PROTON-1929: [c] library prints directly to stderr/stdout Replace direct use of stdout with pn_log calls.
Project: http://git-wip-us.apache.org/repos/asf/qpid-proton/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton/commit/6c765bc6 Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton/tree/6c765bc6 Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton/diff/6c765bc6 Branch: refs/heads/go1 Commit: 6c765bc66461c17b02ce740804f4d9e171f0fe24 Parents: d3c1135 Author: Alan Conway <acon...@redhat.com> Authored: Mon Sep 10 15:54:57 2018 -0400 Committer: Alan Conway <acon...@redhat.com> Committed: Mon Sep 10 15:54:57 2018 -0400 ---------------------------------------------------------------------- c/src/core/log.c | 1 + c/src/core/transport.c | 1 + c/src/core/util.c | 22 +++---- c/src/core/util.h | 3 +- c/src/sasl/cyrus_sasl.c | 4 +- c/src/ssl/openssl.c | 27 ++++----- c/src/ssl/schannel.c | 133 +++++++++++++++++++++---------------------- 7 files changed, 87 insertions(+), 104 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/6c765bc6/c/src/core/log.c ---------------------------------------------------------------------- diff --git a/c/src/core/log.c b/c/src/core/log.c index 754eed3..ed04573 100644 --- a/c/src/core/log.c +++ b/c/src/core/log.c @@ -51,6 +51,7 @@ void pn_log_logger(pn_logger_t new_logger) { void pni_vlogf_impl(const char *fmt, va_list ap) { vfprintf(stderr, fmt, ap); fprintf(stderr, "\n"); + fflush(stderr); } /**@internal http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/6c765bc6/c/src/core/transport.c ---------------------------------------------------------------------- diff --git a/c/src/core/transport.c b/c/src/core/transport.c index 106a2c8..7dee571 100644 --- a/c/src/core/transport.c +++ b/c/src/core/transport.c @@ -135,6 +135,7 @@ static void pni_delivery_map_clear(pn_delivery_map_t *dm) static void pni_default_tracer(pn_transport_t *transport, const char *message) { fprintf(stderr, "[%p]:%s\n", (void *) transport, message); + fflush(stderr); } static ssize_t pn_io_layer_input_passthru(pn_transport_t *, unsigned int, const char *, size_t ); http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/6c765bc6/c/src/core/util.c ---------------------------------------------------------------------- diff --git a/c/src/core/util.c b/c/src/core/util.c index a676e9f..2597d60 100644 --- a/c/src/core/util.c +++ b/c/src/core/util.c @@ -19,9 +19,9 @@ * */ -#include "util.h" - #include "buffer.h" +#include "log_private.h" +#include "util.h" #include <proton/error.h> #include <proton/types.h> @@ -82,27 +82,19 @@ int pn_quote(pn_string_t *dst, const char *src, size_t size) } } -void pn_fprint_data(FILE *stream, const char *bytes, size_t size) +void pn_log_data(const char *msg, const char *bytes, size_t size) { char buf[256]; ssize_t n = pn_quote_data(buf, 256, bytes, size); if (n >= 0) { - fputs(buf, stream); + pn_logf("%s: %s", msg, buf); + } else if (n == PN_OVERFLOW) { + pn_logf("%s: %s (truncated)", msg, buf); } else { - if (n == PN_OVERFLOW) { - fputs(buf, stream); - fputs("... (truncated)", stream); - } - else - fprintf(stderr, "pn_quote_data: %s\n", pn_code(n)); + pn_logf("%s: cannot log data: %s", msg, pn_code(n)); } } -void pn_print_data(const char *bytes, size_t size) -{ - pn_fprint_data(stdout, bytes, size); -} - int pn_strcasecmp(const char *a, const char *b) { int diff; http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/6c765bc6/c/src/core/util.h ---------------------------------------------------------------------- diff --git a/c/src/core/util.h b/c/src/core/util.h index 78b1c4d..559fbaa 100644 --- a/c/src/core/util.h +++ b/c/src/core/util.h @@ -36,8 +36,7 @@ ssize_t pn_quote_data(char *dst, size_t capacity, const char *src, size_t size); int pn_quote(pn_string_t *dst, const char *src, size_t size); -void pn_fprint_data(FILE *stream, const char *bytes, size_t size); -void pn_print_data(const char *bytes, size_t size); +void pn_log_data(const char *msg, const char *bytes, size_t size); bool pn_env_bool(const char *name); pn_timestamp_t pn_timestamp_min(pn_timestamp_t a, pn_timestamp_t b); http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/6c765bc6/c/src/sasl/cyrus_sasl.c ---------------------------------------------------------------------- diff --git a/c/src/sasl/cyrus_sasl.c b/c/src/sasl/cyrus_sasl.c index a7387e6..30c5784 100644 --- a/c/src/sasl/cyrus_sasl.c +++ b/c/src/sasl/cyrus_sasl.c @@ -22,6 +22,8 @@ #define _GNU_SOURCE #endif +#include "core/log_private.h" + #include "proton/sasl.h" #include "proton/sasl-plugin.h" #include "proton/transport.h" @@ -130,7 +132,7 @@ static void pni_cyrus_interact(pn_transport_t *transport, sasl_interact_t *inter break; } default: - fprintf(stderr, "(%s): %s - %s\n", i->challenge, i->prompt, i->defresult); + pn_logf("(%s): %s - %s", i->challenge, i->prompt, i->defresult); } } } http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/6c765bc6/c/src/ssl/openssl.c ---------------------------------------------------------------------- diff --git a/c/src/ssl/openssl.c b/c/src/ssl/openssl.c index 2d086c7..c2b5869 100644 --- a/c/src/ssl/openssl.c +++ b/c/src/ssl/openssl.c @@ -20,8 +20,9 @@ */ #include "platform/platform.h" -#include "core/util.h" #include "core/engine-internal.h" +#include "core/log_private.h" +#include "core/util.h" #include <proton/ssl.h> #include <proton/engine.h> @@ -184,16 +185,13 @@ static void ssl_log_error(const char *fmt, ...) ssl_vlog(NULL, fmt, ap); va_end(ap); } - ssl_log_flush(NULL); } static void ssl_log_clear_data(pn_transport_t *transport, const char *data, size_t len) { if (PN_TRACE_RAW & transport->trace) { - fprintf(stderr, "SSL decrypted data: \""); - pn_fprint_data( stderr, data, len ); - fprintf(stderr, "\"\n"); + pn_log_data("SSL decrypted data", data, len ); } } @@ -662,9 +660,6 @@ found: // Check if we found anything if (options==all_prots) return PN_ARG_ERR; - // Debug test only - //printf("%30s %016lx (~%016lx)\n", protocols, options, ~options&all_prots); - SSL_CTX_clear_options(domain->ctx, all_prots); SSL_CTX_set_options(domain->ctx, options); return 0; @@ -719,8 +714,7 @@ int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain, #endif if (!domain->has_ca_db) { - pn_transport_logf(NULL, "Error: cannot verify peer without a trusted CA configured.\n" - " Use pn_ssl_domain_set_trusted_ca_db()"); + pn_transport_logf(NULL, "Error: cannot verify peer without a trusted CA configured, use pn_ssl_domain_set_trusted_ca_db()"); return -1; } @@ -732,8 +726,7 @@ int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain, return -1; } if (!domain->has_certificate) { - pn_transport_logf(NULL, "Error: Server cannot verify peer without configuring a certificate.\n" - " Use pn_ssl_domain_set_credentials()"); + pn_transport_logf(NULL, "Error: Server cannot verify peer without configuring a certificate, use pn_ssl_domain_set_credentials()"); } if (domain->trusted_CAs) free(domain->trusted_CAs); @@ -1406,13 +1399,13 @@ int pn_ssl_get_cert_fingerprint(pn_ssl_t *ssl0, char *fingerprint, size_t finger digest_name = "md5"; break; default: - ssl_log_error("Unknown or unhandled hash algorithm %i \n", hash_alg); + ssl_log_error("Unknown or unhandled hash algorithm %i ", hash_alg); return PN_ERR; } if(fingerprint_length < min_required_length) { - ssl_log_error("Insufficient fingerprint_length %i. fingerprint_length must be %i or above for %s digest\n", + ssl_log_error("Insufficient fingerprint_length %i. fingerprint_length must be %i or above for %s digest", fingerprint_length, min_required_length, digest_name); return PN_ERR; } @@ -1428,7 +1421,7 @@ int pn_ssl_get_cert_fingerprint(pn_ssl_t *ssl0, char *fingerprint, size_t finger unsigned char bytes[64]; // sha512 uses 64 octets, we will use that as the maximum. if (X509_digest(cert, digest, bytes, &len) != 1) { - ssl_log_error("Failed to extract X509 digest\n"); + ssl_log_error("Failed to extract X509 digest"); return PN_ERR; } @@ -1442,7 +1435,7 @@ int pn_ssl_get_cert_fingerprint(pn_ssl_t *ssl0, char *fingerprint, size_t finger return PN_OK; } else { - ssl_log_error("No certificate is available yet \n"); + ssl_log_error("No certificate is available yet "); return PN_ERR; } @@ -1475,7 +1468,7 @@ const char* pn_ssl_get_remote_subject_subfield(pn_ssl_t *ssl0, pn_ssl_cert_subje openssl_field = NID_commonName; break; default: - ssl_log_error("Unknown or unhandled certificate subject subfield %i \n", field); + ssl_log_error("Unknown or unhandled certificate subject subfield %i", field); return NULL; } http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/6c765bc6/c/src/ssl/schannel.c ---------------------------------------------------------------------- diff --git a/c/src/ssl/schannel.c b/c/src/ssl/schannel.c index b541c96..15e7d8a 100644 --- a/c/src/ssl/schannel.c +++ b/c/src/ssl/schannel.c @@ -32,12 +32,15 @@ * the latter. */ -#include <proton/ssl.h> -#include <proton/engine.h> +#include "core/autodetect.h" #include "core/engine-internal.h" -#include "platform/platform.h" +#include "core/log_private.h" #include "core/util.h" -#include "core/autodetect.h" + +#include "platform/platform.h" + +#include <proton/ssl.h> +#include <proton/engine.h> #include <assert.h> @@ -194,7 +197,7 @@ static int win_credential_load_cert(win_credential_t *cred, const char *store_na if (cert_count == 1) { found_ctx = CertDuplicateCertificateContext(tmpctx); } else { - ssl_log_error("Multiple certificates to choose from certificate store %s\n", store_name); + ssl_log_error("Multiple certificates to choose from certificate store %s", store_name); found_ctx = NULL; break; } @@ -206,7 +209,7 @@ static int win_credential_load_cert(win_credential_t *cred, const char *store_na tmpctx = false; } if (!found_ctx && cert_name && cert_count == 1) - ssl_log_error("Could not find certificate %s in store %s\n", cert_name, store_name); + ssl_log_error("Could not find certificate %s in store %s", cert_name, store_name); cred->cert_context = found_ctx; free(fn); @@ -366,9 +369,8 @@ static void ssl_log_error(const char *fmt, ...) { va_list ap; va_start(ap, fmt); - vfprintf(stderr, fmt, ap); + pn_vlogf(fmt, ap); va_end(ap); - fflush(stderr); } // @todo: used to avoid littering the code with calls to printf... @@ -377,9 +379,8 @@ static void ssl_log(pn_transport_t *transport, const char *fmt, ...) if (PN_TRACE_DRV & transport->trace) { va_list ap; va_start(ap, fmt); - vfprintf(stderr, fmt, ap); + pn_vlogf(fmt, ap); va_end(ap); - fflush(stderr); } } @@ -390,25 +391,21 @@ static void ssl_log_error_status(HRESULT status, const char *fmt, ...) if (fmt) { va_start(ap, fmt); - vfprintf(stderr, fmt, ap); + pn_vlogf(fmt, ap); va_end(ap); } if (FormatMessage(FORMAT_MESSAGE_MAX_WIDTH_MASK | FORMAT_MESSAGE_FROM_SYSTEM, 0, status, 0, buf, sizeof(buf), 0)) - ssl_log_error(" : %s\n", buf); + ssl_log_error(" : %s", buf); else - fprintf(stderr, "pn internal Windows error: %x for %x\n", GetLastError(), status); - - fflush(stderr); + pn_logf("pn internal Windows error: %x for %x", GetLastError(), status); } static void ssl_log_clear_data(pn_transport_t *transport, const char *data, size_t len) { if (PN_TRACE_RAW & transport->trace) { - fprintf(stderr, "SSL decrypted