[Libreoffice-commits] core.git: 2 commits - vcl/source

Tor Lillqvist tml at collabora.com
Thu Feb 19 16:18:50 PST 2015


 vcl/source/gdi/pdfwriter_impl.cxx |  350 +++++++++++++++++++++++++++++++++-----
 1 file changed, 305 insertions(+), 45 deletions(-)

New commits:
commit 3cc45e97dd9189b4c76747fce8925bfe48fac70a
Author: Tor Lillqvist <tml at collabora.com>
Date:   Fri Feb 20 02:01:09 2015 +0200

    tdf#84881: Work in progress: Decode the TimeStampResp
    
    OMG, it is really horrible to use the NSS SEC_ASN1DecodeItem() API. Figuring
    out how to set up the SEC_ASN1Template data structure for decoding
    TimeStampResp was much harder than setting up the template for encoding a
    TimeStampReq. Luckily I don't actually need to look into the timeStampToken,
    but can copy that as such into the CMS as an unsigned attribute.
    
    I'll cheerfully ignore for now RFC3161's requirements on how the TSA client
    should check the validity of the response. Let's leave that up to the PDF
    viewing (and validating) application.
    
    Also improve the SAL_INFO logging, use a timeout for the curl operation, add
    more ASN.1 in comments for information, etc.
    
    Still to do: Actually add the TimeStampResp to the NSSCMSSignerInfo.
    
    Change-Id: Id4f800e2cf12a01106b326a31c34eb99f2aa724e

diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx
index b3ef313..f95bf02 100644
--- a/vcl/source/gdi/pdfwriter_impl.cxx
+++ b/vcl/source/gdi/pdfwriter_impl.cxx
@@ -6042,6 +6042,9 @@ public:
     HASHContext *get() { return mpPtr; }
 };
 
+// ASN.1 used in the (much simpler) time stamp request. From RFC3161
+// and other sources.
+
 /*
 AlgorithmIdentifier  ::=  SEQUENCE  {
      algorithm  OBJECT IDENTIFIER,
@@ -6078,19 +6081,6 @@ Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
 */
 
 /*
-Accuracy ::= SEQUENCE {
-    seconds     INTEGER          OPTIONAL,
-    millis  [0] INTEGER (1..999) OPTIONAL,
-    micros  [1] INTEGER (1..999) OPTIONAL  }
-*/
-
-typedef struct {
-    SECItem seconds;
-    SECItem millis;
-    SECItem micros;
-} Accuracy;
-
-/*
 TSAPolicyId ::= OBJECT IDENTIFIER
 
 TimeStampReq ::= SEQUENCE  {
@@ -6103,6 +6093,7 @@ TimeStampReq ::= SEQUENCE  {
     certReq            BOOLEAN             DEFAULT FALSE,
     extensions     [0] IMPLICIT Extensions OPTIONAL  }
 */
+
 typedef struct {
     SECItem version;
     MessageImprint messageImprint;
@@ -6112,9 +6103,167 @@ typedef struct {
     Extension *extensions;
 } TimeStampReq;
 
