You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ma...@apache.org on 2018/07/04 01:23:21 UTC
[trafficserver] 01/02: Cleans up logging around OCSP
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit d5173946c2c66be31d78481b7a278e5a91034686
Author: Randall Meyer <ra...@yahoo.com>
AuthorDate: Mon Jul 2 10:27:57 2018 -0700
Cleans up logging around OCSP
---
iocore/net/OCSPStapling.cc | 4 ++--
iocore/net/SSLUtils.cc | 14 +++++++-------
src/traffic_server/InkAPI.cc | 2 +-
3 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/iocore/net/OCSPStapling.cc b/iocore/net/OCSPStapling.cc
index 2793072..7f95137 100644
--- a/iocore/net/OCSPStapling.cc
+++ b/iocore/net/OCSPStapling.cc
@@ -185,13 +185,13 @@ ssl_stapling_init_cert(SSL_CTX *ctx, X509 *cert, const char *certname)
cinf->uri = sk_OPENSSL_STRING_pop(aia);
}
if (!cinf->uri) {
- Note("no responder URI for %s", certname);
+ Note("no OCSP responder URI for %s", certname);
}
if (aia) {
X509_email_free(aia);
}
- Note("successfully initialized certinfo for %s into SSL_CTX: %p", certname, ctx);
+ Note("successfully initialized stapling for %s into SSL_CTX: %p", certname, ctx);
return true;
}
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index c6405ff..bc9641a 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1862,14 +1862,14 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config *sslMu
#ifdef HAVE_OPENSSL_OCSP_STAPLING
if (SSLConfigParams::ssl_ocsp_enabled) {
- Debug("ssl", "ssl ocsp stapling is enabled");
+ Debug("ssl", "SSL OCSP Stapling is enabled");
SSL_CTX_set_tlsext_status_cb(ctx, ssl_callback_ocsp_stapling);
} else {
- Debug("ssl", "ssl ocsp stapling is disabled");
+ Debug("ssl", "SSL OCSP Stapling is disabled");
}
#else
if (SSLConfigParams::ssl_ocsp_enabled) {
- Warning("fail to enable ssl ocsp stapling, this openssl version does not support it");
+ Warning("failed to enable SSL OCSP Stapling; this version of OpenSSL does not support it");
}
#endif /* HAVE_OPENSSL_OCSP_STAPLING */
@@ -1968,19 +1968,19 @@ ssl_store_ssl_context(const SSLConfigParams *params, SSLCertLookup *lookup, cons
#ifdef HAVE_OPENSSL_OCSP_STAPLING
if (SSLConfigParams::ssl_ocsp_enabled) {
- Debug("ssl", "ssl ocsp stapling is enabled");
+ Debug("ssl", "SSL OCSP Stapling is enabled");
SSL_CTX_set_tlsext_status_cb(ctx, ssl_callback_ocsp_stapling);
for (auto cert : cert_list) {
if (!ssl_stapling_init_cert(ctx, cert, certname)) {
- Warning("fail to configure SSL_CTX for OCSP Stapling info for certificate at %s", (const char *)certname);
+ Warning("failed to configure SSL_CTX for OCSP Stapling info for certificate at %s", (const char *)certname);
}
}
} else {
- Debug("ssl", "ssl ocsp stapling is disabled");
+ Debug("ssl", "SSL OCSP Stapling is disabled");
}
#else
if (SSLConfigParams::ssl_ocsp_enabled) {
- Warning("fail to enable ssl ocsp stapling, this openssl version does not support it");
+ Warning("failed to enable SSL OCSP Stapling; this version of OpenSSL does not support it");
}
#endif /* HAVE_OPENSSL_OCSP_STAPLING */
diff --git a/src/traffic_server/InkAPI.cc b/src/traffic_server/InkAPI.cc
index b962561..8b656b1 100644
--- a/src/traffic_server/InkAPI.cc
+++ b/src/traffic_server/InkAPI.cc
@@ -9199,7 +9199,7 @@ TSSslServerContextCreate(TSSslX509 cert, const char *certname)
if (ret && SSLConfigParams::ssl_ocsp_enabled && cert && certname) {
if (SSL_CTX_set_tlsext_status_cb(reinterpret_cast<SSL_CTX *>(ret), ssl_callback_ocsp_stapling)) {
if (!ssl_stapling_init_cert(reinterpret_cast<SSL_CTX *>(ret), reinterpret_cast<X509 *>(cert), certname)) {
- Warning("fail to configure SSL_CTX for OCSP Stapling info for certificate at %s", (const char *)certname);
+ Warning("failed to configure SSL_CTX for OCSP Stapling info for certificate at %s", (const char *)certname);
}
}
}