GnuTLS: Make debug prints clearer for cert/key parsing

Indicate more clearly when the parsing succeeds to avoid ending the
debug prints with various internal GnuTLS internal error messages even
when the parsing actually succeeded in the end.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2017-12-28 13:18:15 +02:00
parent 2d9ad634c8
commit 5791d2117c

View File

@ -425,6 +425,13 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
gnutls_strerror(ret));
return -1;
}
wpa_printf(MSG_DEBUG,
"GnuTLS: Successfully read CA cert '%s' in PEM format",
params->ca_cert);
} else {
wpa_printf(MSG_DEBUG,
"GnuTLS: Successfully read CA cert '%s' in DER format",
params->ca_cert);
}
} else if (params->ca_cert_blob) {
gnutls_datum_t ca;
@ -472,6 +479,9 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
}
if (params->client_cert && params->private_key) {
wpa_printf(MSG_DEBUG,
"GnuTLS: Try to parse client cert '%s' and key '%s' in DER format",
params->client_cert, params->private_key);
#if GNUTLS_VERSION_NUMBER >= 0x03010b
ret = gnutls_certificate_set_x509_key_file2(
conn->xcred, params->client_cert, params->private_key,
@ -483,8 +493,9 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
GNUTLS_X509_FMT_DER);
#endif
if (ret < 0) {
wpa_printf(MSG_DEBUG, "Failed to read client cert/key "
"in DER format: %s", gnutls_strerror(ret));
wpa_printf(MSG_DEBUG,
"GnuTLS: Failed to read client cert/key in DER format (%s) - try in PEM format",
gnutls_strerror(ret));
#if GNUTLS_VERSION_NUMBER >= 0x03010b
ret = gnutls_certificate_set_x509_key_file2(
conn->xcred, params->client_cert,
@ -501,11 +512,19 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
gnutls_strerror(ret));
return ret;
}
wpa_printf(MSG_DEBUG,
"GnuTLS: Successfully read client cert/key in PEM format");
} else {
wpa_printf(MSG_DEBUG,
"GnuTLS: Successfully read client cert/key in DER format");
}
} else if (params->private_key) {
int pkcs12_ok = 0;
#ifdef PKCS12_FUNCS
/* Try to load in PKCS#12 format */
wpa_printf(MSG_DEBUG,
"GnuTLS: Try to parse client cert/key '%s'in PKCS#12 DER format",
params->private_key);
ret = gnutls_certificate_set_x509_simple_pkcs12_file(
conn->xcred, params->private_key, GNUTLS_X509_FMT_DER,
params->private_key_passwd);