+// (Partial) ASN.1 for the time stamp responce. Very complicated. Pulled
+// together from varuous RFCs.
+
+/*
+Accuracy ::= SEQUENCE {
+    seconds     INTEGER          OPTIONAL,
+    millis  [0] INTEGER (1..999) OPTIONAL,
+    micros  [1] INTEGER (1..999) OPTIONAL  }
+
+PKIStatus ::= INTEGER {
+    granted                (0),
+    -- when the PKIStatus contains the value zero a TimeStampToken, as requested, is present.
+    grantedWithMods        (1),
+     -- when the PKIStatus contains the value one a TimeStampToken, with modifications, is present.
+    rejection              (2),
+    waiting                (3),
+    revocationWarning      (4),
+     -- this message contains a warning that a revocation is
+     -- imminent
+    revocationNotification (5)
+     -- notification that a revocation has occurred
+}
+
+PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
+    -- text encoded as UTF-8 String [RFC3629] (note: each
+    -- UTF8String MAY include an [RFC3066] language tag
+    -- to indicate the language of the contained text
+    -- see [RFC2482] for details)
+
+PKIFailureInfo ::= BIT STRING {
+    badAlg               (0),
+      -- unrecognized or unsupported Algorithm Identifier
+    badRequest           (2),
+      -- transaction not permitted or supported
+    badDataFormat        (5),
+      -- the data submitted has the wrong format
+    timeNotAvailable    (14),
+      -- the TSA's time source is not available
+    unacceptedPolicy    (15),
+      -- the requested TSA policy is not supported by the TSA.
+    unacceptedExtension (16),
+      -- the requested extension is not supported by the TSA.
+    addInfoNotAvailable (17),
+      -- the additional information requested could not be understood
+      -- or is not available
+    systemFailure       (25)
+      -- the request cannot be handled due to system failure
+}
+
+PKIStatusInfo ::= SEQUENCE {
+    status       PKIStatus,
+    statusString PKIFreeText    OPTIONAL,
+    failInfo     PKIFailureInfo OPTIONAL  }
+
+ContentType ::= OBJECT IDENTIFIER
+
+ContentInfo ::= SEQUENCE {
+    contentType     ContentType,
+    content     [0] EXPLICIT ANY DEFINED BY contentType }
+
+CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) }
+
+DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+
+DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
+
+ContentType ::= OBJECT IDENTIFIER
+
+EncapsulatedContentInfo ::= SEQUENCE {
+    eContentType     ContentType,
+    eContent     [0] EXPLICIT OCTET STRING OPTIONAL }
+
+OtherCertificateFormat ::= SEQUENCE {
+    otherCertFormat OBJECT IDENTIFIER,
+    otherCert       ANY DEFINED BY otherCertFormat }
+
+CertificateChoices ::= CHOICE {
+    certificate             Certificate,
+    extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete
+    v1AttrCert          [1] IMPLICIT AttributeCertificateV1,       -- Obsolete
+    v2AttrCert          [2] IMPLICIT AttributeCertificateV2,
+    other               [3] IMPLICIT OtherCertificateFormat }
+
+CertificateSet ::= SET OF CertificateChoices
+
+CertificateList  ::=  SEQUENCE  {
+    tbsCertList        TBSCertList,
+    signatureAlgorithm AlgorithmIdentifier,
+    signatureValue     BIT STRING  }
+
+TBSCertList  ::=  SEQUENCE  {
+    version                 Version OPTIONAL,
+                                  -- if present, MUST be v2
+    signature               AlgorithmIdentifier,
+    issuer                  Name,
+    thisUpdate              Time,
+    nextUpdate              Time OPTIONAL,
+    revokedCertificates     SEQUENCE OF SEQUENCE  {
+        userCertificate         CertificateSerialNumber,
+        revocationDate          Time,
+        crlEntryExtensions      Extensions OPTIONAL
+                                   -- if present, version MUST be v2
+                            }  OPTIONAL,
+    crlExtensions       [0] EXPLICIT Extensions OPTIONAL
+                                   -- if present, version MUST be v2
+                            }
+
+OtherRevocationInfoFormat ::= SEQUENCE {
+  otherRevInfoFormat OBJECT IDENTIFIER,
+  otherRevInfo ANY DEFINED BY otherRevInfoFormat }
+
+RevocationInfoChoice ::= CHOICE {
+    crl       CertificateList,
+    other [1] IMPLICIT OtherRevocationInfoFormat }
+
+RevocationInfoChoices ::= SET OF RevocationInfoChoice
+
+SignerInfos ::= SET OF SignerInfo
+
+SignedData ::= SEQUENCE {
+    version                       CMSVersion,
+    digestAlgorithms              DigestAlgorithmIdentifiers,
+    encapContentInfo              EncapsulatedContentInfo,
+    certificates     [0] IMPLICIT CertificateSet              OPTIONAL,
+    crls             [1] IMPLICIT RevocationInfoChoices       OPTIONAL,
+    signerInfos                   SignerInfos }
+
+TimeStampToken ::= ContentInfo
+    -- contentType is id-signedData as defined in [CMS]
+    -- content is SignedData as defined in([CMS])
+    -- eContentType within SignedData is id-ct-TSTInfo
+    -- eContent within SignedData is TSTInfo
+
+TSTInfo ::= SEQUENCE  {
+    version            INTEGER  { v1(1) },
+    policy             TSAPolicyId,
+    messageImprint     MessageImprint,
+      -- MUST have the same value as the similar field in
+      -- TimeStampReq
+    serialNumber       INTEGER,
+     -- Time-Stamping users MUST be ready to accommodate integers
+     -- up to 160 bits.
+    genTime            GeneralizedTime,
+    accuracy           Accuracy            OPTIONAL,
+    ordering           BOOLEAN             DEFAULT FALSE,
+    nonce              INTEGER             OPTIONAL,
+      -- MUST be present if the similar field was present
+      -- in TimeStampReq.  In that case it MUST have the same value.
+    tsa            [0] GeneralName         OPTIONAL,
+    extensions     [1] IMPLICIT Extensions OPTIONAL   }
+
+TimeStampResp ::= SEQUENCE  {
+     status         PKIStatusInfo,
+     timeStampToken TimeStampToken OPTIONAL  }
+*/
+
 SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
 SEC_ASN1_MKSUB(MessageImprint_Template)
 SEC_ASN1_MKSUB(Extensions_Template)
+SEC_ASN1_MKSUB(PKIStatusInfo_Template)
+SEC_ASN1_MKSUB(Any_Template)
 
