Fossil SCM

Improvements to the diagnostic output from the test-trust-store command.

drh 2024-11-04 12:54 httpmsg-debug

Commit aa5bddda68337cec70bcb378ce4501053d5bbf2ace8615891d9374c51837a908

Parent 5a6fd8820c7f33e…

1 file changed +24 -5

M src/http_ssl.c

+24 -5

		--- src/http_ssl.c
		+++ src/http_ssl.c
		@@ -303,12 +303,27 @@
303	303	break;
304	304	}
305	305	}
306	306	}
307	307	if( bDebug ){
308		- fossil_print("zCaFile = %s\n"
309		- "zCaDirectory = %s\n", zCaFile, zCaDirectory);
	308	+ fossil_print("case-0: X509_get_default_cert_file_env = %s\n",
	309	+ X509_get_default_cert_file_env());
	310	+ fossil_print("case-1: X509_get_default_cert_dir_env = %s\n",
	311	+ X509_get_default_cert_dir_env());
	312	+ fossil_print("case-2: ssl-ca-location = %s\n",
	313	+ g.repositoryOpen ? db_get("ssl-ca-location","(none)") : "(none)");
	314	+ fossil_print("case-3: X509_get_default_cert_file = %s\n",
	315	+ X509_get_default_cert_file());
	316	+ fossil_print("case-4: X509_get_default_cert_dir = %s\n",
	317	+ X509_get_default_cert_dir());
	318	+ if( i>=5 ){
	319	+ fossil_print("No trust store found.\n");
	320	+ }else{
	321	+ fossil_print("case-used = %d\n"
	322	+ "zCaFile = %s\n"
	323	+ "zCaDirectory = %s\n", i, zCaFile, zCaDirectory);
	324	+ }
310	325	}
311	326	if( zFile==0 ){
312	327	/* fossil_fatal("Cannot find a trust store"); */
313	328	}else if( SSL_CTX_load_verify_locations(sslCtx, zCaFile, zCaDirectory)==0 ){
314	329	fossil_fatal("Cannot load CA root certificates from %s", zFile);
		@@ -336,19 +351,23 @@
336	351	if( g.zSSLIdentity!=0 ){
337	352	identityFile = g.zSSLIdentity;
338	353	}else{
339	354	identityFile = db_get("ssl-identity", 0);
340	355	}
341		- if( bDebug ){
342		- fossil_print("identifyFile = %s\n", identityFile);
343		- }
344	356	if( identityFile!=0 && identityFile[0]!='\0' ){
	357	+ if( bDebug ){
	358	+ fossil_print("identifyFile = %s\n", identityFile);
	359	+ }
345	360	if( SSL_CTX_use_certificate_chain_file(sslCtx,identityFile)!=1
346	361	\|\| SSL_CTX_use_PrivateKey_file(sslCtx,identityFile,SSL_FILETYPE_PEM)!=1
347	362	){
348	363	fossil_fatal("Could not load SSL identity from %s", identityFile);
349	364	}
	365	+ }else{
	366	+ if( bDebug ){
	367	+ fossil_print("No identify file found.\n");
	368	+ }
350	369	}
351	370	/* Register a callback to tell the user what to do when the server asks
352	371	** for a cert */
353	372	SSL_CTX_set_client_cert_cb(sslCtx, ssl_client_cert_callback);
354	373
355	374

	--- src/http_ssl.c
	+++ src/http_ssl.c
	@@ -303,12 +303,27 @@
303	break;
304	}
305	}
306	}
307	if( bDebug ){
308	fossil_print("zCaFile = %s\n"
309	"zCaDirectory = %s\n", zCaFile, zCaDirectory);















310	}
311	if( zFile==0 ){
312	/* fossil_fatal("Cannot find a trust store"); */
313	}else if( SSL_CTX_load_verify_locations(sslCtx, zCaFile, zCaDirectory)==0 ){
314	fossil_fatal("Cannot load CA root certificates from %s", zFile);
	@@ -336,19 +351,23 @@
336	if( g.zSSLIdentity!=0 ){
337	identityFile = g.zSSLIdentity;
338	}else{
339	identityFile = db_get("ssl-identity", 0);
340	}
341	if( bDebug ){
342	fossil_print("identifyFile = %s\n", identityFile);
343	}
344	if( identityFile!=0 && identityFile[0]!='\0' ){



345	if( SSL_CTX_use_certificate_chain_file(sslCtx,identityFile)!=1
346	\|\| SSL_CTX_use_PrivateKey_file(sslCtx,identityFile,SSL_FILETYPE_PEM)!=1
347	){
348	fossil_fatal("Could not load SSL identity from %s", identityFile);
349	}




350	}
351	/* Register a callback to tell the user what to do when the server asks
352	** for a cert */
353	SSL_CTX_set_client_cert_cb(sslCtx, ssl_client_cert_callback);
354
355

	--- src/http_ssl.c
	+++ src/http_ssl.c
	@@ -303,12 +303,27 @@
303	break;
304	}
305	}
306	}
307	if( bDebug ){
308	fossil_print("case-0: X509_get_default_cert_file_env = %s\n",
309	X509_get_default_cert_file_env());
310	fossil_print("case-1: X509_get_default_cert_dir_env = %s\n",
311	X509_get_default_cert_dir_env());
312	fossil_print("case-2: ssl-ca-location = %s\n",
313	g.repositoryOpen ? db_get("ssl-ca-location","(none)") : "(none)");
314	fossil_print("case-3: X509_get_default_cert_file = %s\n",
315	X509_get_default_cert_file());
316	fossil_print("case-4: X509_get_default_cert_dir = %s\n",
317	X509_get_default_cert_dir());
318	if( i>=5 ){
319	fossil_print("No trust store found.\n");
320	}else{
321	fossil_print("case-used = %d\n"
322	"zCaFile = %s\n"
323	"zCaDirectory = %s\n", i, zCaFile, zCaDirectory);
324	}
325	}
326	if( zFile==0 ){
327	/* fossil_fatal("Cannot find a trust store"); */
328	}else if( SSL_CTX_load_verify_locations(sslCtx, zCaFile, zCaDirectory)==0 ){
329	fossil_fatal("Cannot load CA root certificates from %s", zFile);
	@@ -336,19 +351,23 @@
351	if( g.zSSLIdentity!=0 ){
352	identityFile = g.zSSLIdentity;
353	}else{
354	identityFile = db_get("ssl-identity", 0);
355	}



356	if( identityFile!=0 && identityFile[0]!='\0' ){
357	if( bDebug ){
358	fossil_print("identifyFile = %s\n", identityFile);
359	}
360	if( SSL_CTX_use_certificate_chain_file(sslCtx,identityFile)!=1
361	\|\| SSL_CTX_use_PrivateKey_file(sslCtx,identityFile,SSL_FILETYPE_PEM)!=1
362	){
363	fossil_fatal("Could not load SSL identity from %s", identityFile);
364	}
365	}else{
366	if( bDebug ){
367	fossil_print("No identify file found.\n");
368	}
369	}
370	/* Register a callback to tell the user what to do when the server asks
371	** for a cert */
372	SSL_CTX_set_client_cert_cb(sslCtx, ssl_client_cert_callback);
373
374

Fossil SCM

Keyboard Shortcuts