summaryrefslogtreecommitdiff
path: root/usr.sbin/smtpd/ssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr.sbin/smtpd/ssl.c')
-rw-r--r--usr.sbin/smtpd/ssl.c32
1 files changed, 22 insertions, 10 deletions
diff --git a/usr.sbin/smtpd/ssl.c b/usr.sbin/smtpd/ssl.c
index 5201f95320f..3ecf57b47c3 100644
--- a/usr.sbin/smtpd/ssl.c
+++ b/usr.sbin/smtpd/ssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.c,v 1.49 2012/10/14 14:26:31 halex Exp $ */
+/* $OpenBSD: ssl.c,v 1.50 2012/11/12 14:58:53 eric Exp $ */
/*
* Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -77,13 +77,13 @@ ssl_load_file(const char *name, off_t *len, mode_t perm)
if (fstat(fd, &st) != 0)
goto fail;
if (st.st_uid != 0) {
- log_info("%s: not owned by uid 0", name);
+ log_warnx("warn: %s: not owned by uid 0", name);
errno = EACCES;
goto fail;
}
if (st.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO) & ~perm) {
strmode(perm, mode);
- log_info("%s: insecure permissions: must be at most %s",
+ log_warnx("warn: %s: insecure permissions: must be at most %s",
name, &mode[1]);
errno = EACCES;
goto fail;
@@ -142,7 +142,7 @@ ssl_load_certfile(const char *name, uint8_t flags)
if (strlcpy(key.ssl_name, name, sizeof(key.ssl_name))
>= sizeof(key.ssl_name)) {
- log_warn("ssl_load_certfile: certificate name truncated");
+ log_warnx("warn: ssl_load_certfile: certificate name truncated");
return -1;
}
@@ -182,7 +182,7 @@ ssl_load_certfile(const char *name, uint8_t flags)
if (s->ssl_ca == NULL) {
if (errno == EACCES)
goto err;
- log_info("no CA found in %s", certfile);
+ log_warnx("warn: no CA found in %s", certfile);
}
if (! bsnprintf(certfile, sizeof(certfile),
@@ -193,8 +193,8 @@ ssl_load_certfile(const char *name, uint8_t flags)
if (s->ssl_dhparams == NULL) {
if (errno == EACCES)
goto err;
- log_info("no DH parameters found in %s", certfile);
- log_info("using built-in DH parameters");
+ log_info("info: No DH parameters found in %s: "
+ "using built-in parameters", certfile);
}
SPLAY_INSERT(ssltree, env->sc_ssl, s);
@@ -271,7 +271,7 @@ ssl_setup(struct listener *l)
ssl_set_ephemeral_key_exchange(l->ssl_ctx, dh);
DH_free(dh);
- log_debug("ssl_setup: ssl setup finished for listener: %p", l);
+ log_debug("debug: ssl_setup: ssl setup finished for listener: %p", l);
return;
err:
@@ -282,6 +282,18 @@ err:
return;
}
+const char *
+ssl_to_text(void *ssl) {
+ static char buf[256];
+
+ snprintf(buf, sizeof buf, "version=%s, cipher=%s, bits=%i",
+ SSL_get_cipher_version(ssl),
+ SSL_get_cipher_name(ssl),
+ SSL_get_cipher_bits(ssl, NULL));
+
+ return (buf);
+}
+
void
ssl_error(const char *where)
{
@@ -293,7 +305,7 @@ ssl_error(const char *where)
return;
for (; (code = ERR_get_error()) != 0 ;) {
ERR_error_string_n(code, errbuf, sizeof(errbuf));
- log_debug("SSL library error: %s: %s", where, errbuf);
+ log_debug("debug: SSL library error: %s: %s", where, errbuf);
}
}
@@ -381,7 +393,7 @@ ssl_smtp_init(void *ssl_ctx)
{
SSL *ssl;
- log_debug("session_start_ssl: switching to SSL");
+ log_debug("debug: session_start_ssl: switching to SSL");
if ((ssl = SSL_new(ssl_ctx)) == NULL)
goto err;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-27 18:55:30 +0000