 const SEC_ASN1Template MessageImprint_Template[] =
 {
@@ -6138,7 +6287,58 @@ const SEC_ASN1Template Extensions_Template[] =
     { SEC_ASN1_SEQUENCE_OF, 0, Extension_Template, 0 }
 };
 
-/* "will be used eventually" says tml
+const SEC_ASN1Template TimeStampReq_Template[] =
+{
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(TimeStampReq) },
+    { SEC_ASN1_INTEGER, offsetof(TimeStampReq, version), 0, 0 },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(TimeStampReq, messageImprint), SEC_ASN1_SUB(MessageImprint_Template), 0 },
+    { SEC_ASN1_OBJECT_ID | SEC_ASN1_OPTIONAL, offsetof(TimeStampReq, reqPolicy), 0, 0 },
+    { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL, offsetof(TimeStampReq, nonce), 0, 0 },
+    { SEC_ASN1_BOOLEAN | SEC_ASN1_OPTIONAL, offsetof(TimeStampReq, certReq), 0, 0 },
+    { SEC_ASN1_XTRN | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 0, offsetof(TimeStampReq, extensions), SEC_ASN1_SUB(Extensions_Template), 0 },
+    { 0, 0, 0, 0 }
+};
+
+typedef struct {
+    SECItem status;
+    SECItem statusString;
+    SECItem failInfo;
+} PKIStatusInfo;
+
+const SEC_ASN1Template PKIStatusInfo_Template[] =
+{
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PKIStatusInfo) },
+    { SEC_ASN1_INTEGER, offsetof(PKIStatusInfo, status), 0, 0 },
+    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_SEQUENCE | SEC_ASN1_OPTIONAL, offsetof(PKIStatusInfo, statusString), 0, 0 },
+    { SEC_ASN1_BIT_STRING | SEC_ASN1_OPTIONAL, offsetof(PKIStatusInfo, failInfo), 0, 0 },
+    { 0, 0, 0, 0 }
+};
+
+const SEC_ASN1Template Any_Template[] =
+{
+    { SEC_ASN1_ANY, 0, NULL, sizeof(SECItem) }
+};
+
+typedef struct {
+    PKIStatusInfo status;
+    SECItem timeStampToken;
+} TimeStampResp;
+
+const SEC_ASN1Template TimeStampResp_Template[] =
+{
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(TimeStampResp) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(TimeStampResp, status), SEC_ASN1_SUB(PKIStatusInfo_Template), 0 },
+    { SEC_ASN1_ANY | SEC_ASN1_OPTIONAL, offsetof(TimeStampResp, timeStampToken), SEC_ASN1_SUB(Any_Template), 0 },
+    { 0, 0, 0, 0 }
+};
+
+/* Will see if these are needed or not
+typedef struct {
+    SECItem seconds;
+    SECItem millis;
+    SECItem micros;
+} Accuracy;
+
 const SEC_ASN1Template Integer_Template[] =
 {
     { SEC_ASN1_INTEGER, 0, NULL, sizeof(SECItem) }
@@ -6154,18 +6354,6 @@ const SEC_ASN1Template Accuracy_Template[] =
 };
 */
 
