diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2023-07-20 04:49:55 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2023-07-20 04:49:55 +0000 |
commit | ab1bb5b7f1c3c3a7b240ab7fc8661459ecd7decb (patch) | |
tree | 7a900833aad3ccc685712c6c2a7d87576d54f427 /libnetdata/socket/security.c | |
parent | Adding upstream version 1.40.1. (diff) | |
download | netdata-ab1bb5b7f1c3c3a7b240ab7fc8661459ecd7decb.tar.xz netdata-ab1bb5b7f1c3c3a7b240ab7fc8661459ecd7decb.zip |
Adding upstream version 1.41.0.upstream/1.41.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'libnetdata/socket/security.c')
-rw-r--r-- | libnetdata/socket/security.c | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/libnetdata/socket/security.c b/libnetdata/socket/security.c index abae71c66..c1bb76345 100644 --- a/libnetdata/socket/security.c +++ b/libnetdata/socket/security.c @@ -406,7 +406,7 @@ bool netdata_ssl_accept(NETDATA_SSL *ssl) { static void netdata_ssl_info_callback(const SSL *ssl, int where, int ret __maybe_unused) { (void)ssl; if (where & SSL_CB_ALERT) { - debug(D_WEB_CLIENT,"SSL INFO CALLBACK %s %s", SSL_alert_type_string(ret), SSL_alert_desc_string_long(ret)); + netdata_log_debug(D_WEB_CLIENT,"SSL INFO CALLBACK %s %s", SSL_alert_type_string(ret), SSL_alert_desc_string_long(ret)); } } @@ -429,7 +429,7 @@ void netdata_ssl_initialize_openssl() { #else if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) != 1) { - error("SSL library cannot be initialized."); + netdata_log_error("SSL library cannot be initialized."); } #endif @@ -516,7 +516,7 @@ static SSL_CTX * netdata_ssl_create_server_ctx(unsigned long mode) { #if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110 ctx = SSL_CTX_new(SSLv23_server_method()); if (!ctx) { - error("Cannot create a new SSL context, netdata won't encrypt communication"); + netdata_log_error("Cannot create a new SSL context, netdata won't encrypt communication"); return NULL; } @@ -524,7 +524,7 @@ static SSL_CTX * netdata_ssl_create_server_ctx(unsigned long mode) { #else ctx = SSL_CTX_new(TLS_server_method()); if (!ctx) { - error("Cannot create a new SSL context, netdata won't encrypt communication"); + netdata_log_error("Cannot create a new SSL context, netdata won't encrypt communication"); return NULL; } @@ -539,7 +539,7 @@ static SSL_CTX * netdata_ssl_create_server_ctx(unsigned long mode) { if(tls_ciphers && strcmp(tls_ciphers, "none") != 0) { if (!SSL_CTX_set_cipher_list(ctx, tls_ciphers)) { - error("SSL error. cannot set the cipher list"); + netdata_log_error("SSL error. cannot set the cipher list"); } } #endif @@ -548,7 +548,7 @@ static SSL_CTX * netdata_ssl_create_server_ctx(unsigned long mode) { if (!SSL_CTX_check_private_key(ctx)) { ERR_error_string_n(ERR_get_error(),lerror,sizeof(lerror)); - error("SSL cannot check the private key: %s",lerror); + netdata_log_error("SSL cannot check the private key: %s",lerror); SSL_CTX_free(ctx); return NULL; } @@ -559,7 +559,7 @@ static SSL_CTX * netdata_ssl_create_server_ctx(unsigned long mode) { #if (OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_095) SSL_CTX_set_verify_depth(ctx,1); #endif - debug(D_WEB_CLIENT,"SSL GLOBAL CONTEXT STARTED\n"); + netdata_log_debug(D_WEB_CLIENT,"SSL GLOBAL CONTEXT STARTED\n"); SSL_CTX_set_mode(ctx, mode); @@ -578,14 +578,14 @@ static SSL_CTX * netdata_ssl_create_server_ctx(unsigned long mode) { */ void netdata_ssl_initialize_ctx(int selector) { static SPINLOCK sp = NETDATA_SPINLOCK_INITIALIZER; - netdata_spinlock_lock(&sp); + spinlock_lock(&sp); switch (selector) { case NETDATA_SSL_WEB_SERVER_CTX: { if(!netdata_ssl_web_server_ctx) { struct stat statbuf; if (stat(netdata_ssl_security_key, &statbuf) || stat(netdata_ssl_security_cert, &statbuf)) - info("To use encryption it is necessary to set \"ssl certificate\" and \"ssl key\" in [web] !\n"); + netdata_log_info("To use encryption it is necessary to set \"ssl certificate\" and \"ssl key\" in [web] !\n"); else { netdata_ssl_web_server_ctx = netdata_ssl_create_server_ctx( SSL_MODE_ENABLE_PARTIAL_WRITE | @@ -628,7 +628,7 @@ void netdata_ssl_initialize_ctx(int selector) { } } - netdata_spinlock_unlock(&sp); + spinlock_unlock(&sp); } /** @@ -680,7 +680,7 @@ int security_test_certificate(SSL *ssl) { { char error[512]; ERR_error_string_n(ERR_get_error(), error, sizeof(error)); - error("SSL RFC4158 check: We have a invalid certificate, the tests result with %ld and message %s", status, error); + netdata_log_error("SSL RFC4158 check: We have a invalid certificate, the tests result with %ld and message %s", status, error); ret = -1; } else { ret = 0; @@ -705,13 +705,13 @@ int ssl_security_location_for_context(SSL_CTX *ctx, char *file, char *path) { int load_custom = 1, load_default = 1; if (file || path) { if(!SSL_CTX_load_verify_locations(ctx, file, path)) { - info("Netdata can not verify custom CAfile or CApath for parent's SSL certificate, so it will use the default OpenSSL configuration to validate certificates!"); + netdata_log_info("Netdata can not verify custom CAfile or CApath for parent's SSL certificate, so it will use the default OpenSSL configuration to validate certificates!"); load_custom = 0; } } if(!SSL_CTX_set_default_verify_paths(ctx)) { - info("Can not verify default OpenSSL configuration to validate certificates!"); + netdata_log_info("Can not verify default OpenSSL configuration to validate certificates!"); load_default = 0; } |