[Spice-commits] 2 commits - server/reds.c

[Christophe Fergau]

 server/reds.c |   19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

New commits:
commit 15808ea7f5f1246e738b9fce064aeabe45851c0e
Author: Christophe Fergeau <cfergeau at redhat.com>
Date:   Thu Mar 1 19:10:04 2012 +0100

    server: more logging about certificates used
    
    This commit adds some log messages indicating which certificates
    could be loaded (or not).
    
    Fixes rhbz#787678

diff --git a/server/reds.c b/server/reds.c
index 3a98456..9d7521a 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -3086,7 +3086,9 @@ static void reds_init_ssl(void)
 
     /* Load our keys and certificates*/
     return_code = SSL_CTX_use_certificate_chain_file(reds->ctx, ssl_parameters.certs_file);
-    if (return_code != 1) {
+    if (return_code == 1) {
+        red_printf("Loaded certificates from %s", ssl_parameters.certs_file);
+    } else {
         red_error("Could not load certificates from %s", ssl_parameters.certs_file);
     }
 
@@ -3094,14 +3096,18 @@ static void reds_init_ssl(void)
 
     return_code = SSL_CTX_use_PrivateKey_file(reds->ctx, ssl_parameters.private_key_file,
                                               SSL_FILETYPE_PEM);
-    if (return_code != 1) {
+    if (return_code == 1) {
+        red_printf("Using private key from %s", ssl_parameters.private_key_file);
+    } else {
         red_error("Could not use private key file");
     }
 
     /* Load the CAs we trust*/
     return_code = SSL_CTX_load_verify_locations(reds->ctx, ssl_parameters.ca_certificate_file, 0);
-    if (return_code != 1) {
-        red_error("Could not use ca file");
+    if (return_code == 1) {
+        red_printf("Loaded CA certificates from %s", ssl_parameters.ca_certificate_file);
+    } else {
+        red_error("Could not use CA file %s", ssl_parameters.ca_certificate_file);
     }
 
 #if (OPENSSL_VERSION_NUMBER < 0x00905100L)
commit 8f8e73986ba051e1fb10f4d73ef3f0445b399186
Author: Christophe Fergeau <cfergeau at redhat.com>
Date:   Thu Mar 1 18:46:24 2012 +0100

    Add log for invalid/expired tickets
    
    Currently, when a ticket has already expired, or is invalid, there is
    no qemu log to tell what went wrong. This commit adds such a log.
    
    Fixes rhbz#787669

diff --git a/server/reds.c b/server/reds.c
index 797d9d5..3a98456 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -1860,6 +1860,11 @@ static void reds_handle_ticket(void *opaque)
         }
 
         if (expired || strncmp(password, taTicket.password, SPICE_MAX_PASSWORD_LENGTH) != 0) {
+            if (expired) {
+                red_printf("Ticket has expired");
+            } else {
+                red_printf("Invalid password");
+            }
             reds_send_link_result(link, SPICE_LINK_ERR_PERMISSION_DENIED);
             reds_link_free(link);
             return;