-const SEC_ASN1Template TimeStampReq_Template[] =
-{
-    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(TimeStampReq) },
-    { SEC_ASN1_INTEGER, offsetof(TimeStampReq, version), 0, 0 },
-    { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(TimeStampReq, messageImprint), SEC_ASN1_SUB(MessageImprint_Template), 0 },
-    { SEC_ASN1_OBJECT_ID | SEC_ASN1_OPTIONAL, offsetof(TimeStampReq, reqPolicy), 0, 0 },
-    { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL, offsetof(TimeStampReq, nonce), 0, 0 },
-    { SEC_ASN1_BOOLEAN | SEC_ASN1_OPTIONAL, offsetof(TimeStampReq, certReq), 0, 0 },
-    { SEC_ASN1_XTRN | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 0, offsetof(TimeStampReq, extensions), SEC_ASN1_SUB(Extensions_Template), 0 },
-    { 0, 0, 0, 0 }
-};
-
 size_t AppendToBuffer(char *ptr, size_t size, size_t nmemb, void *userdata)
 {
     OStringBuffer *pBuffer = reinterpret_cast<OStringBuffer*>(userdata);
@@ -6174,6 +6362,41 @@ size_t AppendToBuffer(char *ptr, size_t size, size_t nmemb, void *userdata)
     return size*nmemb;
 }
 
+OUString PKIStatusToString(int n)
+{
+    switch (n)
+    {
+    case 0: return OUString("granted");
+    case 1: return OUString("grantedWithMods");
+    case 2: return OUString("rejection");
+    case 3: return OUString("waiting");
+    case 4: return OUString("revocationWarning");
+    case 5: return OUString("revocationNotification");
+    default: return "unknown (" + OUString::number(n) + ")";
+    }
+}
+
+OUString PKIStatusInfoToString(const PKIStatusInfo& rStatusInfo)
+{
+    OUString result;
+
+    result += "{status=";
+    if (rStatusInfo.status.len == 1)
+        result += PKIStatusToString(rStatusInfo.status.data[0]);
+    else
+        result += "unknown (len=" + OUString::number(rStatusInfo.status.len);
+    if (rStatusInfo.statusString.data != NULL)
+        result += ",statusString='" +
+            OUString::fromUtf8(OString(reinterpret_cast<const sal_Char*>(rStatusInfo.statusString.data), rStatusInfo.statusString.len)) +
+            "'";
+
+    // FIXME: Worth it to decode failInfo to cleartext, probably not at least as long as this is only for a SAL_INFO
+
+    result += "}";
+
+    return result;
+}
+
 #if 0
 {
 #endif
@@ -6370,7 +6593,7 @@ bool PDFWriterImpl::finalizeSignature()
             return false;
         }
 
-        SAL_INFO("vcl.pdfwriter", "request  len=" << (timestamp_request ? timestamp_request->len : -1));
+        SAL_INFO("vcl.pdfwriter", "request length=" << timestamp_request->len);
 
 #ifdef DBG_UTIL
         {
@@ -6393,7 +6616,7 @@ bool PDFWriterImpl::finalizeSignature()
             return false;
         }
 