data: \""); - pn_fprint_data( stderr, data, len ); - fprintf(stderr, "\"\n"); + pn_log_data("SSL decrypted data", data, len); } } @@ -473,7 +470,7 @@ pn_ssl_domain_t *pn_ssl_domain( pn_ssl_mode_t mode ) break; default: - ssl_log_error("Invalid mode for pn_ssl_mode_t: %d\n", mode); + ssl_log_error("Invalid mode for pn_ssl_mode_t: %d", mode); free(domain); return NULL; } @@ -568,8 +565,7 @@ int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain, csguard g2(&domain->cred->cslock); if (!domain->has_ca_db && (mode == PN_SSL_VERIFY_PEER || mode == PN_SSL_VERIFY_PEER_NAME)) { - ssl_log_error("Error: cannot verify peer without a trusted CA configured.\n" - " Use pn_ssl_domain_set_trusted_ca_db()\n"); + ssl_log_error("Error: cannot verify peer without a trusted CA configured, use pn_ssl_domain_set_trusted_ca_db()"); return -1; } @@ -585,8 +581,7 @@ int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain, return -1; } if (!win_credential_has_certificate(domain->cred)) { - ssl_log_error("Error: Server cannot verify peer without configuring a certificate.\n" - " Use pn_ssl_domain_set_credentials()"); + ssl_log_error("Error: Server cannot verify peer without configuring a certificate, use pn_ssl_domain_set_credentials()"); return -1; } int ec = 0; @@ -603,7 +598,7 @@ int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain, break; default: - ssl_log_error("Invalid peer authentication mode given.\n"); + ssl_log_error("Invalid peer authentication mode given."); return -1; } @@ -711,7 +706,7 @@ int pn_ssl_domain_allow_unsecured_client(pn_ssl_domain_t *domain) { if (!domain) return -1; if (domain->mode != PN_SSL_MODE_SERVER) { - ssl_log_error("Cannot permit unsecured clients - not a server.\n"); + ssl_log_error("Cannot permit unsecured clients - not a server."); return -1; } domain->allow_unsecured = true; @@ -768,7 +763,7 @@ bool pn_ssl_get_protocol_name(pn_ssl_t *ssl0, char *buffer, size_t size ) else if ((info.dwProtocol & 0xC00)) pni_snprintf(buffer, size, "%s", "TLSv1.2"); else { - ssl_log_error("unexpected protocol %x\n", info.dwProtocol); + ssl_log_error("unexpected protocol %x", info.dwProtocol); return false; } return true; @@ -781,7 +776,7 @@ void pn_ssl_free( pn_transport_t *transport) { pni_ssl_t *ssl = transport->ssl; if (!ssl) return; - ssl_log( transport, "SSL socket freed.\n" ); + ssl_log( transport, "SSL socket freed." ); // clean up Windows per TLS session data before releasing the domain count csguard g(&ssl->domain->cslock); csguard g2(&ssl->cred->cslock); @@ -978,7 +973,7 @@ static void ssl_encrypt(pn_transport_t *transport, char *app_data, size_t count) ssl->sc_out_count = buffs[0].cbBuffer + buffs[1].cbBuffer + buffs[2].cbBuffer; ssl->network_outp = ssl->sc_outbuf; ssl->network_out_pending = ssl->sc_out_count; - ssl_log(transport, "ssl_encrypt %d network bytes\n", ssl->network_out_pending); + ssl_log(transport, "ssl_encrypt %d network bytes", ssl->network_out_pending); } // Returns true if decryption succeeded (even for empty content) @@ -1020,7 +1015,7 @@ static bool ssl_decrypt(pn_transport_t *transport) return false; case SEC_I_RENEGOTIATE: - ssl_log_error("unexpected TLS renegotiation\n"); + ssl_log_error("unexpected TLS renegotiation"); // TODO. Fall through for now. default: ssl_failed(transport, 0); @@ -1081,7 +1076,7 @@ static void client_handshake_init(pn_transport_t *transport) ssl->network_out_pending = ssl->sc_out_count; // the token is the whole quantity to send ssl->network_outp = ssl->sc_outbuf; - ssl_log(transport, "Sending client hello %d bytes\n", ssl->network_out_pending); + ssl_log(transport, "Sending client hello %d bytes", ssl->network_out_pending); } else { ssl_log_error_status(status, "InitializeSecurityContext