7 @@
 
 static int ssl_cache_trusted_cert (X509 *c)
 {
-  dprint (1, (debugfile, "trusted: %s\n", c->name));
+  dprint (1, (debugfile, "ssl_cache_trusted_cert: trusted\n"));
   if (!SslSessionCerts)
     SslSessionCerts = sk_X509_new_null();
   return (sk_X509_push (SslSessionCerts, X509_dup(c)));
@@ -967,6 +966,13 @@
   int i, preauthrc, chain_len;
   STACK_OF(X509) *chain;
   X509 *cert;
+#ifdef DEBUG
+  char buf[STRING];
+
+  dprint (1, (debugfile, "ssl_check_certificate: checking cert %s\n",
+              X509_NAME_oneline (X509_get_subject_name (data->cert),
+                                 buf, sizeof (buf))));
+#endif
 
   if ((preauthrc = ssl_check_preauth (data->cert, conn->account.host)) > 0)
     return preauthrc;
@@ -983,6 +989,10 @@
   {
     cert = sk_X509_value (chain, i);
 
+    dprint (1, (debugfile, "ssl_check_certificate: checking cert chain entry 
%s\n",
+                X509_NAME_oneline (X509_get_subject_name (cert),
+                                   buf, sizeof (buf))));
+
     /* if the certificate validates or is manually accepted, then add it to
      * the trusted set and recheck the peer certificate */
     if (ssl_check_preauth (cert, NULL)
@@ -1009,8 +1019,6 @@
   FILE *fp;
   char *name = NULL, *c;
 
-  dprint (2, (debugfile, "interactive_check_cert: %s\n", cert->name));
-
   menu->max = 19;
   menu->dialog = (char **) safe_calloc (1, menu->max * sizeof (char *));
   for (i = 0; i < menu->max; i++)
@@ -1021,7 +1029,6 @@
   row++;
   name = X509_NAME_oneline (X509_get_subject_name (cert),
                            buf, sizeof (buf));
-  dprint (2, (debugfile, "oneline: %s\n", name));
 
   for (i = 0; i < 5; i++)
   {

Reply via email to