-        SAL_INFO("vcl.pdfwriter", "Setting curl to verbose: " << (curl_easy_setopt(curl, CURLOPT_VERBOSE, 1) == CURLE_OK ? "OK" : "FAIL"));
+        SAL_INFO("vcl.pdfwriter", "Setting curl to verbose: " << (curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L) == CURLE_OK ? "OK" : "FAIL"));
 
         if ((rc = curl_easy_setopt(curl, CURLOPT_URL, OUStringToOString(m_aContext.SignTSA, RTL_TEXTENCODING_UTF8).getStr())) != CURLE_OK)
         {
@@ -6415,7 +6638,7 @@ bool PDFWriterImpl::finalizeSignature()
             return false;
         }
 
-        if ((rc = curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, timestamp_request->len)) != CURLE_OK ||
+        if ((rc = curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, static_cast<long>(timestamp_request->len))) != CURLE_OK ||
             (rc = curl_easy_setopt(curl, CURLOPT_POSTFIELDS, timestamp_request->data)) != CURLE_OK)
         {
             SAL_WARN("vcl.pdfwriter", "PDF signing: curl_easy_setopt(CURLOPT_POSTFIELDSIZE or CURLOPT_POSTFIELDS) failed: " << curl_easy_strerror(rc));
@@ -6424,9 +6647,9 @@ bool PDFWriterImpl::finalizeSignature()
             return false;
         }
 
-        OStringBuffer reply_buffer;
+        OStringBuffer response_buffer;
 
-        if ((rc = curl_easy_setopt(curl, CURLOPT_WRITEDATA, &reply_buffer)) != CURLE_OK ||
+        if ((rc = curl_easy_setopt(curl, CURLOPT_WRITEDATA, &response_buffer)) != CURLE_OK ||
             (rc = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, AppendToBuffer)) != CURLE_OK)
         {
             SAL_WARN("vcl.pdfwriter", "PDF signing: curl_easy_setopt(CURLOPT_WRITEDATA or CURLOPT_WRITEFUNCTION) failed: " << curl_easy_strerror(rc));
@@ -6435,7 +6658,7 @@ bool PDFWriterImpl::finalizeSignature()
             return false;
         }
 
-        if ((rc = curl_easy_setopt(curl, CURLOPT_POST, 1)) != CURLE_OK)
+        if ((rc = curl_easy_setopt(curl, CURLOPT_POST, 1l)) != CURLE_OK)
         {
             SAL_WARN("vcl.pdfwriter", "PDF signing: curl_easy_setopt(CURLOPT_POST) failed: " << curl_easy_strerror(rc));
             curl_easy_cleanup(curl);
@@ -6452,6 +6675,16 @@ bool PDFWriterImpl::finalizeSignature()
             return false;
         }
 
+        // Use a ten second timeout
+        if ((rc = curl_easy_setopt(curl, CURLOPT_TIMEOUT, 10l)) != CURLE_OK ||
+            (rc = curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 10l)) != CURLE_OK)
+        {
+            SAL_WARN("vcl.pdfwriter", "PDF signing: curl_easy_setopt(CURLOPT_TIMEOUT or CURLOPT_CONNECTTIMEOUT) failed: " << curl_easy_strerror(rc));
+            curl_easy_cleanup(curl);
+            SECITEM_FreeItem(timestamp_request, PR_TRUE);
+            return false;
+        }
+
         if (curl_easy_perform(curl) != CURLE_OK)
         {
             SAL_WARN("vcl.pdfwriter", "PDF signing: curl_easy_perform failed: " << error_buffer);
@@ -6460,18 +6693,44 @@ bool PDFWriterImpl::finalizeSignature()
             return false;
         }
 