failed"); ssl_failed(transport, 0); @@ -1137,7 +1132,7 @@ static void client_handshake( pn_transport_t* transport) { case SEC_E_INCOMPLETE_MESSAGE: // Not enough - get more data from the server then try again. // Leave input buffers untouched. - ssl_log(transport, "client handshake: incomplete record\n"); + ssl_log(transport, "client handshake: incomplete record"); ssl->sc_in_incomplete = true; return; @@ -1147,7 +1142,7 @@ static void client_handshake( pn_transport_t* transport) { // the token is the whole quantity to send ssl->network_out_pending = ssl->sc_out_count; ssl->network_outp = ssl->sc_outbuf; - ssl_log(transport, "client handshake token %d bytes\n", ssl->network_out_pending); + ssl_log(transport, "client handshake token %d bytes", ssl->network_out_pending); break; case SEC_E_OK: @@ -1158,7 +1153,7 @@ static void client_handshake( pn_transport_t* transport) { // the token is the whole quantity to send ssl->network_out_pending = ssl->sc_out_count; ssl->network_outp = ssl->sc_outbuf; - ssl_log(transport, "client shutdown token %d bytes\n", ssl->network_out_pending); + ssl_log(transport, "client shutdown token %d bytes", ssl->network_out_pending); } else { ssl->state = SSL_CLOSED; } @@ -1178,9 +1173,9 @@ static void client_handshake( pn_transport_t* transport) { HRESULT ec = verify_peer(ssl, ssl->cred->trust_store, ssl->peer_hostname, tracing); if (ec) { if (ssl->peer_hostname) - ssl_log_error_status(ec, "certificate verification failed for host %s\n", ssl->peer_hostname); + ssl_log_error_status(ec, "certificate verification failed for host %s", ssl->peer_hostname); else - ssl_log_error_status(ec, "certificate verification failed\n"); + ssl_log_error_status(ec, "certificate verification failed"); ssl_failed(transport, "TLS certificate verification error"); break; } @@ -1197,7 +1192,7 @@ static void client_handshake( pn_transport_t* transport) { SECPKG_ATTR_STREAM_SIZES, &ssl->sc_sizes); max = ssl->sc_sizes.cbMaximumMessage + ssl->sc_sizes.cbHeader + ssl->sc_sizes.cbTrailer; if (max > ssl->sc_out_size) { - ssl_log_error("Buffer size mismatch have %d, need %d\n", (int) ssl->sc_out_size, (int) max); + ssl_log_error("Buffer size mismatch have %d, need %d", (int) ssl->sc_out_size, (int) max); ssl->state = SHUTTING_DOWN; ssl->app_input_closed = ssl->app_output_closed = PN_ERR; start_ssl_shutdown(transport); @@ -1207,13 +1202,13 @@ static void client_handshake( pn_transport_t* transport) { ssl->state = RUNNING; ssl->max_data_size = max - ssl->sc_sizes.cbHeader - ssl->sc_sizes.cbTrailer; - ssl_log(transport, "client handshake successful %d max record size\n", max); + ssl_log(transport, "client handshake successful %d max record size", max); break; case SEC_I_CONTEXT_EXPIRED: // ended before we got going default: - ssl_log(transport, "client handshake failed %d\n", (int) status); + ssl_log(transport, "client handshake failed %d", (int) status); ssl_failed(transport, 0); break; } @@ -1238,7 +1233,7 @@ static void server_handshake(pn_transport_t* transport) // waiting for more bytes. Help out here. pni_protocol_type_t type = pni_sniff_header(ssl->sc_inbuf, ssl->sc_in_count); if (type == PNI_PROTOCOL_INSUFFICIENT) { - ssl_log(transport, "server handshake: incomplete record\n"); + ssl_log(transport, "server handshake: incomplete record"); ssl->sc_in_incomplete = true; return; } else { @@ -1300,7 +1295,7 @@ static void server_handshake(pn_transport_t* transport) case SEC_E_INCOMPLETE_MESSAGE: // Not enough - get more data from the client then try again. // Leave input buffers untouched. - ssl_log(transport, "server handshake: incomplete record\n"); + ssl_log(transport, "server handshake: incomplete record"); ssl->sc_in_incomplete = true; return; @@ -1316,7 +1311,7 @@ static void server_handshake(pn_transport_t* transport) // the token is the whole quantity to send ssl->network_out_pending = ssl->sc_out_count; ssl->network_outp = ssl->sc_outbuf; - ssl_log(transport, "server shutdown token %d bytes\n", ssl->network_out_pending); + ssl_log(transport, "server shutdown token %d bytes", ssl->network_out_pending); } else { ssl->state = SSL_CLOSED; } @@ -1333,7 +1328,7 @@ static void server_handshake(pn_transport_t* transport) bool tracing = PN_TRACE_DRV & transport->trace; HRESULT ec = verify_peer(ssl, ssl->cred->trust_store, NULL, tracing); if (ec) { - ssl_log_error_status(ec, "certificate verification failed\n"); + ssl_log_error_status(ec, "certificate verification failed"); ssl_failed(transport, "certificate verification error"); break; } @@ -1343,7 +1338,7 @@ static void server_handshake(pn_transport_t* transport) SECPKG_ATTR_STREAM_SIZES, &ssl->sc_sizes); max = ssl->sc_sizes.cbMaximumMessage + ssl->sc_sizes.cbHeader + ssl->sc_sizes.cbTrailer; if (max > ssl->sc_out_size) { - ssl_log_error("Buffer size mismatch have %d, need %d\n", (int) ssl->sc_out_size, (int) max); + ssl_log_error("Buffer size mismatch have %d, need %d", (int) ssl->sc_out_size, (int) max); ssl->state = SHUTTING_DOWN; ssl->app_input_closed = ssl->app_output_closed = PN_ERR; start_ssl_shutdown(transport); @@ -1356,13 +1351,13 @@ static void server_handshake(pn_transport_t* transport) ssl->state = RUNNING; ssl->max_data_size = max - ssl->sc_sizes.cbHeader - ssl->sc_sizes.cbTrailer; - ssl_log(transport, "server handshake successful %d max record size\n", max); + ssl_log(transport, "server handshake successful %d max record size", max); break; case SEC_I_CONTEXT_EXPIRED: // ended before we got going default: - ssl_log(transport, "server handshake failed %d\n", (int) status); + ssl_log(transport, "server handshake failed %d", (int) status); ssl_failed(transport, 0); break; } @@ -1374,7 +1369,7 @@ static void server_handshake(pn_transport_t* transport) // the token is the whole quantity to send ssl->network_out_pending = ssl->sc_out_count; ssl->network_outp = ssl->sc_outbuf; - ssl_log(transport, "server handshake token %d bytes\n", ssl->network_out_pending); + ssl_log(transport, "server handshake token %d bytes", ssl->network_out_pending); } if (token_buffs[1].BufferType == SECBUFFER_EXTRA && token_buffs[1].cbBuffer > 0 && @@ -1408,7 +1403,7 @@ static bool grow_inbuf2(pn_transport_t *transport, size_t minimum_size) { if (max_frame != 0) { if (old_capacity >= max_frame) { // already big enough - ssl_log(transport, "Application expecting %d bytes (> negotiated maximum frame)\n", new_capacity); + ssl_log(transport, "Application expecting %d bytes (> negotiated maximum frame)", new_capacity); ssl_failed(transport, "TLS: transport maximum frame size error"); return false; } @@ -1417,7 +1412,7 @@ static bool grow_inbuf2(pn_transport_t *transport, size_t minimum_size) { size_t extra_bytes = new_capacity - pn_buffer_size(ssl->inbuf2); int err = pn_buffer_ensure(ssl->inbuf2, extra_bytes); if (err) { - ssl_log(transport, "TLS memory allocation failed for %d bytes\n", max_frame); + ssl_log(transport, "TLS memory allocation failed for %d bytes", max_frame); ssl_failed(transport, "TLS memory allocation failed"); return false; } @@ -1437,7 +1432,7 @@ static void start_ssl_shutdown(pn_transport_t *transport) if (ssl->queued_shutdown) return; ssl->queued_shutdown = true; - ssl_log(transport, "Shutting down SSL connection...