summaryrefslogtreecommitdiffstats
path: root/libnetdata/socket/security.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2023-07-20 04:49:55 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2023-07-20 04:49:55 +0000
commitab1bb5b7f1c3c3a7b240ab7fc8661459ecd7decb (patch)
tree7a900833aad3ccc685712c6c2a7d87576d54f427 /libnetdata/socket/security.c
parentAdding upstream version 1.40.1. (diff)
downloadnetdata-ab1bb5b7f1c3c3a7b240ab7fc8661459ecd7decb.tar.xz
netdata-ab1bb5b7f1c3c3a7b240ab7fc8661459ecd7decb.zip
Adding upstream version 1.41.0.upstream/1.41.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'libnetdata/socket/security.c')
-rw-r--r--libnetdata/socket/security.c26
1 files changed, 13 insertions, 13 deletions
diff --git a/libnetdata/socket/security.c b/libnetdata/socket/security.c
index abae71c66..c1bb76345 100644
--- a/libnetdata/socket/security.c
+++ b/libnetdata/socket/security.c
@@ -406,7 +406,7 @@ bool netdata_ssl_accept(NETDATA_SSL *ssl) {
static void netdata_ssl_info_callback(const SSL *ssl, int where, int ret __maybe_unused) {
(void)ssl;
if (where & SSL_CB_ALERT) {
- debug(D_WEB_CLIENT,"SSL INFO CALLBACK %s %s", SSL_alert_type_string(ret), SSL_alert_desc_string_long(ret));
+ netdata_log_debug(D_WEB_CLIENT,"SSL INFO CALLBACK %s %s", SSL_alert_type_string(ret), SSL_alert_desc_string_long(ret));
}
}
@@ -429,7 +429,7 @@ void netdata_ssl_initialize_openssl() {
#else
if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) != 1) {
- error("SSL library cannot be initialized.");
+ netdata_log_error("SSL library cannot be initialized.");
}
#endif
@@ -516,7 +516,7 @@ static SSL_CTX * netdata_ssl_create_server_ctx(unsigned long mode) {
#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110
ctx = SSL_CTX_new(SSLv23_server_method());
if (!ctx) {
- error("Cannot create a new SSL context, netdata won't encrypt communication");
+ netdata_log_error("Cannot create a new SSL context, netdata won't encrypt communication");
return NULL;
}
@@ -524,7 +524,7 @@ static SSL_CTX * netdata_ssl_create_server_ctx(unsigned long mode) {
#else
ctx = SSL_CTX_new(TLS_server_method());
if (!ctx) {
- error("Cannot create a new SSL context, netdata won't encrypt communication");
+ netdata_log_error("Cannot create a new SSL context, netdata won't encrypt communication");
return NULL;
}
@@ -539,7 +539,7 @@ static SSL_CTX * netdata_ssl_create_server_ctx(unsigned long mode) {
if(tls_ciphers && strcmp(tls_ciphers, "none") != 0) {
if (!SSL_CTX_set_cipher_list(ctx, tls_ciphers)) {
- error("SSL error. cannot set the cipher list");
+ netdata_log_error("SSL error. cannot set the cipher list");
}
}
#endif
@@ -548,7 +548,7 @@ static SSL_CTX * netdata_ssl_create_server_ctx(unsigned long mode) {
if (!SSL_CTX_check_private_key(ctx)) {
ERR_error_string_n(ERR_get_error(),lerror,sizeof(lerror));
- error("SSL cannot check the private key: %s",lerror);
+ netdata_log_error("SSL cannot check the private key: %s",lerror);
SSL_CTX_free(ctx);
return NULL;
}
@@ -559,7 +559,7 @@ static SSL_CTX * netdata_ssl_create_server_ctx(unsigned long mode) {
#if (OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_095)
SSL_CTX_set_verify_depth(ctx,1);
#endif
- debug(D_WEB_CLIENT,"SSL GLOBAL CONTEXT STARTED\n");
+ netdata_log_debug(D_WEB_CLIENT,"SSL GLOBAL CONTEXT STARTED\n");
SSL_CTX_set_mode(ctx, mode);
@@ -578,14 +578,14 @@ static SSL_CTX * netdata_ssl_create_server_ctx(unsigned long mode) {
*/
void netdata_ssl_initialize_ctx(int selector) {
static SPINLOCK sp = NETDATA_SPINLOCK_INITIALIZER;
- netdata_spinlock_lock(&sp);
+ spinlock_lock(&sp);
switch (selector) {
case NETDATA_SSL_WEB_SERVER_CTX: {
if(!netdata_ssl_web_server_ctx) {
struct stat statbuf;
if (stat(netdata_ssl_security_key, &statbuf) || stat(netdata_ssl_security_cert, &statbuf))
- info("To use encryption it is necessary to set \"ssl certificate\" and \"ssl key\" in [web] !\n");
+ netdata_log_info("To use encryption it is necessary to set \"ssl certificate\" and \"ssl key\" in [web] !\n");
else {
netdata_ssl_web_server_ctx = netdata_ssl_create_server_ctx(
SSL_MODE_ENABLE_PARTIAL_WRITE |
@@ -628,7 +628,7 @@ void netdata_ssl_initialize_ctx(int selector) {
}
}
- netdata_spinlock_unlock(&sp);
+ spinlock_unlock(&sp);
}
/**
@@ -680,7 +680,7 @@ int security_test_certificate(SSL *ssl) {
{
char error[512];
ERR_error_string_n(ERR_get_error(), error, sizeof(error));
- error("SSL RFC4158 check: We have a invalid certificate, the tests result with %ld and message %s", status, error);
+ netdata_log_error("SSL RFC4158 check: We have a invalid certificate, the tests result with %ld and message %s", status, error);
ret = -1;
} else {
ret = 0;
@@ -705,13 +705,13 @@ int ssl_security_location_for_context(SSL_CTX *ctx, char *file, char *path) {
int load_custom = 1, load_default = 1;
if (file || path) {
if(!SSL_CTX_load_verify_locations(ctx, file, path)) {
- info("Netdata can not verify custom CAfile or CApath for parent's SSL certificate, so it will use the default OpenSSL configuration to validate certificates!");
+ netdata_log_info("Netdata can not verify custom CAfile or CApath for parent's SSL certificate, so it will use the default OpenSSL configuration to validate certificates!");
load_custom = 0;
}
}
if(!SSL_CTX_set_default_verify_paths(ctx)) {
- info("Can not verify default OpenSSL configuration to validate certificates!");
+ netdata_log_info("Can not verify default OpenSSL configuration to validate certificates!");
load_default = 0;
}