+        SAL_INFO("vcl.pdfwriter", "PDF signing: got response, length=" << response_buffer.getLength());
+
 #ifdef DBG_UTIL
         {
             FILE *out = fopen("PDFWRITER.reply.data", "wb");
-            fwrite(reply_buffer.getStr(), reply_buffer.getLength(), 1, out);
+            fwrite(response_buffer.getStr(), response_buffer.getLength(), 1, out);
             fclose(out);
         }
 #endif
 
         curl_slist_free_all(slist);
         curl_easy_cleanup(curl);
-
         SECITEM_FreeItem(timestamp_request, PR_TRUE);
+
+        TimeStampResp response;
+        memset(&response, 0, sizeof(response));
+
+        SECItem response_item;
+        response_item.type = siBuffer;
+        response_item.data = reinterpret_cast<unsigned char*>(const_cast<char*>(response_buffer.getStr()));
+        response_item.len = response_buffer.getLength();
+
+        if (SEC_ASN1DecodeItem(NULL, &response, TimeStampResp_Template, &response_item) != SECSuccess)
+        {
+            SAL_WARN("vcl.pdfwriter", "PDF signing: SEC_ASN1DecodeItem failed");
+            return false;
+        }
+
+        SAL_INFO("vcl.pdfwriter", "TimeStampResp received and decoded, status=" << PKIStatusInfoToString(response.status));
+#if 0
+        NSSCMSAttribute timestamp;
+        timestamp.type = ?
+        if (NSS_CMSSignerInfo_AddUnauthAttr(cms_signer, ) != SECSuccess)
+        {
+            SAL_WARN("vcl.pdfwriter", "PDF signing: can't include cert chain.");
+            return false;
+        }
+#endif
     }
 
     if (NSS_CMSSignerInfo_IncludeCerts(cms_signer, NSSCMSCM_CertChain, certUsageEmailSigner) != SECSuccess)
commit 4146b5c3fefcfce10ed6bc7e739408de8acafb92
Author: Tor Lillqvist <tml at collabora.com>
Date:   Thu Feb 19 18:22:59 2015 +0200

    Use curl_easy_strerror() for more information in SAL_WARN
    
    Change-Id: I633bd5d697321678d5c179161ac18bc5655246ec

diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx
index bb0c3f5..b3ef313 100644
--- a/vcl/source/gdi/pdfwriter_impl.cxx
+++ b/vcl/source/gdi/pdfwriter_impl.cxx
@@ -6383,6 +6383,7 @@ bool PDFWriterImpl::finalizeSignature()
         // Send time stamp request to TSA server, receive response
 
         CURL* curl = curl_easy_init();
+        CURLcode rc;
         struct curl_slist* slist = NULL;
 
         if (!curl)
@@ -6394,9 +6395,9 @@ bool PDFWriterImpl::finalizeSignature()
 
         SAL_INFO("vcl.pdfwriter", "Setting curl to verbose: " << (curl_easy_setopt(curl, CURLOPT_VERBOSE, 1) == CURLE_OK ? "OK" : "FAIL"));
 
-        if (curl_easy_setopt(curl, CURLOPT_URL, OUStringToOString(m_aContext.SignTSA, RTL_TEXTENCODING_UTF8).getStr()) != CURLE_OK)
+        if ((rc = curl_easy_setopt(curl, CURLOPT_URL, OUStringToOString(m_aContext.SignTSA, RTL_TEXTENCODING_UTF8).getStr())) != CURLE_OK)
         {
-            SAL_WARN("vcl.pdfwriter", "PDF signing: curl_easy_setopt(CURLOPT_URL) failed");
+            SAL_WARN("vcl.pdfwriter", "PDF signing: curl_easy_setopt(CURLOPT_URL) failed: " << curl_easy_strerror(rc));
             curl_easy_cleanup(curl);
             SECITEM_FreeItem(timestamp_request, PR_TRUE);
             return false;
@@ -6405,19 +6406,19 @@ bool PDFWriterImpl::finalizeSignature()
         slist = curl_slist_append(slist, "Content-Type: application/timestamp-query");
         slist = curl_slist_append(slist, "Accept: application/timestamp-reply");
 