\n"); + ssl_log(transport, "Shutting down SSL connection..."); DWORD shutdown = SCHANNEL_SHUTDOWN; SecBuffer shutBuff; @@ -1603,7 +1598,7 @@ static void read_closed(pn_transport_t *transport, unsigned int layer, ssize_t e static ssize_t process_input_ssl(pn_transport_t *transport, unsigned int layer, const char *input_data, size_t available) { pni_ssl_t *ssl = transport->ssl; - ssl_log( transport, "process_input_ssl( data size=%d )\n",available ); + ssl_log( transport, "process_input_ssl( data size=%d )",available ); ssize_t consumed = 0; ssize_t forwarded = 0; bool new_app_input; @@ -1680,7 +1675,7 @@ static ssize_t process_input_ssl(pn_transport_t *transport, unsigned int layer, rewind_sc_inbuf(ssl); } } - ssl_log(transport, "Next decryption, %d left over\n", available); + ssl_log(transport, "Next decryption, %d left over", available); } } @@ -1702,7 +1697,7 @@ static ssize_t process_input_ssl(pn_transport_t *transport, unsigned int layer, forwarded += count; // advance() can increase app_inbytes.size if double buffered app_inbytes_advance(transport, count); - ssl_log(transport, "Application consumed %d bytes from peer\n", (int) count); + ssl_log(transport, "Application consumed %d bytes from peer", (int) count); } else if (count == 0) { size_t old_size = ssl->app_inbytes.size; app_inbytes_advance(transport, 0); @@ -1711,13 +1706,13 @@ static ssize_t process_input_ssl(pn_transport_t *transport, unsigned int layer, } } else { // count < 0 - ssl_log(transport, "Application layer closed its input, error=%d (discarding %d bytes)\n", + ssl_log(transport, "Application layer closed its input, error=%d (discarding %d bytes)", (int) count, (int)ssl->app_inbytes.size); app_inbytes_advance(transport, ssl->app_inbytes.size); // discard read_closed(transport, layer, count); } } else { - ssl_log(transport, "Input closed discard %d bytes\n", + ssl_log(transport, "Input closed discard %d bytes", (int)ssl->app_inbytes.size); app_inbytes_advance(transport, ssl->app_inbytes.size); // discard } @@ -1737,7 +1732,7 @@ static ssize_t process_input_ssl(pn_transport_t *transport, unsigned int layer, } } } - ssl_log(transport, "process_input_ssl() returning %d, forwarded %d\n", (int) consumed, (int) forwarded); + ssl_log(transport, "process_input_ssl() returning %d, forwarded %d", (int) consumed, (int) forwarded); return consumed; } @@ -1745,7 +1740,7 @@ static ssize_t process_output_ssl( pn_transport_t *transport, unsigned int layer { pni_ssl_t *ssl = transport->ssl; if (!ssl) return PN_EOS; - ssl_log( transport, "process_output_ssl( max_len=%d )\n",max_len ); + ssl_log( transport, "process_output_ssl( max_len=%d )",max_len ); ssize_t written = 0; ssize_t total_app_bytes = 0; @@ -1784,17 +1779,17 @@ static ssize_t process_output_ssl( pn_transport_t *transport, unsigned int layer if (app_bytes > 0) { app_outp += app_bytes; remaining -= app_bytes; - ssl_log( transport, "Gathered %d bytes from app to send to peer\n", app_bytes ); + ssl_log( transport, "Gathered %d bytes from app to send to peer", app_bytes ); } else { if (app_bytes < 0) { - ssl_log(transport, "Application layer closed its output, error=%d (%d bytes pending send)\n", + ssl_log(transport, "Application layer closed its output, error=%d (%d bytes pending send)", (int) app_bytes, (int) ssl->network_out_pending); ssl->app_output_closed = app_bytes; if (ssl->app_input_closed) ssl->state = SHUTTING_DOWN; } else if (total_app_bytes == 0 && ssl->app_input_closed) { // We've drained all the App layer can provide - ssl_log(transport, "Application layer blocked on input, closing\n"); + ssl_log(transport, "Application layer blocked on input, closing"); ssl->state = SHUTTING_DOWN; ssl->app_output_closed = PN_ERR; } @@ -1830,7 +1825,7 @@ static ssize_t process_output_ssl( pn_transport_t *transport, unsigned int layer transport->io_layers[layer] = &ssl_output_closed_layer; } } - ssl_log(transport, "process_output_ssl() returning %d\n", (int) written); + ssl_log(transport, "process_output_ssl() returning %d", (int) written); return written; } @@ -2099,7 +2094,7 @@ static HRESULT verify_peer(pni_ssl_t *ssl, HCERTSTORE root_store, const char *se wchar_t *nameUCS2 = 0; if (server_name && strlen(server_name) > 255) { - ssl_log_error("invalid server name: %s\n", server_name); + ssl_log_error("invalid server name: %s", server_name); return WSAENAMETOOLONG; } @@ -2144,7 +2139,7 @@ static HRESULT verify_peer(pni_ssl_t *ssl, HCERTSTORE root_store, const char *se return st; } if (chain_context->cChain < 1 || chain_context->rgpChain[0]->cElement < 1) { - ssl_log_error("empty chain with status %x %x\n", chain_context->TrustStatus.dwErrorStatus, + ssl_log_error("empty chain with status %x %x", chain_context->TrustStatus.dwErrorStatus, chain_context->TrustStatus.dwInfoStatus); return SEC_E_CERT_UNKNOWN; } @@ -2154,7 +2149,7 @@ static HRESULT verify_peer(pni_ssl_t *ssl, HCERTSTORE root_store, const char *se PCCERT_CONTEXT trunk_cert = chain_context->rgpChain[0]->rgpElement[chain_len - 1]->pCertContext; if (tracing) // See doc for CERT_CHAIN_POLICY_STATUS for bit field error and info status values - ssl_log_error("status for complete chain: error bits %x info bits %x\n", + ssl_log_error("status for complete chain: error bits %x info bits %x", chain_context->TrustStatus.dwErrorStatus, chain_context->TrustStatus.dwInfoStatus); // Supplement with checks against Proton's trusted_ca_db, custom revocation and usage. @@ -2167,7 +2162,7 @@ static HRESULT verify_peer(pni_ssl_t *ssl, HCERTSTORE root_store, const char *se PCCERT_CONTEXT cc = ce->pCertContext; if (cc->pCertInfo->dwVersion != CERT_V3) { if (tracing) - ssl_log_error("certificate chain element %d is not version 3\n", i); + ssl_log_error("certificate chain element %d is not version 3", i); error = SEC_E_CERT_WRONG_USAGE; // A fossil break; } @@ -2192,7 +2187,7 @@ static HRESULT verify_peer(pni_ssl_t *ssl, HCERTSTORE root_store, const char *se if (!CertNameToStr(cc->dwCertEncodingType, &cc->pCertInfo->Subject, CERT_X500_NAME_STR | CERT_NAME_STR_NO_PLUS_FLAG, name, sizeof(name))) strcpy(name, "[too long]"); - ssl_log_error("element %d (name: %s)%s error bits %x info bits %x\n", i, name, is_anchor, + ssl_log_error("element %d (name: %s)%s error bits %x info bits %x", i, name, is_anchor, ce->TrustStatus.dwErrorStatus, ce->TrustStatus.dwInfoStatus); } } @@ -2208,9 +2203,9 @@ static HRESULT verify_peer(pni_ssl_t *ssl, HCERTSTORE root_store, const char *se if (trust_anchor) { if (tracing) { if (flags & CERT_STORE_SIGNATURE_FLAG) - ssl_log_error("root certificate signature failure\n"); + ssl_log_error("root certificate signature failure"); if (flags & CERT_STORE_TIME_VALIDITY_FLAG) - ssl_log_error("root certificate time validity failure\n"); + ssl_log_error("root certificate time validity failure"); } if (flags) { CertFreeCertificateContext(trust_anchor); @@ -2292,7 +2287,7 @@ static HRESULT verify_peer(pni_ssl_t *ssl, HCERTSTORE root_store, const char *se if (chain_status.lChainIndex == 0 && chain_status.lElementIndex != -1) { int idx = chain_status.lElementIndex; CERT_CHAIN_ELEMENT *ce = chain_context->rgpChain[0]->rgpElement[idx]; - ssl_log_error(" chain failure at %d error/info: %x %x\n", idx, + ssl_log_error(" chain failure at %d error/info: %x %x", idx, ce->TrustStatus.dwErrorStatus, ce->TrustStatus.dwInfoStatus); } } @@ -2312,7 +2307,7 @@ static HRESULT verify_peer(pni_ssl_t *ssl, HCERTSTORE root_store, const char *se } while (0); if (tracing && !error) - ssl_log_error("peer certificate authenticated\n"); + ssl_log_error("peer certificate authenticated"); // Lots to clean up. if (peer_cc) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org For additional commands, e-mail: commits-h...@qpid.apache.org