void extra_debugging(const struct connection *c)
{
if (c == NULL) {
reset_debugging();
return;
}
if (c != NULL && c->extra_debugging != 0) {
libreswan_log("extra debugging enabled for connection: %s",
bitnamesof(debug_bit_names, c->extra_debugging &
~cur_debugging));
set_debugging(cur_debugging | c->extra_debugging);
}
/*
* if any debugging is no, make sure that we log the connection
* we are processing, because it may not be clear in later debugging.
*/
if (cur_debugging) {
char b1[CONN_INST_BUF];
fmt_conn_instance(c, b1);
DBG_log("processing connection %s%s",
c->name, b1);
}
}
/*
* delete all states that were created for a given connection,
* additionally delete any states for which func(st, arg)
* returns true.
*/
static void
foreach_states_by_connection_func(struct connection *c
, bool (*comparefunc)(struct state *st, struct connection *c, void *arg, int pass)
, void (*successfunc)(struct state *st, struct connection *c, void *arg)
, void *arg)
{
int pass;
/* this kludge avoids an n^2 algorithm */
/* We take two passes so that we delete any ISAKMP SAs last.
* This allows Delete Notifications to be sent.
* ?? We could probably double the performance by caching any
* ISAKMP SA states found in the first pass, avoiding a second.
*/
for (pass = 0; pass != 2; pass++)
{
int i;
/* For each hash chain... */
for (i = 0; i < STATE_TABLE_SIZE; i++)
{
struct state *st;
/* For each state in the hash chain... */
for (st = statetable[i]; st != NULL; )
{
struct state *this = st;
st = st->st_hashchain_next; /* before this is deleted */
/* on pass 2, ignore phase2 states */
if(pass == 1 && IS_ISAKMP_SA_ESTABLISHED(this->st_state)) {
continue;
}
/* call comparison function */
if ((*comparefunc)(this, c, arg, pass))
{
struct state *old_cur_state
= cur_state == this? NULL : cur_state;
#ifdef DEBUG
lset_t old_cur_debugging = cur_debugging;
#endif
set_cur_state(this);
(*successfunc)(this, c, arg);
cur_state = old_cur_state;
#ifdef DEBUG
set_debugging(old_cur_debugging);
#endif
}
}
}
}
}
void extra_debugging(const struct connection *c) {
set_debugging(cur_debugging | c->extra_debugging);
}
main(int argc, char *argv[])
{
int i;
chunk_t blob, crl_uri;
err_t e;
cert_t cacert,t1;
time_t until;
/* sadly, this is actually too late */
EF_DISABLE_BANNER = 1;
progname = argv[0];
leak_detective=1;
tool_init_log();
load_oswcrypto();
set_debugging(DBG_X509|DBG_PARSING|DBG_CONTROL);
until =1421896274;
set_fake_x509_time(until); /* Wed Jan 21 22:11:14 2015 */
#ifdef HAVE_LIBNSS
{
SECStatus nss_init_status= NSS_InitReadWrite("nss.d");
if (nss_init_status != SECSuccess) {
fprintf(stderr, "NSS initialization failed (err %d)\n", PR_GetError());
exit(10);
} else {
printf("NSS Initialized\n");
PK11_SetPasswordFunc(getNSSPassword);
}
}
#endif
if(argc < 3) {
fprintf(stderr, "Usage: nsscert CAcertfile.pem cert1.pem cert2.pem...\n");
exit(5);
}
/* skip argv0 */
argc--;
argv++;
/* load CAcert */
if(!load_cert(CERT_NONE, argv[0], TRUE, "cacert", &cacert)) {
printf("could not load CA cert file: %s\n", argv[0]);
exit(1);
}
add_authcert(cacert.u.x509, AUTH_CA);
argc--;
argv++;
while(argc-- > 0) {
char *file = *argv++;
/* load target cert */
if(!load_cert(CERT_NONE, file, TRUE, "test1", &t1)) {
printf("could not load cert file: %s\n", file);
exit(1);
}
until += 86400;
if(verify_x509cert(t1.u.x509, FALSE, &until) == FALSE) {
printf("verify x509 failed\n");
exit(3);
}
printf("cert: %s is valid\n", file);
free_x509cert(t1.u.x509);
}
free_x509cert(cacert.u.x509);
report_leaks();
tool_close_log();
exit(0);
}