-        if (curl_easy_setopt(curl, CURLOPT_HTTPHEADER, slist) != CURLE_OK)
+        if ((rc = curl_easy_setopt(curl, CURLOPT_HTTPHEADER, slist)) != CURLE_OK)
         {
-            SAL_WARN("vcl.pdfwriter", "PDF signing: curl_easy_setopt(CURLOPT_HTTPHEADER) failed");
+            SAL_WARN("vcl.pdfwriter", "PDF signing: curl_easy_setopt(CURLOPT_HTTPHEADER) failed: " << curl_easy_strerror(rc));
             curl_slist_free_all(slist);
             curl_easy_cleanup(curl);
             SECITEM_FreeItem(timestamp_request, PR_TRUE);
             return false;
         }
 
-        if (curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, timestamp_request->len) != CURLE_OK ||
-            curl_easy_setopt(curl, CURLOPT_POSTFIELDS, timestamp_request->data) != CURLE_OK)
+        if ((rc = curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, timestamp_request->len)) != CURLE_OK ||
+            (rc = curl_easy_setopt(curl, CURLOPT_POSTFIELDS, timestamp_request->data)) != CURLE_OK)
         {
-            SAL_WARN("vcl.pdfwriter", "PDF signing: curl_easy_setopt(CURLOPT_POSTFIELDSIZE or CURLOPT_POSTFIELDS) failed");
+            SAL_WARN("vcl.pdfwriter", "PDF signing: curl_easy_setopt(CURLOPT_POSTFIELDSIZE or CURLOPT_POSTFIELDS) failed: " << curl_easy_strerror(rc));
             curl_easy_cleanup(curl);
             SECITEM_FreeItem(timestamp_request, PR_TRUE);
             return false;
@@ -6425,27 +6426,27 @@ bool PDFWriterImpl::finalizeSignature()
 
         OStringBuffer reply_buffer;
 
-        if (curl_easy_setopt(curl, CURLOPT_WRITEDATA, &reply_buffer) != CURLE_OK ||
-            curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, AppendToBuffer) != CURLE_OK)
+        if ((rc = curl_easy_setopt(curl, CURLOPT_WRITEDATA, &reply_buffer)) != CURLE_OK ||
+            (rc = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, AppendToBuffer)) != CURLE_OK)
         {
-            SAL_WARN("vcl.pdfwriter", "PDF signing: curl_easy_setopt(CURLOPT_WRITEDATA or CURLOPT_WRITEFUNCTION) failed");
+            SAL_WARN("vcl.pdfwriter", "PDF signing: curl_easy_setopt(CURLOPT_WRITEDATA or CURLOPT_WRITEFUNCTION) failed: " << curl_easy_strerror(rc));
             curl_easy_cleanup(curl);
             SECITEM_FreeItem(timestamp_request, PR_TRUE);
             return false;
         }
 
-        if (curl_easy_setopt(curl, CURLOPT_POST, 1) != CURLE_OK)
+        if ((rc = curl_easy_setopt(curl, CURLOPT_POST, 1)) != CURLE_OK)
         {
-            SAL_WARN("vcl.pdfwriter", "PDF signing: curl_easy_setopt(CURLOPT_POST) failed");
+            SAL_WARN("vcl.pdfwriter", "PDF signing: curl_easy_setopt(CURLOPT_POST) failed: " << curl_easy_strerror(rc));
             curl_easy_cleanup(curl);
             SECITEM_FreeItem(timestamp_request, PR_TRUE);
             return false;
         }
 
         char error_buffer[CURL_ERROR_SIZE];
-        if (curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, error_buffer) != CURLE_OK)
+        if ((rc = curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, error_buffer)) != CURLE_OK)
         {
-            SAL_WARN("vcl.pdfwriter", "PDF signing: curl_easy_setopt(CURLOPT_ERRORBUFFER) failed");
+            SAL_WARN("vcl.pdfwriter", "PDF signing: curl_easy_setopt(CURLOPT_ERRORBUFFER) failed: " << curl_easy_strerror(rc));
             curl_easy_cleanup(curl);
             SECITEM_FreeItem(timestamp_request, PR_TRUE);
             return false;


More information about the Libreoffice-commits mailing list