From 6e5b3c00d2cd2bb27c8dadab37a975d4f8604fe7 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 6 Sep 2023 10:52:49 -0700 Subject: [PATCH 1/2] use WLOG for debug messages when checking peer IP address --- examples/client/common.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/examples/client/common.c b/examples/client/common.c index 6e48a4b67..511ea4a76 100644 --- a/examples/client/common.c +++ b/examples/client/common.c @@ -382,25 +382,26 @@ int ClientPublicKeyCheck(const byte* pubKey, word32 pubKeySz, void* ctx) if (ParseRFC6187(pubKey, pubKeySz, &der, &derSz) == WS_SUCCESS) { wc_InitDecodedCert(&dCert, der, derSz, NULL); if (wc_ParseCert(&dCert, CERT_TYPE, NO_VERIFY, NULL) != 0) { - printf("public key not a cert\n"); + WLOG(WS_LOG_DEBUG, "public key not a cert\n"); } else { int ipMatch = 0; DNS_entry* current = dCert.altNames; if (ctx == NULL) { - fprintf(stderr, "No host IP set to check against!\n"); + WLOG(WS_LOG_ERROR, "No host IP set to check against!\n"); ret = -1; } if (ret == 0) { while (current != NULL) { if (current->type == ASN_IP_TYPE) { - printf("host cert alt. name IP : %s\n", + WLOG(WS_LOG_DEBUG, "host cert alt. name IP : %s\n", current->ipString); - printf("\texpecting host IP : %s\n", (char*)ctx); + WLOG(WS_LOG_DEBUG, + "\texpecting host IP : %s\n", (char*)ctx); if (XSTRCMP(ctx, current->ipString) == 0) { - printf("\tmatched!\n"); + WLOG(WS_LOG_DEBUG, "\tmatched!\n"); ipMatch = 1; } } @@ -424,8 +425,8 @@ int ClientPublicKeyCheck(const byte* pubKey, word32 pubKeySz, void* ctx) } } #else - printf("wolfSSL not built with OPENSSL_ALL or WOLFSSL_IP_ALT_NAME\n"); - printf("\tnot checking IP address from peer's cert\n"); + WLOG(WS_LOG_DEBUG, "wolfSSL not built with OPENSSL_ALL or WOLFSSL_IP_ALT_NAME\n"); + WLOG(WS_LOG_DEBUG, "\tnot checking IP address from peer's cert\n"); #endif #endif From 57519c6a54557027709c13408fcb47b2c3f019e5 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 7 Sep 2023 13:28:43 -0600 Subject: [PATCH 2/2] remove extra newline in debug message --- examples/client/common.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/examples/client/common.c b/examples/client/common.c index 511ea4a76..9578410b2 100644 --- a/examples/client/common.c +++ b/examples/client/common.c @@ -382,26 +382,26 @@ int ClientPublicKeyCheck(const byte* pubKey, word32 pubKeySz, void* ctx) if (ParseRFC6187(pubKey, pubKeySz, &der, &derSz) == WS_SUCCESS) { wc_InitDecodedCert(&dCert, der, derSz, NULL); if (wc_ParseCert(&dCert, CERT_TYPE, NO_VERIFY, NULL) != 0) { - WLOG(WS_LOG_DEBUG, "public key not a cert\n"); + WLOG(WS_LOG_DEBUG, "public key not a cert"); } else { int ipMatch = 0; DNS_entry* current = dCert.altNames; if (ctx == NULL) { - WLOG(WS_LOG_ERROR, "No host IP set to check against!\n"); + WLOG(WS_LOG_ERROR, "No host IP set to check against!"); ret = -1; } if (ret == 0) { while (current != NULL) { if (current->type == ASN_IP_TYPE) { - WLOG(WS_LOG_DEBUG, "host cert alt. name IP : %s\n", + WLOG(WS_LOG_DEBUG, "host cert alt. name IP : %s", current->ipString); WLOG(WS_LOG_DEBUG, - "\texpecting host IP : %s\n", (char*)ctx); + "\texpecting host IP : %s", (char*)ctx); if (XSTRCMP(ctx, current->ipString) == 0) { - WLOG(WS_LOG_DEBUG, "\tmatched!\n"); + WLOG(WS_LOG_DEBUG, "\tmatched!"); ipMatch = 1; } } @@ -425,8 +425,8 @@ int ClientPublicKeyCheck(const byte* pubKey, word32 pubKeySz, void* ctx) } } #else - WLOG(WS_LOG_DEBUG, "wolfSSL not built with OPENSSL_ALL or WOLFSSL_IP_ALT_NAME\n"); - WLOG(WS_LOG_DEBUG, "\tnot checking IP address from peer's cert\n"); + WLOG(WS_LOG_DEBUG, "wolfSSL not built with OPENSSL_ALL or WOLFSSL_IP_ALT_NAME"); + WLOG(WS_LOG_DEBUG, "\tnot checking IP address from peer's cert"); #endif #endif