diff options
| author | Greg Hudson <ghudson@mit.edu> | 2014-06-22 10:42:14 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2014-07-19 16:21:15 -0400 |
| commit | 472349d2a47fbc7db82e46ba46411b95c312fc1f (patch) | |
| tree | 72b90150ec678d401fafd4893675f5cad3832f77 /src/include/k5-trace.h | |
| parent | 4abfd7bc3819a66f77a1cf121b7608af624ecb6e (diff) | |
| download | krb5-472349d2a47fbc7db82e46ba46411b95c312fc1f.zip krb5-472349d2a47fbc7db82e46ba46411b95c312fc1f.tar.gz krb5-472349d2a47fbc7db82e46ba46411b95c312fc1f.tar.bz2 | |
Move KKDCP OpenSSL code to an internal plugin
Create an internal pluggable interface "tls" with one in-tree dynamic
plugin module named "k5tls". Move all of the OpenSSL calls to the
plugin module, and make the libkrb5 code load and invoke the plugin.
This way we do not load or initialize libssl unless an HTTP proxy is
used.
ticket: 7929
Diffstat (limited to 'src/include/k5-trace.h')
| -rw-r--r-- | src/include/k5-trace.h | 33 |
1 files changed, 17 insertions, 16 deletions
diff --git a/src/include/k5-trace.h b/src/include/k5-trace.h index 9e75b29..a0aa85a 100644 --- a/src/include/k5-trace.h +++ b/src/include/k5-trace.h @@ -324,23 +324,11 @@ void krb5int_trace(krb5_context context, const char *fmt, ...); TRACE(c, "Resolving hostname {str}", hostname) #define TRACE_SENDTO_KDC_RESPONSE(c, len, raddr) \ TRACE(c, "Received answer ({int} bytes) from {raddr}", len, raddr) -#define TRACE_SENDTO_KDC_HTTPS_SERVER_NAME_MISMATCH(c, hostname) \ - TRACE(c, "HTTPS certificate name mismatch: server certificate is " \ - "not for \"{str}\"", hostname) -#define TRACE_SENDTO_KDC_HTTPS_SERVER_NAME_MATCH(c, hostname) \ - TRACE(c, "HTTPS certificate name matched \"{str}\"", hostname) -#define TRACE_SENDTO_KDC_HTTPS_NO_REMOTE_CERTIFICATE(c) \ - TRACE(c, "HTTPS server certificate not received") -#define TRACE_SENDTO_KDC_HTTPS_PROXY_CERTIFICATE_ERROR(c, depth, \ - namelen, name, \ - err, errs) \ - TRACE(c, "HTTPS certificate error at {int} ({lenstr}): " \ - "{int} ({str})", depth, namelen, name, err, errs) -#define TRACE_SENDTO_KDC_HTTPS_ERROR_CONNECT(c, raddr) \ +#define TRACE_SENDTO_KDC_HTTPS_ERROR_CONNECT(c, raddr) \ TRACE(c, "HTTPS error connecting to {raddr}", raddr) -#define TRACE_SENDTO_KDC_HTTPS_ERROR_RECV(c, raddr, err) \ - TRACE(c, "HTTPS error receiving from {raddr}: {errno}", raddr, err) -#define TRACE_SENDTO_KDC_HTTPS_ERROR_SEND(c, raddr) \ +#define TRACE_SENDTO_KDC_HTTPS_ERROR_RECV(c, raddr) \ + TRACE(c, "HTTPS error receiving from {raddr}", raddr) +#define TRACE_SENDTO_KDC_HTTPS_ERROR_SEND(c, raddr) \ TRACE(c, "HTTPS error sending to {raddr}", raddr) #define TRACE_SENDTO_KDC_HTTPS_SEND(c, raddr) \ TRACE(c, "Sending HTTPS request to {raddr}", raddr) @@ -383,6 +371,19 @@ void krb5int_trace(krb5_context context, const char *fmt, ...); TRACE(c, "TGS reply didn't decode with subkey; trying session key " \ "({keyblock)}", keyblock) +#define TRACE_TLS_ERROR(c, errs) \ + TRACE(c, "TLS error: {str}", errs) +#define TRACE_TLS_NO_REMOTE_CERTIFICATE(c) \ + TRACE(c, "TLS server certificate not received") +#define TRACE_TLS_CERT_ERROR(c, depth, namelen, name, err, errs) \ + TRACE(c, "TLS certificate error at {int} ({lenstr}): {int} ({str})", \ + depth, namelen, name, err, errs) +#define TRACE_TLS_SERVER_NAME_MISMATCH(c, hostname) \ + TRACE(c, "TLS certificate name mismatch: server certificate is " \ + "not for \"{str}\"", hostname) +#define TRACE_TLS_SERVER_NAME_MATCH(c, hostname) \ + TRACE(c, "TLS certificate name matched \"{str}\"", hostname) + #define TRACE_TKT_CREDS(c, creds, cache) \ TRACE(c, "Getting credentials {creds} using ccache {ccache}", \ creds, cache) |