trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mas...@apache.org
Subject [trafficserver] 01/02: Cleans up logging around OCSP
Date Wed, 04 Jul 2018 01:23:21 GMT
This is an automated email from the ASF dual-hosted git repository.

maskit pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit d5173946c2c66be31d78481b7a278e5a91034686
Author: Randall Meyer <randallmeyer@yahoo.com>
AuthorDate: Mon Jul 2 10:27:57 2018 -0700

    Cleans up logging around OCSP
---
 iocore/net/OCSPStapling.cc   |  4 ++--
 iocore/net/SSLUtils.cc       | 14 +++++++-------
 src/traffic_server/InkAPI.cc |  2 +-
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/iocore/net/OCSPStapling.cc b/iocore/net/OCSPStapling.cc
index 2793072..7f95137 100644
--- a/iocore/net/OCSPStapling.cc
+++ b/iocore/net/OCSPStapling.cc
@@ -185,13 +185,13 @@ ssl_stapling_init_cert(SSL_CTX *ctx, X509 *cert, const char *certname)
     cinf->uri = sk_OPENSSL_STRING_pop(aia);
   }
   if (!cinf->uri) {
-    Note("no responder URI for %s", certname);
+    Note("no OCSP responder URI for %s", certname);
   }
   if (aia) {
     X509_email_free(aia);
   }
 
-  Note("successfully initialized certinfo for %s into SSL_CTX: %p", certname, ctx);
+  Note("successfully initialized stapling for %s into SSL_CTX: %p", certname, ctx);
   return true;
 }
 
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index c6405ff..bc9641a 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1862,14 +1862,14 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config
*sslMu
 
 #ifdef HAVE_OPENSSL_OCSP_STAPLING
   if (SSLConfigParams::ssl_ocsp_enabled) {
-    Debug("ssl", "ssl ocsp stapling is enabled");
+    Debug("ssl", "SSL OCSP Stapling is enabled");
     SSL_CTX_set_tlsext_status_cb(ctx, ssl_callback_ocsp_stapling);
   } else {
-    Debug("ssl", "ssl ocsp stapling is disabled");
+    Debug("ssl", "SSL OCSP Stapling is disabled");
   }
 #else
   if (SSLConfigParams::ssl_ocsp_enabled) {
-    Warning("fail to enable ssl ocsp stapling, this openssl version does not support it");
+    Warning("failed to enable SSL OCSP Stapling; this version of OpenSSL does not support
it");
   }
 #endif /* HAVE_OPENSSL_OCSP_STAPLING */
 
@@ -1968,19 +1968,19 @@ ssl_store_ssl_context(const SSLConfigParams *params, SSLCertLookup
*lookup, cons
 
 #ifdef HAVE_OPENSSL_OCSP_STAPLING
   if (SSLConfigParams::ssl_ocsp_enabled) {
-    Debug("ssl", "ssl ocsp stapling is enabled");
+    Debug("ssl", "SSL OCSP Stapling is enabled");
     SSL_CTX_set_tlsext_status_cb(ctx, ssl_callback_ocsp_stapling);
     for (auto cert : cert_list) {
       if (!ssl_stapling_init_cert(ctx, cert, certname)) {
-        Warning("fail to configure SSL_CTX for OCSP Stapling info for certificate at %s",
(const char *)certname);
+        Warning("failed to configure SSL_CTX for OCSP Stapling info for certificate at %s",
(const char *)certname);
       }
     }
   } else {
-    Debug("ssl", "ssl ocsp stapling is disabled");
+    Debug("ssl", "SSL OCSP Stapling is disabled");
   }
 #else
   if (SSLConfigParams::ssl_ocsp_enabled) {
-    Warning("fail to enable ssl ocsp stapling, this openssl version does not support it");
+    Warning("failed to enable SSL OCSP Stapling; this version of OpenSSL does not support
it");
   }
 #endif /* HAVE_OPENSSL_OCSP_STAPLING */
 
diff --git a/src/traffic_server/InkAPI.cc b/src/traffic_server/InkAPI.cc
index b962561..8b656b1 100644
--- a/src/traffic_server/InkAPI.cc
+++ b/src/traffic_server/InkAPI.cc
@@ -9199,7 +9199,7 @@ TSSslServerContextCreate(TSSslX509 cert, const char *certname)
     if (ret && SSLConfigParams::ssl_ocsp_enabled && cert && certname)
{
       if (SSL_CTX_set_tlsext_status_cb(reinterpret_cast<SSL_CTX *>(ret), ssl_callback_ocsp_stapling))
{
         if (!ssl_stapling_init_cert(reinterpret_cast<SSL_CTX *>(ret), reinterpret_cast<X509
*>(cert), certname)) {
-          Warning("fail to configure SSL_CTX for OCSP Stapling info for certificate at %s",
(const char *)certname);
+          Warning("failed to configure SSL_CTX for OCSP Stapling info for certificate at
%s", (const char *)certname);
         }
       }
     }


Mime
View raw message